diff options
| author |  Junio C Hamano <gitster@pobox.com> | 2018-09-27 11:19:11 -0700 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2018-09-27 11:19:11 -0700 |
| commit | d0832b2847aa9669c09397c5639d7fe56abaf9fc (patch) | |
| tree | 67048c677fda1401b05a512207b50f55d89e985e /Documentation | |
| parent | submodule-config: ban submodule paths that start with a dash (diff) | |
| download | tgif-d0832b2847aa9669c09397c5639d7fe56abaf9fc.tar.xz | |
Git 2.14.5
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'Documentation')
| -rw-r--r-- | Documentation/RelNotes/2.14.5.txt | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/Documentation/RelNotes/2.14.5.txt b/Documentation/RelNotes/2.14.5.txt new file mode 100644 index 0000000000..130645fb29 --- /dev/null +++ b/Documentation/RelNotes/2.14.5.txt @@ -0,0 +1,16 @@ +Git v2.14.5 Release Notes +========================= + +This release is to address the recently reported CVE-2018-17456. + +Fixes since v2.14.4 +------------------- + + * Submodules' "URL"s come from the untrusted .gitmodules file, but + we blindly gave it to "git clone" to clone submodules when "git + clone --recurse-submodules" was used to clone a project that has + such a submodule. The code has been hardened to reject such + malformed URLs (e.g. one that begins with a dash). + +Credit for finding and fixing this vulnerability goes to joernchen +and Jeff King, respectively. |