blob: b8a2f93ee707e5e25903253d7a007c8a3de8b807 [file] [log] [blame]
Git v2.5.4 Release Notes
========================
Fixes since v2.5.4
------------------
* xdiff code we use to generate diffs is not prepared to handle
extremely large files. It uses "int" in many places, which can
overflow if we have a very large number of lines or even bytes in
our input files, for example. Cap the input size to somewhere
around 1GB for now.
* Some protocols (like git-remote-ext) can execute arbitrary code
found in the URL. The URLs that submodules use may come from
arbitrary sources (e.g., .gitmodules files in a remote
repository), and can hurt those who blindly enable recursive
fetch. Restrict the allowed protocols to well known and safe
ones.