releases.shpreview

Authorization header no longer leaks to TUF mirrors in attestation commands

v2.93.0

May 27, 2026GitHub CLIView original ↗
1 feature3 fixesThis release1 featureNew capabilities3 fixesBug fixesAI-tallied from the release notes
From the original release noteView original ↗

Security

A security vulnerability has been identified, and fixed, that would incorrectly include authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands.

Users are advised to update gh to version v2.93.0 as soon as possible.

For more information see: https://github.com/cli/cli/security/advisories/GHSA-8xvp-7hj6-mcj9

Support agents in gh secret command set

The gh secret command set can now set agent secrets. For more information, see "Configuring secrets and variables for Copilot cloud agent".

What's Changed

✨ Features

🐛 Fixes

📚 Docs & Chores

:dependabot: Dependencies

New Contributors

Full Changelog: https://github.com/cli/cli/compare/v2.92.0...v2.93.0

Fetched May 27, 2026