path: root/Documentation/RelNotes/2.13.6.txt
diff options
Diffstat (limited to 'Documentation/RelNotes/2.13.6.txt')
1 files changed, 17 insertions, 0 deletions
diff --git a/Documentation/RelNotes/2.13.6.txt b/Documentation/RelNotes/2.13.6.txt
new file mode 100644
index 0000000..afcae9c
--- /dev/null
+++ b/Documentation/RelNotes/2.13.6.txt
@@ -0,0 +1,17 @@
+Git v2.13.6 Release Notes
+Fixes since v2.13.5
+ * "git cvsserver" no longer is invoked by "git daemon" by default,
+ as it is old and largely unmaintained.
+ * Various Perl scripts did not use safe_pipe_capture() instead of
+ backticks, leaving them susceptible to end-user input. They have
+ been corrected.
+Credits go to joernchen <> for finding the
+unsafe constructs in "git cvsserver", and to Jeff King at GitHub for
+finding and fixing instances of the same issue in other scripts.