[thirdparty/git.git] / Documentation / RelNotes / 2.17.4.txt

Git v2.17.4 Release Notes
=========================

This release is to address the security issue: CVE-2020-5260

Fixes since v2.17.3
-------------------

 * With a crafted URL that contains a newline in it, the credential
   helper machinery can be fooled to give credential information for
   a wrong host.  The attack has been made impossible by forbidding
   a newline character in any value passed via the credential
   protocol.

Credit for finding the vulnerability goes to Felix Wilhelm of Google
Project Zero.
Commit	Line	Data
c42c0f12 JH	1	Git v2.17.4 Release Notes
	2	=========================
	3
	4	This release is to address the security issue: CVE-2020-5260
	5
	6	Fixes since v2.17.3
	7	-------------------
	8
	9	* With a crafted URL that contains a newline in it, the credential
	10	helper machinery can be fooled to give credential information for
	11	a wrong host. The attack has been made impossible by forbidding
	12	a newline character in any value passed via the credential
	13	protocol.
	14
	15	Credit for finding the vulnerability goes to Felix Wilhelm of Google
	16	Project Zero.