summaryrefslogtreecommitdiff
path: root/Documentation/RelNotes/2.30.3.txt
diff options
context:
space:
mode:
authorJohannes Schindelin <johannes.schindelin@gmx.de>2022-03-17 09:15:15 (GMT)
committerJohannes Schindelin <johannes.schindelin@gmx.de>2022-03-23 23:22:17 (GMT)
commitcb95038137e9e66fc6a6b4a0e8db62bcc521b709 (patch)
tree6bdac7fde1d2d3e7f08e58c3e711bf70100dfe26 /Documentation/RelNotes/2.30.3.txt
parentfdcad5a53e14bd397e4fa323e7fd0c3bf16dd373 (diff)
downloadgit-2.30.3.zip
git-2.30.3.tar.gz
git-2.30.3.tar.bz2
Git 2.30.3v2.30.3
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Diffstat (limited to 'Documentation/RelNotes/2.30.3.txt')
-rw-r--r--Documentation/RelNotes/2.30.3.txt24
1 files changed, 24 insertions, 0 deletions
diff --git a/Documentation/RelNotes/2.30.3.txt b/Documentation/RelNotes/2.30.3.txt
new file mode 100644
index 0000000..31b2a4d
--- /dev/null
+++ b/Documentation/RelNotes/2.30.3.txt
@@ -0,0 +1,24 @@
+Git v2.30.2 Release Notes
+=========================
+
+This release addresses the security issue CVE-2022-24765.
+
+Fixes since v2.30.2
+-------------------
+
+ * Build fix on Windows.
+
+ * Fix `GIT_CEILING_DIRECTORIES` with Windows-style root directories.
+
+ * CVE-2022-24765:
+ On multi-user machines, Git users might find themselves
+ unexpectedly in a Git worktree, e.g. when another user created a
+ repository in `C:\.git`, in a mounted network drive or in a
+ scratch space. Merely having a Git-aware prompt that runs `git
+ status` (or `git diff`) and navigating to a directory which is
+ supposedly not a Git worktree, or opening such a directory in an
+ editor or IDE such as VS Code or Atom, will potentially run
+ commands defined by that other user.
+
+Credit for finding this vulnerability goes to 俞晨东; The fix was
+authored by Johannes Schindelin.