←  back to changelog
VS Code command palette

February 22, 2022

Making snapshots safer for sharing

Gitpod now restricts access to workspaces opened with snapshot URLs.

Users must have access to the git repository in the snapshot, in order to open it.

If a snapshot URL user does not have read access to the repo, Gitpod will now show an error message. Previously, any logged-in Gitpod user could open snapshot URLs for any workspace.

This change matches what happens when users open a new workspace on a private repository, using a prefixed context url. The change also helps to prevent leakage of sensitive or proprietary files via snapshots. To learn more about collaboration and sharing, please have a look at our documentation

Breaking change

This change may impact you if you are intentionally sharing a private repository using a snapshot, say for an interview.

Workarounds

  • Use a public repository instead of a private one.
  • Invite users to the private repository (or to the team on the org) as collaborators.
  • Share a running workspace instead of a snapshot URL.

Feedback

As always, please contact Gitpod if you have any feedback to share with us.

@jankeromnes's avatar on GitHub @csweichel's avatar on GitHub @geropl's avatar on GitHub @AlexTugarev's avatar on GitHub @JanKoehnlein's avatar on GitHub @jldec's avatar on GitHub