[ANNOUNCE] Git for Windows 2.40.1
Johannes Schindelin
johannes.schindelin at gmx.de
Tue Apr 25 18:20:01 BST 2023
Dear Git users,
I hereby announce that Git for Windows 2.40.1 is available from:
https://gitforwindows.org/
Changes since Git for Windows v2.40.0 (March 14th 2023)
This is a security release, addressing CVE-2023-29012, CVE-2023-29011,
CVE-2023-29007, CVE-2023-25815 and CVE-2023-25652.
As announced previously, Git for Windows will drop support for Windows
7 and for Windows 8 in one of the next versions, following Cygwin's and
MSYS2's lead (Git for Windows relies on MSYS2 for components such as
Bash and Perl).
Also following the footsteps of the MSYS2 and Cygwin projects on which
Git for Windows depends, the 32-bit variant of Git for Windows is
nearing its end of support.
New Features
* Comes with Git v2.40.1.
Bug Fixes
* Addresses CVE-2023-29012, a vulnerability where starting Git CMD
would execute doskey.exe in the current directory, if it exists.
* Addresses CVE-2023-29011, a vulnerability where the SOCKS5 proxy
called connect.exe is susceptible to picking up an untrusted
configuration on multi-user machines.
* Addresses CVE-2023-29007, a vulnerability where git submodule
deinit can inadvertently introduce malicious changes into the Git
config file.
* Addresses CVE-2023-25815, a vulnerability where Git can
unexpectedly show crafted "localized" messages written by another
user on a multi-user machine.
* Addresses CVE-2023-25652, a vulnerability where git apply --reject
could follow symbolic links to write files outside the worktree.
Git-2.40.1-64-bit.exe | d2f0fbf9d84622b2aa4aed401daf6dedb8ac89bb388af02078ba375496a873dc
Git-2.40.1-32-bit.exe | 3ee2289a4f6e9917f702bd032a67874c11aa05bf2d28d967986e40d4f7f50636
PortableGit-2.40.1-64-bit.7z.exe | 9e1d819aef3284420adf6d923b0d4865254bd403641d915975e49ddea1e7cdf9
PortableGit-2.40.1-32-bit.7z.exe | e1360e94cb292862fb023018578a1029022a09278b160f7264c6dc444f65c9ca
MinGit-2.40.1-64-bit.zip | 36498716572394918625476ca207df3d5f8b535a669e9aad7a99919d0179848c
MinGit-2.40.1-32-bit.zip | 8bfc48e5211cc209768297e0b71c253b2d8393875d7b3daef8c54909634daa16
MinGit-2.40.1-busybox-64-bit.zip | 8c829d6f3ae0d48e5939b7ddccbaea44b8ef2a38f9e28c3afa691e0451432b14
MinGit-2.40.1-busybox-32-bit.zip | e31c73c0b7d3546fba54e9416bf4ce850ea7e528eb6c8b059fdd941ad78749c7
Git-2.40.1-64-bit.tar.bz2 | 249b3f31b14b802c26e64f082131fe3346af7de204a897438a0027b67fdcd0b7
Git-2.40.1-32-bit.tar.bz2 | be7c1b51bc30187a28d77e5f71e5bbcd768b2d0021ba11ad26178f08920533fb
Ciao,
Johannes
More information about the git-announce
mailing list