From cb95038137e9e66fc6a6b4a0e8db62bcc521b709 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Thu, 17 Mar 2022 10:15:15 +0100 Subject: Git 2.30.3 Signed-off-by: Johannes Schindelin --- Documentation/RelNotes/2.30.3.txt | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 Documentation/RelNotes/2.30.3.txt (limited to 'Documentation/RelNotes') diff --git a/Documentation/RelNotes/2.30.3.txt b/Documentation/RelNotes/2.30.3.txt new file mode 100644 index 0000000000..31b2a4daa6 --- /dev/null +++ b/Documentation/RelNotes/2.30.3.txt @@ -0,0 +1,24 @@ +Git v2.30.2 Release Notes +========================= + +This release addresses the security issue CVE-2022-24765. + +Fixes since v2.30.2 +------------------- + + * Build fix on Windows. + + * Fix `GIT_CEILING_DIRECTORIES` with Windows-style root directories. + + * CVE-2022-24765: + On multi-user machines, Git users might find themselves + unexpectedly in a Git worktree, e.g. when another user created a + repository in `C:\.git`, in a mounted network drive or in a + scratch space. Merely having a Git-aware prompt that runs `git + status` (or `git diff`) and navigating to a directory which is + supposedly not a Git worktree, or opening such a directory in an + editor or IDE such as VS Code or Atom, will potentially run + commands defined by that other user. + +Credit for finding this vulnerability goes to 俞晨东; The fix was +authored by Johannes Schindelin. -- cgit v1.2.3 From 44de39c45c65134f4a6e02e7702a5db70a71041d Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Thu, 17 Mar 2022 10:57:32 +0100 Subject: Git 2.31.2 Signed-off-by: Johannes Schindelin --- Documentation/RelNotes/2.31.2.txt | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 Documentation/RelNotes/2.31.2.txt (limited to 'Documentation/RelNotes') diff --git a/Documentation/RelNotes/2.31.2.txt b/Documentation/RelNotes/2.31.2.txt new file mode 100644 index 0000000000..aa13a5b022 --- /dev/null +++ b/Documentation/RelNotes/2.31.2.txt @@ -0,0 +1,6 @@ +Git v2.31.2 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.3 to address +the security issue CVE-2022-24765; see the release notes for that +version for details. -- cgit v1.2.3 From 9bcd7a8ecac1c9196bc927647bd06c38ec1feabe Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Thu, 17 Mar 2022 10:57:38 +0100 Subject: Git 2.32.1 Signed-off-by: Johannes Schindelin --- Documentation/RelNotes/2.32.1.txt | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 Documentation/RelNotes/2.32.1.txt (limited to 'Documentation/RelNotes') diff --git a/Documentation/RelNotes/2.32.1.txt b/Documentation/RelNotes/2.32.1.txt new file mode 100644 index 0000000000..7dcca13b92 --- /dev/null +++ b/Documentation/RelNotes/2.32.1.txt @@ -0,0 +1,6 @@ +Git v2.32.1 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.3 and +v2.31.2 to address the security issue CVE-2022-24765; see the +release notes for these versions for details. -- cgit v1.2.3 From 87ed4fc046840706138d46e0033a009e74c3887a Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Thu, 17 Mar 2022 10:57:44 +0100 Subject: Git 2.33.2 Signed-off-by: Johannes Schindelin --- Documentation/RelNotes/2.33.2.txt | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 Documentation/RelNotes/2.33.2.txt (limited to 'Documentation/RelNotes') diff --git a/Documentation/RelNotes/2.33.2.txt b/Documentation/RelNotes/2.33.2.txt new file mode 100644 index 0000000000..e504489d61 --- /dev/null +++ b/Documentation/RelNotes/2.33.2.txt @@ -0,0 +1,15 @@ +Git v2.33.2 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.3, v2.31.2 +and v2.32.1 to address the security issue CVE-2022-24765; see +the release notes for these versions for details. + +In addition, it contains the following fixes: + + * Squelch over-eager warning message added during this cycle. + + * A bug in "git rebase -r" has been fixed. + + * One CI task based on Fedora image noticed a not-quite-kosher + construct recently, which has been corrected. -- cgit v1.2.3