You can now toggle annotations on a diff view with the keyboard shortcut a
. Learn more about using keyboard shortcuts on GitHub.
Attaching files to markdown files
You can now attach files, including images, to markdown files while you're editing them in the web. This works just like file attachments in issues and pull requests and supports the same file types. Just drag and drag, click and select, or paste.
Note: If you add an image to a markdown file, anyone can view the anonymized image URL without authentication, even if the markdown file is in a private repository. To keep images private, serve them from a private network or server that requires authentication. For more information on anonymized URLs see "About anonymized image URLs".
We changed the REST API authorization logic for maintainer fork collaborators to address an improper write access control bug identified by an independent bug bounty researcher. Under certain circumstances, this bug could have allowed unauthorized commits to be merged without further review or validation. This change impacts the following:
- Prior to December 2020, any forkable repository.
- After December 2020, only forkable repositories which are themselves forks of other repositories.
At this time there is no evidence to suggest that this bug was exploited to compromise GitHub.
GitHub recommends the use of branch protections for important branches. The use of branch protections, such as required pull request reviews or status checks, where it was enforced prevented unauthorized commits from being merged without further review or validation.
Learn more about branch protection settings
If you have additional questions please contact us