Hello,
there have been security problem fixed in copr-frontend today. Basically by
forking, you could get to webhook secrets of an original project being
forked. Also the integration page where you can insert pagure api token was
actually available under certain URL if you knew how this URL should be
structured. Both of these problems are now fixed. See full details here:
https://lists.fedoraproject.org/archives/list/copr-devel@lists.fedorahost...
We will do full security audits now to prevent any future problems like
this.
Sorry for this trouble
Copr team