[thirdparty/git.git] / Documentation / RelNotes / 2.5.4.txt

Git v2.5.4 Release Notes
========================

Fixes since v2.5.4
------------------

 * xdiff code we use to generate diffs is not prepared to handle
   extremely large files.  It uses "int" in many places, which can
   overflow if we have a very large number of lines or even bytes in
   our input files, for example.  Cap the input size to somewhere
   around 1GB for now.

 * Some protocols (like git-remote-ext) can execute arbitrary code
   found in the URL.  The URLs that submodules use may come from
   arbitrary sources (e.g., .gitmodules files in a remote
   repository), and can hurt those who blindly enable recursive
   fetch.  Restrict the allowed protocols to well known and safe
   ones.
Commit	Line	Data
24358560 JH	1	Git v2.5.4 Release Notes
	2	========================
	3
	4	Fixes since v2.5.4
	5	------------------
	6
	7	* xdiff code we use to generate diffs is not prepared to handle
	8	extremely large files. It uses "int" in many places, which can
	9	overflow if we have a very large number of lines or even bytes in
2e3a16b2	10	our input files, for example. Cap the input size to somewhere
24358560 JH	11	around 1GB for now.
	12
	13	* Some protocols (like git-remote-ext) can execute arbitrary code
	14	found in the URL. The URLs that submodules use may come from
	15	arbitrary sources (e.g., .gitmodules files in a remote
	16	repository), and can hurt those who blindly enable recursive
	17	fetch. Restrict the allowed protocols to well known and safe
	18	ones.