Documentation/RelNotes/2.39.4.txt - jrn/git - Git at Google

 Git v2.39.4 Release Notes
 =========================

 This addresses the security issues CVE-2024-32002, CVE-2024-32004,
 CVE-2024-32020 and CVE-2024-32021.

 This release also backports fixes necessary to let the CI builds pass
 successfully.

 Fixes since v2.39.3
 -------------------

  * CVE-2024-32002:

    Recursive clones on case-insensitive filesystems that support symbolic
    links are susceptible to case confusion that can be exploited to
    execute just-cloned code during the clone operation.

  * CVE-2024-32004:

    Repositories can be configured to execute arbitrary code during local
    clones. To address this, the ownership checks introduced in v2.30.3
    are now extended to cover cloning local repositories.

  * CVE-2024-32020:

    Local clones may end up hardlinking files into the target repository's
    object database when source and target repository reside on the same
    disk. If the source repository is owned by a different user, then
    those hardlinked files may be rewritten at any point in time by the
    untrusted user.

  * CVE-2024-32021:

    When cloning a local source repository that contains symlinks via the
    filesystem, Git may create hardlinks to arbitrary user-readable files
    on the same filesystem as the target repository in the objects/
    directory.

  * CVE-2024-32465:

    It is supposed to be safe to clone untrusted repositories, even those
    unpacked from zip archives or tarballs originating from untrusted
    sources, but Git can be tricked to run arbitrary code as part of the
    clone.

  * Defense-in-depth: submodule: require the submodule path to contain
    directories only.

  * Defense-in-depth: clone: when symbolic links collide with directories, keep
    the latter.

  * Defense-in-depth: clone: prevent hooks from running during a clone.

  * Defense-in-depth: core.hooksPath: add some protection while cloning.

  * Defense-in-depth: fsck: warn about symlink pointing inside a gitdir.

  * Various fix-ups on HTTP tests.

  * Test update.

  * HTTP Header redaction code has been adjusted for a newer version of
    cURL library that shows its traces differently from earlier
    versions.

  * Fix was added to work around a regression in libcURL 8.7.0 (which has
    already been fixed in their tip of the tree).

  * Replace macos-12 used at GitHub CI with macos-13.

  * ci(linux-asan/linux-ubsan): let's save some time

  * Tests with LSan from time to time seem to emit harmless message that makes
    our tests unnecessarily flakey; we work it around by filtering the
    uninteresting output.

  * Update GitHub Actions jobs to avoid warnings against using deprecated
    version of Node.js.
	Git v2.39.4 Release Notes
	=========================

	This addresses the security issues CVE-2024-32002, CVE-2024-32004,
	CVE-2024-32020 and CVE-2024-32021.

	This release also backports fixes necessary to let the CI builds pass
	successfully.

	Fixes since v2.39.3
	-------------------

	* CVE-2024-32002:

	Recursive clones on case-insensitive filesystems that support symbolic
	links are susceptible to case confusion that can be exploited to
	execute just-cloned code during the clone operation.

	* CVE-2024-32004:

	Repositories can be configured to execute arbitrary code during local
	clones. To address this, the ownership checks introduced in v2.30.3
	are now extended to cover cloning local repositories.

	* CVE-2024-32020:

	Local clones may end up hardlinking files into the target repository's
	object database when source and target repository reside on the same
	disk. If the source repository is owned by a different user, then
	those hardlinked files may be rewritten at any point in time by the
	untrusted user.

	* CVE-2024-32021:

	When cloning a local source repository that contains symlinks via the
	filesystem, Git may create hardlinks to arbitrary user-readable files
	on the same filesystem as the target repository in the objects/
	directory.

	* CVE-2024-32465:

	It is supposed to be safe to clone untrusted repositories, even those
	unpacked from zip archives or tarballs originating from untrusted
	sources, but Git can be tricked to run arbitrary code as part of the
	clone.

	* Defense-in-depth: submodule: require the submodule path to contain
	directories only.

	* Defense-in-depth: clone: when symbolic links collide with directories, keep
	the latter.

	* Defense-in-depth: clone: prevent hooks from running during a clone.

	* Defense-in-depth: core.hooksPath: add some protection while cloning.

	* Defense-in-depth: fsck: warn about symlink pointing inside a gitdir.

	* Various fix-ups on HTTP tests.

	* Test update.

	* HTTP Header redaction code has been adjusted for a newer version of
	cURL library that shows its traces differently from earlier
	versions.

	* Fix was added to work around a regression in libcURL 8.7.0 (which has
	already been fixed in their tip of the tree).

	* Replace macos-12 used at GitHub CI with macos-13.

	* ci(linux-asan/linux-ubsan): let's save some time

	* Tests with LSan from time to time seem to emit harmless message that makes
	our tests unnecessarily flakey; we work it around by filtering the
	uninteresting output.

	* Update GitHub Actions jobs to avoid warnings against using deprecated
	version of Node.js.