@niro982 reported an unvalidated redirect vulnerability. GitHub generally restricts redirects to domains that are under GitHub’s administrative control. However, a flaw in the way were handling relative URLs could allow an attacker to redirect a user to a third-party site. We addressed this issue by forcing all relative URLs to be relative to GitHub.com