]>
Commit | Line | Data |
---|---|---|
c42c0f12 JH |
1 | Git v2.17.4 Release Notes |
2 | ========================= | |
3 | ||
4 | This release is to address the security issue: CVE-2020-5260 | |
5 | ||
6 | Fixes since v2.17.3 | |
7 | ------------------- | |
8 | ||
9 | * With a crafted URL that contains a newline in it, the credential | |
10 | helper machinery can be fooled to give credential information for | |
11 | a wrong host. The attack has been made impossible by forbidding | |
12 | a newline character in any value passed via the credential | |
13 | protocol. | |
14 | ||
15 | Credit for finding the vulnerability goes to Felix Wilhelm of Google | |
16 | Project Zero. |