Git v2.17.4 Release Notes | |
========================= | |
This release is to address the security issue: CVE-2020-5260 | |
Fixes since v2.17.3 | |
------------------- | |
* With a crafted URL that contains a newline in it, the credential | |
helper machinery can be fooled to give credential information for | |
a wrong host. The attack has been made impossible by forbidding | |
a newline character in any value passed via the credential | |
protocol. | |
Credit for finding the vulnerability goes to Felix Wilhelm of Google | |
Project Zero. |