February 22, 2022
Making snapshots safer for sharing
Gitpod now restricts access to workspaces opened with snapshot URLs.
Users must have access to the git repository in the snapshot, in order to open it.
If a snapshot URL user does not have read access to the repo, Gitpod will now show an error message. Previously, any logged-in Gitpod user could open snapshot URLs for any workspace.
This change matches what happens when users open a new workspace on a private repository, using a prefixed context url. The change also helps to prevent leakage of sensitive or proprietary files via snapshots. To learn more about collaboration and sharing, please have a look at our documentation
This change may impact you if you are intentionally sharing a private repository using a snapshot, say for an interview.
- Use a public repository instead of a private one.
- Invite users to the private repository (or to the team on the org) as collaborators.
- Share a running workspace instead of a snapshot URL.
As always, please contact Gitpod if you have any feedback to share with us.