Hi —
Automated security scan flagged what appears to be a database connection string with embedded credentials committed to your public source.
I'm not posting the details here for responsible-disclosure reasons.
Please contact me at Raffa@Lictor-AI.com (or DM via GitHub) and I'll send the exact file path + line + redacted excerpt so you can verify and rotate.
If real, the fix is two steps:
- Rotate the DB password (and any other credential in that file)
git filter-repo to scrub the credential from repo history
A note: this came from an automated scan I manually verified before reaching out. If we're wrong (test/sandbox DB, public-by-design, already-rotated), reply and we'll close it out. No blame — most AI-generated config ships with this exact bug.
— Raffa
Lictor AI · https://lictorai.com
Hi —
Automated security scan flagged what appears to be a database connection string with embedded credentials committed to your public source.
I'm not posting the details here for responsible-disclosure reasons.
Please contact me at Raffa@Lictor-AI.com (or DM via GitHub) and I'll send the exact file path + line + redacted excerpt so you can verify and rotate.
If real, the fix is two steps:
git filter-repoto scrub the credential from repo historyA note: this came from an automated scan I manually verified before reaching out. If we're wrong (test/sandbox DB, public-by-design, already-rotated), reply and we'll close it out. No blame — most AI-generated config ships with this exact bug.
— Raffa
Lictor AI · https://lictorai.com