标签

Git for Windows v2.29.1

Git for Windows v2.29.0

Git for Windows v2.29.0-rc2

Git for Windows v2.29.0-rc1

Git for Windows v2.29.0-rc0

Git for Windows v2.28.0

Git for Windows v2.28.0-rc2

Git for Windows v2.28.0-rc1

Git for Windows v2.28.0-rc0

Git for Windows v2.27.0

Git for Windows v2.27.0-rc2

Git for Windows v2.27.0-rc1

Git 2.27-rc1

Git for Windows v2.27.0-rc0

MinGit for Windows v2.14.4(8)

Changes since MinGit v2.14.4(7) (April 20th 2020)

Bug Fixes

 * A regression that was introduced by the backports of the
   CVE-2020-11008 patches was fixed: config keys of the form
   `credential.<partial-URL>.<key>` caused Git to `die()`.

MinGit for Windows v2.21.0(7)

Changes since MinGit v2.21.0(6) (April 20th 2020)

Bug Fixes

 * A regression that was introduced by the backports of the
   CVE-2020-11008 patches was fixed: config keys of the form
   `credential.<partial-URL>.<key>` caused Git to `die()`.

MinGit for Windows v2.25.0(4)

Changes since MinGit v2.25.0(3) (April 20th 2020)

Bug Fixes

 * A regression that was introduced by the backports of the
   CVE-2020-11008 patches was fixed: config keys of the form
   `credential.<partial-URL>.<key>` caused Git to `die()`.

MinGit for Windows v2.23.0(5)

Changes since MinGit v2.23.0(4) (April 20th 2020)

Bug Fixes

 * A regression that was introduced by the backports of the
   CVE-2020-11008 patches was fixed: config keys of the form
   `credential.<partial-URL>.<key>` caused Git to `die()`.

MinGit for Windows v2.25.0(3)

Changes since MinGit v2.25.0(2) (April 14th 2020)

This release is to address a security issue: CVE-2020-11008

Bug Fixes

 * With a crafted URL that contains a newline or empty host, or lacks
   a scheme, the credential helper machinery can be fooled into
   providing credential information that is not appropriate for the
   protocol in use and host being contacted.

   Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the
   credentials are not for a host of the attacker's choosing; instead,
   they are for some unspecified host (based on how the configured
   credential helper handles an absent "host" parameter).

   The attack has been made impossible by refusing to work with
   under-specified credential patterns.

Credit for finding the vulnerability goes to Carlo Arenas.

MinGit for Windows v2.14.4(7)

Changes since MinGit v2.14.4(6) (April 14th 2020)

This release is to address a security issue: CVE-2020-11008

Bug Fixes

 * With a crafted URL that contains a newline or empty host, or lacks
   a scheme, the credential helper machinery can be fooled into
   providing credential information that is not appropriate for the
   protocol in use and host being contacted.

   Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the
   credentials are not for a host of the attacker's choosing; instead,
   they are for some unspecified host (based on how the configured
   credential helper handles an absent "host" parameter).

   The attack has been made impossible by refusing to work with
   under-specified credential patterns.

Credit for finding the vulnerability goes to Carlo Arenas.