Johannes Schindelin
3 years ago
3 changed files with 26 additions and 2 deletions
@ -0,0 +1,24 @@
@@ -0,0 +1,24 @@
|
||||
Git v2.30.2 Release Notes |
||||
========================= |
||||
|
||||
This release addresses the security issue CVE-2022-24765. |
||||
|
||||
Fixes since v2.30.2 |
||||
------------------- |
||||
|
||||
* Build fix on Windows. |
||||
|
||||
* Fix `GIT_CEILING_DIRECTORIES` with Windows-style root directories. |
||||
|
||||
* CVE-2022-24765: |
||||
On multi-user machines, Git users might find themselves |
||||
unexpectedly in a Git worktree, e.g. when another user created a |
||||
repository in `C:\.git`, in a mounted network drive or in a |
||||
scratch space. Merely having a Git-aware prompt that runs `git |
||||
status` (or `git diff`) and navigating to a directory which is |
||||
supposedly not a Git worktree, or opening such a directory in an |
||||
editor or IDE such as VS Code or Atom, will potentially run |
||||
commands defined by that other user. |
||||
|
||||
Credit for finding this vulnerability goes to 俞晨东; The fix was |
||||
authored by Johannes Schindelin. |
||||
Loading…
Reference in new issue