Git 2.30.3

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

diff --git a/Documentation/RelNotes/2.30.3.txt b/Documentation/RelNotes/2.30.3.txt
new file mode 100644 (file)
index 0000000..31b2a4d
--- /dev/null
+++ b/Documentation/RelNotes/2.30.3.txt
@@ -0,0 +1,24 @@
+Git v2.30.2 Release Notes
+=========================
+
+This release addresses the security issue CVE-2022-24765.
+
+Fixes since v2.30.2
+-------------------
+
+ * Build fix on Windows.
+
+ * Fix `GIT_CEILING_DIRECTORIES` with Windows-style root directories.
+
+ * CVE-2022-24765:
+   On multi-user machines, Git users might find themselves
+   unexpectedly in a Git worktree, e.g. when another user created a
+   repository in `C:\.git`, in a mounted network drive or in a
+   scratch space. Merely having a Git-aware prompt that runs `git
+   status` (or `git diff`) and navigating to a directory which is
+   supposedly not a Git worktree, or opening such a directory in an
+   editor or IDE such as VS Code or Atom, will potentially run
+   commands defined by that other user.
+
+Credit for finding this vulnerability goes to 俞晨东; The fix was
+authored by Johannes Schindelin.

diff --git a/GIT-VERSION-GEN b/GIT-VERSION-GEN
index 9d789e0efcf52f5cec3f5ef5ad2c9d8211eef369..7cf68be76f87d501784569f91d6c5c41389928d0 100755 (executable)
--- a/GIT-VERSION-GEN
+++ b/GIT-VERSION-GEN
@@ -1,7 +1,7 @@
 #!/bin/sh
 
 GVF=GIT-VERSION-FILE
-DEF_VER=v2.30.2
+DEF_VER=v2.30.3
 
 LF='
 '

diff --git a/RelNotes b/RelNotes
index d73be920659ecc5249db6546b4b333acfa81836b..187351ccd9c372224edba257ac29e5c341391c58 120000 (symlink)
--- a/RelNotes
+++ b/RelNotes
@@ -1 +1 @@
-Documentation/RelNotes/2.30.2.txt
\ No newline at end of file
+Documentation/RelNotes/2.30.3.txt
\ No newline at end of file