GitHub bug briefly gave valid authenticated session cookies to wrong users

If you visit GitHub today you’ll be asked to authenticate anew because the code collaboration locker has squished a bug that sometimes “misrouted a user’s session to the browser of another authenticated user, giving them the valid and authenticated session cookie for another user.” GitHub disclosed the problem today, explain that it could only happen under “extremely rare circumstances” and “occurred in fewer than 0.001% of authenticated sessions on GitHub.com.” The service knows which users’ sessions were exposed by the flaw and says it has contacted them with guidance and additional information. Popular open-source library SDL moving development to GitHub despite ‘calamitous design choices’ in git Over long US weekend, GitHub HR boss quit after firing Jewish staffer who warned Nazis were at the Capitol Be careful where you log into GitHub:

Read full article on The Register