summaryrefslogtreecommitdiff
path: root/Documentation/RelNotes/1.5.1.2.txt
diff options
context:
space:
mode:
authorLibravatar Johannes Schindelin <johannes.schindelin@gmx.de>2019-10-03 20:44:34 +0200
committerLibravatar Johannes Schindelin <johannes.schindelin@gmx.de>2019-12-04 13:23:22 +0100
commita7b1ad3b05fd1dc03c3de12ea4f2d8118ad24e2c (patch)
tree9603df337bf43eec5d4998d44f5c3293661950d2 /Documentation/RelNotes/1.5.1.2.txt
parentGit 2.14.5 (diff)
parentfast-import: disallow "feature import-marks" by default (diff)
downloadtgif-a7b1ad3b05fd1dc03c3de12ea4f2d8118ad24e2c.tar.xz
Merge branch 'jk/fast-import-unsafe'
The `--export-marks` option of `git fast-import` is exposed also via the in-stream command `feature export-marks=...` and it allows overwriting arbitrary paths. This topic branch prevents the in-stream version, to prevent arbitrary file accesses by `git fast-import` streams coming from untrusted sources (e.g. in remote helpers that are based on `git fast-import`). This fixes CVE-2019-1348. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Diffstat (limited to 'Documentation/RelNotes/1.5.1.2.txt')
0 files changed, 0 insertions, 0 deletions