]>
Commit | Line | Data |
---|---|---|
d0832b28 JH |
1 | Git v2.14.5 Release Notes |
2 | ========================= | |
3 | ||
4 | This release is to address the recently reported CVE-2018-17456. | |
5 | ||
6 | Fixes since v2.14.4 | |
7 | ------------------- | |
8 | ||
9 | * Submodules' "URL"s come from the untrusted .gitmodules file, but | |
10 | we blindly gave it to "git clone" to clone submodules when "git | |
11 | clone --recurse-submodules" was used to clone a project that has | |
12 | such a submodule. The code has been hardened to reject such | |
13 | malformed URLs (e.g. one that begins with a dash). | |
14 | ||
15 | Credit for finding and fixing this vulnerability goes to joernchen | |
16 | and Jeff King, respectively. |