[thirdparty/git.git] / Documentation / RelNotes / 2.5.4.txt

Git v2.5.4 Release Notes
========================

Fixes since v2.5.4
------------------

 * xdiff code we use to generate diffs is not prepared to handle
   extremely large files.  It uses "int" in many places, which can
   overflow if we have a very large number of lines or even bytes in
   our input files, for example.  Cap the input size to somewhere
   around 1GB for now.

 * Some protocols (like git-remote-ext) can execute arbitrary code
   found in the URL.  The URLs that submodules use may come from
   arbitrary sources (e.g., .gitmodules files in a remote
   repository), and can hurt those who blindly enable recursive
   fetch.  Restrict the allowed protocols to well known and safe
   ones.
Commit	Line	Data
	1	Git v2.5.4 Release Notes
	2	========================
	3
	4	Fixes since v2.5.4
	5	------------------
	6
	7	* xdiff code we use to generate diffs is not prepared to handle
	8	extremely large files. It uses "int" in many places, which can
	9	overflow if we have a very large number of lines or even bytes in
	10	our input files, for example. Cap the input size to somewhere
	11	around 1GB for now.
	12
	13	* Some protocols (like git-remote-ext) can execute arbitrary code
	14	found in the URL. The URLs that submodules use may come from
	15	arbitrary sources (e.g., .gitmodules files in a remote
	16	repository), and can hurt those who blindly enable recursive
	17	fetch. Restrict the allowed protocols to well known and safe
	18	ones.