diff options
author | Johannes Schindelin <johannes.schindelin@gmx.de> | 2022-03-17 09:15:15 (GMT) |
---|---|---|
committer | Johannes Schindelin <johannes.schindelin@gmx.de> | 2022-03-23 23:22:17 (GMT) |
commit | cb95038137e9e66fc6a6b4a0e8db62bcc521b709 (patch) | |
tree | 6bdac7fde1d2d3e7f08e58c3e711bf70100dfe26 /Documentation | |
parent | fdcad5a53e14bd397e4fa323e7fd0c3bf16dd373 (diff) | |
download | git-2.30.3.zip git-2.30.3.tar.gz git-2.30.3.tar.bz2 |
Git 2.30.3v2.30.3
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Diffstat (limited to 'Documentation')
-rw-r--r-- | Documentation/RelNotes/2.30.3.txt | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/Documentation/RelNotes/2.30.3.txt b/Documentation/RelNotes/2.30.3.txt new file mode 100644 index 0000000..31b2a4d --- /dev/null +++ b/Documentation/RelNotes/2.30.3.txt @@ -0,0 +1,24 @@ +Git v2.30.2 Release Notes +========================= + +This release addresses the security issue CVE-2022-24765. + +Fixes since v2.30.2 +------------------- + + * Build fix on Windows. + + * Fix `GIT_CEILING_DIRECTORIES` with Windows-style root directories. + + * CVE-2022-24765: + On multi-user machines, Git users might find themselves + unexpectedly in a Git worktree, e.g. when another user created a + repository in `C:\.git`, in a mounted network drive or in a + scratch space. Merely having a Git-aware prompt that runs `git + status` (or `git diff`) and navigating to a directory which is + supposedly not a Git worktree, or opening such a directory in an + editor or IDE such as VS Code or Atom, will potentially run + commands defined by that other user. + +Credit for finding this vulnerability goes to 俞晨东; The fix was +authored by Johannes Schindelin. |