Fail rebuild for config files containing compromised github organisation (#278)

See https://meta.discourse.org/t/plugin-repository-hijacked/374703/6
2025-07-17 23:23:07 +01:00 · 2025-07-17 23:23:07 +01:00 · f5686257e7
parent ec799c49a7
commit f5686257e7
1 changed files with 7 additions and 0 deletions
--- a/lib/docker_manager/upgrader.rb
+++ b/lib/docker_manager/upgrader.rb
@ -27,6 +27,13 @@ class DockerManager::Upgrader

    clear_logs

+    if @repos.any? { |repo| repo.url.include?("github.com/discoursehosting/") }
+      log "ERROR: Detected a reference to a compromised github organization: github.com/discoursehosting/"
+      log "Please remove any references to this organization from your configuration file."
+      log "For more information, see https://meta.discourse.org/t/374703/6"
+      raise "Compromised organization detected"
+    end
+
    log("********************************************************")
    log("*** Please be patient, next steps might take a while ***")
    log("********************************************************")