mirror of
https://github.com/git/git
synced 2024-10-30 04:01:21 +00:00
6b82d3eea6
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
16 lines
511 B
Text
16 lines
511 B
Text
Git v2.17.6 Release Notes
|
|
=========================
|
|
|
|
This release addresses the security issues CVE-2021-21300.
|
|
|
|
Fixes since v2.17.5
|
|
-------------------
|
|
|
|
* CVE-2021-21300:
|
|
On case-insensitive file systems with support for symbolic links,
|
|
if Git is configured globally to apply delay-capable clean/smudge
|
|
filters (such as Git LFS), Git could be fooled into running
|
|
remote code during a clone.
|
|
|
|
Credit for finding and fixing this vulnerability goes to Matheus
|
|
Tavares, helped by Johannes Schindelin.
|