@kamilhism discovered that the caching mechanism used when previewing non-code files on GitHub.com did not correctly enforce authorization for private repositories. If a non-code file in a private repository had been recently previewed by an authorized user, an attacker could bypass authorization checks by accessing the cached version directly. This required the attacker to know the full filename of the non-code file and a valid commit hash. We addressed this issue by improving the authorization checks in the caching mechanism to restrict access to files in private repositories.