title

Security Incident Disclosure — Homebrew

Content-Security-Policy

default-src 'none'; connect-src https://D9HG3G8GS4-dsn.algolia.net; font-src data: https://fonts.gstatic.com; img-src 'self' https://avatars2.githubusercontent.com https://avatars.githubusercontent.com; object-src 'none'; script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net ; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net;

Content-Type

text/html; charset=utf-8

generator

Jekyll v3.10.0

author

reitermarkus

og:title

Security Incident Disclosure

og:locale

en_US

og:description

On 18th April 2021, a security researcher identified a vulnerability in our review-cask-pr GitHub Action used on the homebrew-cask and all homebrew-cask-* taps (non-default repositories) in the Homebrew organization and reported it on our HackerOne.

og:url

https://brew.sh/2021/04/21/security-incident-disclosure/

og:site_name

Homebrew

twitter:card

summary_large_image

twitter:site

@MacHomebrew

twitter:creator

@reitermarkus

alternate

https://brew.sh/atom.xml

apple-touch-icon

/assets/img/apple-touch-icon.png

canonical

https://brew.sh/2021/04/21/security-incident-disclosure/

icon

/assets/img/favicon.ico

icon

/assets/img/homebrew.svg