GitHub occasionaly lets users and organizations preview upcoming features through our early access program. For example, we recently used the early access program to preview Git LFS. @IonicaBizau identified and reported a bug that could allow an attacker to register another user for an early access feature. While we correctly restricted which organizations a user could register, we did not restrict which users could be registered. This was considered a low risk vulnerability since it did not directly allow an attacker any additional access to the user’s account (it only enabled new features for the registered user). We addressed this issue by ensuring a user can only register themselves, and organizations they administer, for early access features.