| Git v2.14.5 Release Notes |
| ========================= |
| |
| This release is to address the recently reported CVE-2018-17456. |
| |
| Fixes since v2.14.4 |
| ------------------- |
| |
| * Submodules' "URL"s come from the untrusted .gitmodules file, but |
| we blindly gave it to "git clone" to clone submodules when "git |
| clone --recurse-submodules" was used to clone a project that has |
| such a submodule. The code has been hardened to reject such |
| malformed URLs (e.g. one that begins with a dash). |
| |
| Credit for finding and fixing this vulnerability goes to joernchen |
| and Jeff King, respectively. |
