Git - v2.30.3
This release addresses the security issue CVE-2022-24765.
Fixes since v2.30.2
-
Build fix on Windows.
-
Fix
GIT_CEILING_DIRECTORIES
with Windows-style root directories. -
CVE-2022-24765:
On multi-user machines, Git users might find themselves
unexpectedly in a Git worktree, e.g. when another user created a
repository inC:\.git
, in a mounted network drive or in a
scratch space. Merely having a Git-aware prompt that runsgit status
(orgit diff
) and navigating to a directory which is
supposedly not a Git worktree, or opening such a directory in an
editor or IDE such as VS Code or Atom, will potentially run
commands defined by that other user.
Credit for finding this vulnerability goes to δΏζ¨δΈ; The fix was
authored by Johannes Schindelin.
Security
Details
- πView and search all Git releases.
- π οΈCreate and share lists to track your tools.
- π¨Setup notifications for major, security, feature or patch updates.
- πMuch more coming soon!