| Server IP : 15.235.198.142 / Your IP : 216.73.216.90 Web Server : Apache/2.4.58 (Ubuntu) System : Linux ballsack 6.8.0-45-generic #45-Ubuntu SMP PREEMPT_DYNAMIC Fri Aug 30 12:02:04 UTC 2024 x86_64 User : www-data ( 33) PHP Version : 8.3.6 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : OFF Directory : /usr/share/doc/git/RelNotes/ |
Upload File : |
Git v2.7.6 Release Notes ======================== Fixes since v2.7.5 ------------------ * A "ssh://..." URL can result in a "ssh" command line with a hostname that begins with a dash "-", which would cause the "ssh" command to instead (mis)treat it as an option. This is now prevented by forbidding such a hostname (which will not be necessary in the real world). * Similarly, when GIT_PROXY_COMMAND is configured, the command is run with host and port that are parsed out from "ssh://..." URL; a poorly written GIT_PROXY_COMMAND could be tricked into treating a string that begins with a dash "-". This is now prevented by forbidding such a hostname and port number (again, which will not be necessary in the real world). * In the same spirit, a repository name that begins with a dash "-" is also forbidden now. Credits go to Brian Neel at GitLab, Joern Schneeweisz of Recurity Labs and Jeff King at GitHub.