mirror/docker-docs
1
0
Fork 0
mirror of https://github.com/docker/docs.git synced 2026-06-19 07:35:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
f90b2db3172ba57844acdfdb463985117c882fb9
docker-docs/.github
T
History
Lorena Rangel f90b2db317 Fix script injection in release notes PR trigger workflow (#24828) 
## Description

The `release-notes-pr-trigger` workflow was interpolating PR context
values
(`html_url`, `title`, `user.login`) directly into a shell heredoc. A
specially crafted PR title or author name could break out of the JSON
string
and execute arbitrary commands.

This change moves the GitHub context values into environment variables
and
uses `jq` to safely construct the JSON artifact, eliminating the
injection
vector.

## Related issues or tickets

None

## Reviews

- [x] Technical review

Signed-off-by: Lorena Rangel <lorena.rangel@docker.com>
2026-04-20 09:58:58 +01:00
..
agents
Clarify docs-scanner broken link rule to prevent 404s being filed as cross-reference issues
2026-04-08 15:36:42 +02:00
ISSUE_TEMPLATE
Desktop: update issue tracker links (#23976)
2026-01-19 11:08:38 +00:00
prompts
AI: freshness (#23190)
2025-08-05 13:38:35 +02:00
workflows
Fix script injection in release notes PR trigger workflow (#24828)
2026-04-20 09:58:58 +01:00
CODEOWNERS
chore: add @dvdksn to CODEOWNERS
2025-10-24 11:04:23 +02:00
dependabot.yml
chore: dependabot should ignore gomod dependencies
2026-01-27 15:27:09 +01:00
labeler.yml
ci(vale): only report warnings and errors (#23238)
2025-08-13 11:01:42 +02:00
pull_request_template.md
pr-template-tweak (#19518)
2024-02-28 08:36:13 +00:00