Mastodawn

🚨 #Composer 2.9.8 & 2.2.28 are out with an urgent security fix: #GitHub Actions GITHUB_TOKEN and GitHub App installation tokens were being leaked in plain text to CI job logs. If you run #Composer in #GitHubActions — update immediately.

🧵👇 #PHP #security

🔍 Root cause: Composer validates GitHub tokens against an allowed character set. When a token fails validation, the full token value was interpolated directly into the exception message — exposed on stderr and captured in CI logs.

Show thread

michabbb 2h ago

⏱️ Exposure window:
▪ GitHub-hosted runners: token valid up to 6h
▪ Self-hosted runners: GITHUB_TOKEN valid up to 24h
▪ GitHub App tokens via actions/create-github-app-token: up to 1h, but may carry broader permissions than the workflow's own declaration

🛠️ The fix in #Composer 2.9.8 / 2.2.28:
▪ Exception message no longer includes the rejected token value
▪ Validation regex now accepts -, matching GitHub's new token format

Luiz Santos 3h ago

Check out 'Prosperity' By Luiz Santos
Get it here-> https://luizsantos.com/track/1331830/prosperity
#jazz #drums #percussion #art #latinjazz #composer #brazilianjazz

Luiz Santos 6h ago

Get Creative Brazil Native Grooves! 'XOTE Groove Researches'
Get it here-> https://luizsantos.com/track/1331137/xote-groovin-researches
#jazz #drums #percussion #art #latinjazz #composer #brazilianjazz #Worldmusic

Reilly Spitzfaden (they/them)6h ago

I've been really enjoying working with Lilypond! Today I wrote about some more helpful ways to work with MIDI files in the terminal and quickly build Lilypond projects from Neovim:

https://reillyspitzfaden.com/posts/2026/05/neovim-lilypond-midi-files-terminal/

#Lilypond #Neovim #MIDI #Composer #ClassicalMusic #ContemporaryClassical #MaxMSP #ElectronicMusic

Neovim/Lilypond: MIDI Files in the Terminal and More

More useful tricks for composing with Lilypond in Neovim, including playing MIDI files into Max/MSP using the terminal

Patrick O'Beirne 7h ago

https://journalofmusic.com/reviews/no-small-occasion?utm_source=The+Journal+of+Music+in+Ireland+News

No Small Occasion
The Guinness Choir marked its 75th anniversary on 7 May. Brendan Finan reviews.

The main event of the concert was the premiere of The City of Our Dreaming, for which the choir commissioned words from Paula Meehan and music from Seán Doherty, with alto Leanne Fitzgerald as soloist.

Doherty’s writing is naturalistic and very suited to the voice. He has a gift for composing melodies that feel both simple and inevitable.
#Dublin #choir #choral #composer

github.com/ghostwriter 10h ago

🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!

⚠️ Update NOW or disable GitHub Actions immediately!

https://blog.packagist.com/composer-2-9-8-and-2-2-28-fix-github-actions-token-disclosure-in-error-messages/

#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate

Composer 2.9.8 and 2.2.28 fix GitHub Actions token disclosure in error messages

Please immediately update Composer to version 2.9.8 or 2.2.28 (LTS) by running composer.phar self-update. The new releases fix a vulnerability where Composer leaks the full contents of GitHub Actions issued GITHUB_TOKENs or GitHub App installation tokens to the GitHub Actions logs. GitHub introduced a

Private Packagist

Holland Albright ♫ 🌈11h ago

I imagined exploring some ancient tower ruins late at night in search of magical artifacts in this music. What do you think of while listening to this?

➣ Nightfall: https://youtu.be/Em_NrRiHiMc

#composer #originalcomposition #classicalmusic #music #composition #orchestra #piano #sheetmusic #fantasy #instrumental #dtm