Boost logo

Boost :

From: Andrey Semashev (andrey.semashev_at_[hidden])
Date: 2021-04-27 08:39:29


I found this in my news feed today:

The codecov-bash script that is used to upload codecov reports from CI
to was maliciously modified to collect sensitive information
and send to a third party server. Things like private keys, credentials,
auth tokens used in the CI might be compromised.

I'm not using codecov, and I have vague understanding how it works, but
I've seen it used in Boost libraries' CI. I don't know if they are
affected, this is an FYI to the maintainers.

Boost list run by bdawes at, gregod at, cpdaniel at, john at