We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Hydra is a Continuous Integration service for Nix based projects. Evaluation of untrusted non-flake nix code could potentially access secrets that are accessible by the hydra user/group. This should not affect the signing keys, that are owned by the hydra-queue-runner and hydra-www users respectively.
Reserved 2025-04-08 | Published 2025-04-15 | Updated 2025-04-16 | Assigner GitHub_MCWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
github.com/.../hydra/security/advisories/GHSA-j7w7-965w-vjxw
github.com/NixOS/nixpkgs/pull/397919
github.com/...ommit/8d750265135b7e203520036a742afdf301b4013f
github.com/nix-community/nix-eval-jobs/releases/tag/v2.28.1
Support options