| Server IP : 209.38.156.173 / Your IP : 216.73.216.122 [ Web Server : Apache/2.4.52 (Ubuntu) System : Linux lakekumayuhotel 5.15.0-136-generic #147-Ubuntu SMP Sat Mar 15 15:53:30 UTC 2025 x86_64 User : root ( 0) PHP Version : 8.1.2-1ubuntu2.22 Disable Function : NONE Domains : 2 Domains MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /proc/thread-self/root/usr/share/doc/git/RelNotes/ |
Upload File : |
Git v2.7.6 Release Notes ======================== Fixes since v2.7.5 ------------------ * A "ssh://..." URL can result in a "ssh" command line with a hostname that begins with a dash "-", which would cause the "ssh" command to instead (mis)treat it as an option. This is now prevented by forbidding such a hostname (which will not be necessary in the real world). * Similarly, when GIT_PROXY_COMMAND is configured, the command is run with host and port that are parsed out from "ssh://..." URL; a poorly written GIT_PROXY_COMMAND could be tricked into treating a string that begins with a dash "-". This is now prevented by forbidding such a hostname and port number (again, which will not be necessary in the real world). * In the same spirit, a repository name that begins with a dash "-" is also forbidden now. Credits go to Brian Neel at GitLab, Joern Schneeweisz of Recurity Labs and Jeff King at GitHub.