File tree Expand file tree Collapse file tree 1 file changed +9
-0
lines changed
Expand file tree Collapse file tree 1 file changed +9
-0
lines changed Original file line number Diff line number Diff line change @@ -6,6 +6,11 @@ v0.27 + 1
66* The line-ending filtering logic - when checking out files - has been
77 updated to match newer git (>= git 2.9) for proper interoperability.
88
9+ * Submodules with names which attempt to perform path traversal now have their
10+ configuration ignored. Such names were blindly appended to the
11+ ` $GIT_DIR/modules ` and a malicious name could lead to an attacker writing to
12+ an arbitrary location. This matches git's handling of CVE-2018 -11235.
13+
914### API additions
1015
1116### API removals
@@ -14,6 +19,10 @@ v0.27 + 1
1419
1520* The default checkout strategy changed from ` DRY_RUN ` to ` SAFE ` (#4531 ).
1621
22+ * Adding a symlink as .gitmodules into the index from the workdir or checking
23+ out such files is not allowed as this can make a Git implementation write
24+ outside of the repository and bypass the fsck checks for CVE-2018 -11235.
25+
1726v0.27
1827---------
1928
You can’t perform that action at this time.
0 commit comments