Skip to content

v10.0.0

Marketplace
Marketplace

Choose a tag to compare

View all tags
@github-actions github-actions released this 25 May 09:02
· 33 commits to main since this release
v10.0.0
d62706c

v10.0.0 (2025-05-25)

Bug Fixes

  • github-action: Resolve command injection vulnerability in action script (#56, 1863c50)

Build System

  • deps: Bump python-semantic-release from 9.21.1 to 10.0.0 (#59, 155d667)

Breaking Changes

  • github-action: The root_options action input parameter has been removed because it created a command injection vulnerability for arbitrary code to execute within the container context of the GitHub action if a command injection code was provided as part of the root_options parameter string. To eliminate the vulnerability, each relevant option that can be provided to semantic-release has been individually added as its own parameter and will be processed individually to prevent command injection. Please review our Github Actions Configuration page on the Python Semantic Release Documentation website to review the newly available configuration options that replace the root_options parameter.

Resolved Issues

  • #55: bug: command injection through GH action inputs

Detailed Changes: v9.21.1...v10.0.0

Assets 4
Loading