File: 2.30.3.adoc

package info (click to toggle)
cgit 1.2.3%2Bgit20250818.80.3346409%2Bgit2.51.0-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 58,624 kB
  • sloc: ansic: 313,383; sh: 260,576; perl: 25,871; tcl: 21,754; makefile: 4,192; python: 3,787; javascript: 810; csh: 45
file content (24 lines) | stat: -rw-r--r-- 865 bytes parent folder | download | duplicates (8) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
 
Git v2.30.2 Release Notes
=========================

This release addresses the security issue CVE-2022-24765.

Fixes since v2.30.2
-------------------

 * Build fix on Windows.

 * Fix `GIT_CEILING_DIRECTORIES` with Windows-style root directories.

 * CVE-2022-24765:
   On multi-user machines, Git users might find themselves
   unexpectedly in a Git worktree, e.g. when another user created a
   repository in `C:\.git`, in a mounted network drive or in a
   scratch space. Merely having a Git-aware prompt that runs `git
   status` (or `git diff`) and navigating to a directory which is
   supposedly not a Git worktree, or opening such a directory in an
   editor or IDE such as VS Code or Atom, will potentially run
   commands defined by that other user.

Credit for finding this vulnerability goes to 俞晨东; The fix was
authored by Johannes Schindelin.