标签

MinGit for Windows v2.21.0(6)

Changes since MinGit v2.21.0(5) (April 14th 2020)

This release is to address a security issue: CVE-2020-11008

Bug Fixes

 * With a crafted URL that contains a newline or empty host, or lacks
   a scheme, the credential helper machinery can be fooled into
   providing credential information that is not appropriate for the
   protocol in use and host being contacted.

   Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the
   credentials are not for a host of the attacker's choosing; instead,
   they are for some unspecified host (based on how the configured
   credential helper handles an absent "host" parameter).

   The attack has been made impossible by refusing to work with
   under-specified credential patterns.

Credit for finding the vulnerability goes to Carlo Arenas.

MinGit for Windows v2.23.0(4)

Changes since MinGit v2.23.0(3) (April 14th 2020)

This release is to address a security issue: CVE-2020-11008

Bug Fixes

 * With a crafted URL that contains a newline or empty host, or lacks
   a scheme, the credential helper machinery can be fooled into
   providing credential information that is not appropriate for the
   protocol in use and host being contacted.

   Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the
   credentials are not for a host of the attacker's choosing; instead,
   they are for some unspecified host (based on how the configured
   credential helper handles an absent "host" parameter).

   The attack has been made impossible by refusing to work with
   under-specified credential patterns.

Credit for finding the vulnerability goes to Carlo Arenas.

Git for Windows v2.26.2

Git for Windows v2.26.1

Git for Windows v2.26.0

MinGit for Windows v2.25.0(2)

Changes since MinGit v2.25.0 (January 13th 2020)

Bug Fixes

  * With a crafted URL that contains a newline in it, the credential
    helper machinery can be fooled to give credential information for
    a wrong host.  The attack has been made impossible by forbidding
    a newline character in any value passed via the credential
    protocol.

MinGit for Windows v2.23.0(3)

Changes since MinGit v2.23.0(2) (December 10th 2019)

Bug Fixes

  * With a crafted URL that contains a newline in it, the credential
    helper machinery can be fooled to give credential information for
    a wrong host.  The attack has been made impossible by forbidding
    a newline character in any value passed via the credential
    protocol.

MinGit for Windows v2.21.0(5)

Changes since MinGit v2.21.0(4) (December 10th 2019)

Bug Fixes

  * With a crafted URL that contains a newline in it, the credential
    helper machinery can be fooled to give credential information for
    a wrong host.  The attack has been made impossible by forbidding
    a newline character in any value passed via the credential
    protocol.

MinGit for Windows v2.14.4(6)

Changes since MinGit v2.14.4(5) (December 10th 2019)

Bug Fixes

  * With a crafted URL that contains a newline in it, the credential
    helper machinery can be fooled to give credential information for
    a wrong host.  The attack has been made impossible by forbidding
    a newline character in any value passed via the credential
    protocol.

Git for Windows v2.26.0-rc2

Git for Windows v2.26.0-rc1

Git for Windows v2.26.0-rc0

Git for Windows v2.25.1

Git for Windows v2.25.0

Changes since Git for Windows v2.24.1(2) (December 10th 2019)

New Features

  * Comes with Git v2.25.0.
  * Comes with GNU Privacy Guard v2.2.19.
  * Comes with Git LFS v2.9.2.
  * When upgrading Git for Windows, by default the installer now only
    shows pages with previously-unseen options.
  * Comes with cURL v7.68.0.

Bug Fixes

  * The startup file for GNU nano, which had been included with DOS
    line endings (and therefore upset nano) is now included with Unix
    line endings again.
  * Git for Windows now fails as expected when trying to check out
    files with illegal characters in their file names.
  * Git now works properly when inside a symlinked work tree.
  * Repositories with old commits containing backslashes in file names
    can now be fetched/cloned again (but Git will still refuse to check
    out files with backslashes in their file names).
  * Git GUI can now deal with uninitialized submodules (this was a
    Windows-specific bug).
  * It is again possible to clone repositories where some past revision
    contained file names containing backslashes (Git will of course
    still refuse to check out such revisions).

Third preview for v2.25.0

Second preview for v2.25.0

Early preview of Git for Windows v2.25.0.

Git for Windows v2.24.1(2)

Changes since Git for Windows v2.24.0(2) (November 6th 2019)

This is a security bug release that fixes CVE-2019-1348, CVE-2019-1349,
CVE-2019-1350, CVE-2019-1351, CVE-2019-1352, CVE-2019-1353,
CVE-2019-1354, CVE-2019-1387, and CVE-2019-19604.

New Features

  * Comes with Git v2.24.1.
  * Comes with tig v2.5.0.
  * Comes with patch level 4 of the MSYS2 runtime (Git for Windows
    flavor) based on Cygwin 3.0.7.
  * The command-line options of git-bash.exe are now documented (call
    git help git-bash).
  * Comes with Git LFS v2.9.1.
  * Comes with cURL v7.67.0.
  * Comes with GNU Privacy Guard v2.2.18.

Bug Fixes

  * MinGit no longer overrides an installed Git for Windows' system
    gitconfig.
  * The "Check daily for updates" feature uses the Action Center again.
  * When associating .sh files with Git Bash to allow running them by
    double-clicking them in the Windows Explorer, shell scripts with
    non-ASCII characters in their file name are now supported.

Git for Windows v2.24.0(2)

Changes since Git for Windows v2.24.0 (November 4th 2019)

New Features

  * Comes with cURL v7.67.0.

Bug Fixes

  * Using http.extraHeader no longer results in spurious crashes.
  * The /proc/{stdin,stdout,stderr} pseudo-symlinks are now installed
    properly even with non-US locales.
  * A bug was fixed that prevented gitk from refreshing after new
    changes were committed.

Git for Windows v2.24.0

Changes since Git for Windows v2.23.0 (August 17th 2019)

Note! As a consequence of making git config --system work as expected,
the location of the system config is now C:\Program Files\Git\etc\
gitconfig (no longer split between C:\Program Files\Git\mingw64\etc\
gitconfig and C:\ProgramData\Git\config), and likewise the location of
the system gitattributes is now C:\Program Files\Git\etc\gitattributes
(no longer C:\Program Files\Git\mingw64\etc\gitattributes). Any manual
modifications to C:\ProgramData\Git\config need to be ported manually.

New Features

  * Comes with Git v2.24.0.
  * Comes with cURL v7.66.0.
  * Comes with Git Credential Manager v1.20.0.
  * Comes with OpenSSH v8.1p1.
  * Comes with OpenSSL v1.1.1d.
  * Comes with Git LFS v2.9.0.

Bug Fixes

  * The shell construct <(<command>), which was broken in v2.23.0 (/dev
    /fd/<n>: no such file or directory), was fixed.
  * The default config no longer skips git-lfs downloads.
  * Starting with cURL v7.66.0, $HOME/.netrc can be used instead of
    $HOME/_netrc (but it will still fall back to looking for the
    latter).
  * The installer's "ProductVersion" is now consistent with older Git
    for Windows versions'.
  * Makes git config --system work like you think it should.
  * The (still experimental) built-in git add -p no longer gets
    confused about incomplete lines (i.e. a file's l last line that
    does not end in a Line Feed).
  * A buffer overrun in the code to determine which files need to be
    marked as hidden was plugged.
  * The support for sendpack.sideband that was removed by mistake was
    re-introduced, to support git push via the git:// protocol again.
  * git stash no longer records skip-worktree files as deleted after
    resolving merge conflicts in them.
  * The Git for Windows installer no longer complains about a downgrade
    when upgrading from an -rc version, i.e. from a pre-release leading
    up to the next major version.