I’m guessing the Devs already know about this but i thought it might have been of interest…
Yes, we were made aware of the compromise and have been monitoring the situation. Additionally, we performed an independent audit of opendev packages that were incorporated into groovy in October looking for any sort of suspicious code changes, and discovered nothing of concern. We are also monitoring the progress of upstreams’ audits as well, which so far has not turned up anything.
Thanks for the heads up!
Thanks for letting us know it’s being looked at , good to know.