ForgeRock
Team
forgerock
Sign in / Sign up
Open main menu
forgerock
GitHub
Overview
Runs
Analytics
Loading workspace stats
Loading workspace insights...
Statistics interval
7 days
30 days
Latest CI Pipeline Executions
Status
Fix filter
Filter
Fuzzy
Filter range
Sort by
Sort by
Start time
Sort ascending
Sort descending
Succeeded
580
168c7237 test(token-vault): remove unnecessary blob URL tests
5 hours ago
by ryanbas21
r
Succeeded
580
d319384f fix(token-vault): replace substring URL matching with strict equality Fixes a security vulnerability where evaluateUrlForInterception used .includes() for URL matching, allowing allow-list bypass via query parameter injection (e.g. https://evil.com?https://valid.com). Replaces .includes() with === for exact string comparison. Blob URLs now require explicit wildcard patterns (blob:https://origin/*). Also removes @forgerock/token-vault from changeset ignore list to enable re-release.
1 day ago
by ryanbas21
r
Previous page
Previous
Next
Next page