d0832b2847
Signed-off-by: Junio C Hamano <gitster@pobox.com>
17 lines
578 B
Plaintext
17 lines
578 B
Plaintext
Git v2.14.5 Release Notes
|
|
=========================
|
|
|
|
This release is to address the recently reported CVE-2018-17456.
|
|
|
|
Fixes since v2.14.4
|
|
-------------------
|
|
|
|
* Submodules' "URL"s come from the untrusted .gitmodules file, but
|
|
we blindly gave it to "git clone" to clone submodules when "git
|
|
clone --recurse-submodules" was used to clone a project that has
|
|
such a submodule. The code has been hardened to reject such
|
|
malformed URLs (e.g. one that begins with a dash).
|
|
|
|
Credit for finding and fixing this vulnerability goes to joernchen
|
|
and Jeff King, respectively.
|