[ANNOUNCE] Git v2.6.1, v2.5.4, v2.4.10 and v2.3.10
Junio C Hamano
gitster at pobox.com
Mon Nov 9 23:00:34 GMT 2015
The latest maintenance release Git v2.6.1, together with releases
for older maintenance tracks, are now available at the usual places.
The tarballs are found at:
https://www.kernel.org/pub/software/scm/git/
The following public repositories all have a copy of the
abovementioned tags:
url = https://kernel.googlesource.com/pub/scm/git/git
url = git://repo.or.cz/alt-git.git
url = git://git.sourceforge.jp/gitroot/git-core/git.git
url = git://git-core.git.sourceforge.net/gitroot/git-core/git-core
url = https://github.com/gitster/git
Fixes contained in these releases are as follows:
* xdiff code we use to generate diffs is not prepared to handle
extremely large files. It uses "int" in many places, which can
overflow if we have a very large number of lines or even bytes in
our input files, for example. Cap the input size to somewhere
around 1GB for now.
* Some protocols (like git-remote-ext) can execute arbitrary code
found in the URL. The URLs that submodules use may come from
arbitrary sources (e.g., .gitmodules files in a remote
repository), and can hurt those who blindly enable recursive
fetch. Restrict the allowed protocols to well known and safe
ones.
Kudos to Blake Burkhart and Jeff King for working on these fixes.
Thanks.
More information about the git-announce
mailing list