Software-update: Git 2.19.1 / 2.18.1 / 2.17.2 / 2.16.5 / 2.15.3 / 2.14.5

De ontwikkelaars achter Git hebben versies 2.19.1, 2.18.1, 2.17.2, 2.16.5, 2.15.3 en 2.14.5 van hun software uitgebracht. Met Git kunnen onder andere software- en projectontwikkelaars beheer en versiecontrole over data en broncode uitvoeren. Het programma kan worden gezien als een concurrent voor Subversion of Mercurial. Het heeft onder andere complete branching- en merging-functies, en wordt onder de gpl versie 2 uitgegeven. Voor een overzicht van vergelijkingen tussen Git en andere versiebeheersystemen verwijzen we naar deze pagina. De lijsten met veranderingen zien er als volgt uit:

Git v2.19.1 and v2.18.1 Release Notes

This release merges up the fixes that appear in v2.14.5 and in v2.17.2 to address the recently reported CVE-2018-17456; see the release notes for those versions for details.

Git v2.17.2 Release Notes

This release merges up the fixes that appear in v2.14.5 to address the recently reported CVE-2018-17456; see the release notes for that version for details.

In addition, this release also teaches "fsck" and the server side logic to reject pushes to repositories that attempt to create such a problematic ".gitmodules" file as tracked contents, to help hosting sites protect their customers by preventing malicious contents from spreading.

Git v2.16.5 and v2.15.3 Release Notes

This release merges up the fixes that appear in v2.14.5 to address the recently reported CVE-2018-17456; see the release notes for that version for details.

Git v2.14.5 Release Notes

This release is to address the recently reported CVE-2018-17456.

Submodules' "URL"s come from the untrusted .gitmodules file, but we blindly gave it to "git clone" to clone submodules when "git clone --recurse-submodules" was used to clone a project that has such a submodule. The code has been hardened to reject such malformed URLs (e.g. one that begins with a dash).

Credit for finding and fixing this vulnerability goes to joernchen and Jeff King, respectively.