“Note: This is not a code vulnerability, but a vulnerability in the GitHub Actions workflows. No new version is required for this GHSA and end users do not need to take any actions.”
I think its our local copies that might have issues if anything. If there is a threat at all, it would affect releases prior to the cve release not since then. Or yeah, if a possible attacker had gained access they may still have it, but its unlikely that would not have been caught.
deleted by creator
Hasn’t it already been patched? https://github.com/jellyfin/jellyfin-ios/security/advisories/GHSA-7qhm-2m45-7fmh
Furthermore, OPs post seems to link to the patch: https://github.com/jellyfin/jellyfin-ios/commit/109217e75f38394b2f6e46e25dfe5a721203d3c8
This doesn’t affect the code or jellyfin. Its a problem with how github does CI that needs to be fixed.
deleted by creator
@renegadespork @le_throosh
“Note: This is not a code vulnerability, but a vulnerability in the GitHub Actions workflows. No new version is required for this GHSA and end users do not need to take any actions.”
deleted by creator
I think its our local copies that might have issues if anything. If there is a threat at all, it would affect releases prior to the cve release not since then. Or yeah, if a possible attacker had gained access they may still have it, but its unlikely that would not have been caught.