<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Supply Chain Security on Cloudkaramchari</title><link>https://www.cloudkaramchari.com/tags/supply-chain-security/</link><description>Recent content in Supply Chain Security on Cloudkaramchari</description><generator>Hugo -- gohugo.io</generator><language>en</language><copyright>cloudkaramchari</copyright><lastBuildDate>Mon, 13 Jul 2026 18:00:00 +0530</lastBuildDate><atom:link href="https://www.cloudkaramchari.com/tags/supply-chain-security/index.xml" rel="self" type="application/rss+xml"/><item><title>GitHub Actions Checkout v7: Fixing the Pwn Request Vulnerability Before July 16</title><link>https://www.cloudkaramchari.com/blog/fix-pwn-request-vulnerability-github-actions-checkout-v7/</link><pubDate>Mon, 13 Jul 2026 18:00:00 +0530</pubDate><guid>https://www.cloudkaramchari.com/blog/fix-pwn-request-vulnerability-github-actions-checkout-v7/</guid><description>
&lt;h1 id="github-actions-checkout-v7-fixing-the-pwn-request-vulnerability-before-july-16">GitHub Actions Checkout v7: Fixing the Pwn Request Vulnerability Before July 16&lt;/h1>
&lt;p>If your CI pipeline uses &lt;code>pull_request_target&lt;/code> and checks out the pull request's head commit, &lt;code>actions/checkout@v7&lt;/code> will now refuse to do it. That's not a bug — it's GitHub closing one of the most common CI/CD attack patterns in the ecosystem, known as a &amp;quot;pwn request.&amp;quot; The change shipped June 18, 2026, and on &lt;strong>July 16, 2026&lt;/strong> the same enforcement gets backported to every currently supported major version of the action (v3 through v6), so pinning to an older tag won't save you for long.&lt;/p></description></item></channel></rss>