Berlin-based continuous integration vendor Travis CI has patched a serious flaw that exposed signing keys, API credentials. Travis CI is coming under criticism for not describing the security issue in more detail. The vulnerability, which was discovered by Felix Lange, was reported to Travis CI on Sept. 7. Some 900,000 open-source projects were using Travis CI, according to an academic paper on continuous integration. The company has issued a security bulletin, but some are saying it’s insufficient given the gravity of the vulnerability.”]
Source: https://www.cuinfosecurity.com/travis-ci-flaw-exposed-secrets-from-public-repositories-a-17535