Tags
AeroGear Arquillian Bean Validation Byteman CDI Ceylon Commonhaus Community Develocity Discussions Eclipse Elasticsearch Events GitHub HANA Hibernate Data Repositories Hibernate OGM Hibernate ORM Hibernate Reactive Hibernate Search Hibernate Shards Hibernate Validator Hiring Infinispan Interview JBoss AS JBoss Asylum JBoss Forge JBoss Tools JPA JSF JSR 352 Jakarta Data Jakarta EE Jakarta Persistence Java EE Lucene Newsletter Off topic Performance PicketLink Quarkus Releases Rich Faces Seam Security Supply Chain Weld WildFly asylum git minishift swarm
Authors
A few weeks ago, the GitHub Security Lab reported to the Hibernate team a vulnerability in GitHub Actions workflows used in some Hibernate projects, which could have (indirectly) impacted released artifacts.
Fortunately, that vulnerability wasn’t exploited and all Hibernate releases are perfectly safe.
However, considering the impact an exploit could have had, we thought it would be best to provide some transparency on what happened and how we made sure that Hibernate releases — past, present and future — are safe.
