Skip to content

Commit 3ff8334

Browse files
author
Kevin Westphal
committed
chore(release): 1.49.0
1 parent d08edbb commit 3ff8334

11 files changed

+31
-31
lines changed

CHANGELOG.md

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,34 @@
11
# Changelog
22

3+
<a id='changelog-1.49.0'></a>
4+
5+
## 1.49.0 — 2026-03-31
6+
7+
### Removed
8+
9+
- Pre-receive hook on GitHub Enterprise Server v3.9 to v3.13 is no longer supported. v3.13 is EOL since [2025-06-19](https://docs.github.com/en/enterprise-server@3.13/admin/release-notes) and previous versions were discontinued earlier.
10+
11+
### Added
12+
13+
- Add `@file` support to `secret scan path` to load scan paths from a file.
14+
15+
- Add `ggshield secret scan ai-hook` command to scan AI coding tool hook payloads for secrets in real time.
16+
- Add new types `claude-code|cursor|copilot` to the `ggshield install` command to install hooks into AI coding tool configurations.
17+
18+
- Pre-receive hook can now be set up on GitHub Enterprise Server from v3.14 to higher.
19+
20+
- `api-status`: display the scopes of the current authentication token.
21+
22+
### Fixed
23+
24+
- `secret scan ci`: fetch the target branch before computing the MR/PR commit range. In CI environments with cached repos or shallow clones, a stale target branch ref could cause ggshield to scan unrelated commits, leading to excessive API calls and secrets reported in files not modified by the MR.
25+
26+
- `hmsl vault-scan`: fixed a hang when the HashiCorp Vault server is unresponsive; requests now time out after 30 seconds and network errors are reported with a clear message.
27+
28+
- Fixed a path traversal security issue in tar archives used for git-based scans; member names with absolute paths or `..` components are now sanitized.
29+
30+
- Fixed an issue where an invalid option for a `secret scan` subcommand could be silently treated as a request to run the default command, producing a confusing error instead of the expected usage error.
31+
332
<a id='changelog-1.48.0'></a>
433

534
## 1.48.0 — 2026-02-17

actions/secret/action.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ inputs:
1616

1717
runs:
1818
using: 'docker'
19-
image: 'docker://gitguardian/ggshield:v1.48.0'
19+
image: 'docker://gitguardian/ggshield:v1.49.0'
2020
entrypoint: '/app/docker/actions-secret-entrypoint.sh'
2121
args:
2222
- ${{ inputs.args }}

changelog.d/20260217_154914_alexandre.pasmantier_fix_excessive_ci_scans.md

Lines changed: 0 additions & 3 deletions
This file was deleted.

changelog.d/20260220_160104_severine.bonnechere_temp_changelog_rewrite.md

Lines changed: 0 additions & 3 deletions
This file was deleted.

changelog.d/20260220_160236_severine.bonnechere_temp_changelog_rewrite.md

Lines changed: 0 additions & 3 deletions
This file was deleted.

changelog.d/20260220_160249_severine.bonnechere_temp_changelog_rewrite.md

Lines changed: 0 additions & 3 deletions
This file was deleted.

changelog.d/20260304_080710_jeremy.long_enhance_path_scan.md

Lines changed: 0 additions & 3 deletions
This file was deleted.

changelog.d/20260304_173348_paul.petit.ext_cursor_claude_hooks.md

Lines changed: 0 additions & 4 deletions
This file was deleted.

changelog.d/20260306_151518_severine.bonnechere_scrt_6571_ghe_pre_receive_hook_scriptdocs_out_of_date.md

Lines changed: 0 additions & 7 deletions
This file was deleted.

changelog.d/20260326_000000_api_status_show_token_scopes.md

Lines changed: 0 additions & 3 deletions
This file was deleted.

0 commit comments

Comments
 (0)