Tags: REDACTED-user/git
Tags
Git for Windows v2.45.2
Changes since Git for Windows v2.45.1 (May 14th 2024)
Git for Windows for Windows v2.45 is the last version to support for
Windows 7 and for Windows 8, see MSYS2's corresponding deprecation
announcement (Git for Windows relies on MSYS2 for components such as
Bash and Perl).
Please also note that the 32-bit variant of Git for Windows is
deprecated; Its last official release is planned for 2025.
New Features
* Comes with Git v2.45.2.
* Comes with Tig v2.5.10.
* Comes with cURL v8.8.0.
Bug Fixes
* When Git for Windows v2.44.0 introduced the ability to use native
Win32 Console ANSI sequence processing, an inadvertent fallout was
that in this instance, non-ASCII characters were no longer printed
correctly unless the current code page was set to 65001. This bug
has been fixed.
Git for Windows v2.45.1
Changes since Git for Windows v2.45.0 (April 29th 2024):
Git for Windows for Windows v2.45 is the last version to support for
Windows 7 and for Windows 8, see MSYS2's corresponding deprecation
announcement (Git for Windows relies on MSYS2 for components such as
Bash and Perl).
Please also note that the 32-bit variant of Git for Windows is
deprecated; Its last official release is planned for 2025.
New Features
* Comes with Git v2.45.1.
Bug Fixes
* CVE-2024-32002: Recursive clones on case-insensitive filesystems
that support symbolic links are susceptible to case confusion that
can be exploited to execute just-cloned code during the clone
operation.
* CVE-2024-32004: Repositories can be configured to execute arbitrary
code during local clones. To address this, the ownership checks
introduced in v2.30.3 are now extended to cover cloning local
repositories.
* CVE-2024-32020: Local clones may end up hardlinking files into the
target repository's object database when source and target
repository reside on the same disk. If the source repository is
owned by a different user, then those hardlinked files may be
rewritten at any point in time by the untrusted user.
* CVE-2024-32021: When cloning a local source repository that
contains symlinks via the filesystem, Git may create hardlinks to
arbitrary user-readable files on the same filesystem as the target
repository in the objects/ directory.
* CVE-2024-32465: It is supposed to be safe to clone untrusted
repositories, even those unpacked from zip archives or tarballs
originating from untrusted sources, but Git can be tricked to run
arbitrary code as part of the clone.
* Defense-in-depth: submodule: require the submodule path to contain
directories only.
* Defense-in-depth: clone: when symbolic links collide with
directories, keep the latter.
* Defense-in-depth: clone: prevent hooks from running during a clone.
* Defense-in-depth: core.hooksPath: add some protection while
cloning.
* Defense-in-depth: fsck: warn about symlink pointing inside a
gitdir.
* Various fix-ups on HTTP tests.
* HTTP Header redaction code has been adjusted for a newer version of
cURL library that shows its traces differently from earlier
versions.
* Fix was added to work around a regression in libcURL 8.7.0 (which
has already been fixed in their tip of the tree).
* Replace macos-12 used at GitHub CI with macos-13.
* ci(linux-asan/linux-ubsan): let's save some time
* Tests with LSan from time to time seem to emit harmless message
that makes our tests unnecessarily flakey; we work it around by
filtering the uninteresting output.
* Update GitHub Actions jobs to avoid warnings against using
deprecated version of Node.js.
Git for Windows v2.45.0
Changes since Git for Windows v2.44.0 (February 23rd 2024)
Git for Windows for Windows v2.45 is the last version to support for
Windows 7 and for Windows 8, see MSYS2's corresponding deprecation
announcement (Git for Windows relies on MSYS2 for components such as
Bash and Perl).
Please also note that the 32-bit variant of Git for Windows is
deprecated; Its last official release is planned for 2025.
New Features
* Comes with Git v2.45.0.
* Comes with PCRE2 v10.43.
* Comes with GNU Privacy Guard v2.4.5.
* Comes with Git LFS v3.5.1.
* MinGit now supports running git difftool.
* Comes with OpenSSH v9.7.P1.
* Comes with GNU TLS v3.8.4.
* Comes with Tig v2.5.9.
* Comes with cURL v8.7.1.
* Comes with Git Credential Manager v2.5.0.
Bug Fixes
* Since v2.14.0(2), Git for Windows' installer registers the Open Git
Bash here and Open Git GUI here context menu items also in the
special Libraries folders, but the uninstaller never removed them
from those folders, which was fixed.
* A regression where git clone no longer worked in the presence of
includeIf.*.onbranch config settings has been fixed.
* Apparently some anti-malware programs fiddle with the mode of
stdout which can lead to problems because expected output is
missing, which was fixed.
Git for Windows v2.45.0-rc1
Changes since Git for Windows v2.44.0 (February 23rd 2024)
New Features
* Comes with Git v2.45.0-rc1.
* Comes with PCRE2 v10.43.
* Comes with GNU Privacy Guard v2.4.5.
* Comes with Git LFS v3.5.1.
* MinGit now supports running git difftool.
* Comes with OpenSSH v9.7.P1.
* Comes with GNU TLS v3.8.4.
* Comes with Tig v2.5.9.
* Comes with cURL v8.7.1.
* Comes with Git Credential Manager v2.5.0.
Bug Fixes
* Since v2.14.0(2), Git for Windows' installer registers the Open Git
Bash here and Open Git GUI here context menu items also in the
special Libraries folders, but the uninstaller never removed them
from those folders, which was fixed.
* A regression where git clone no longer worked in the presence of
includeIf.*.onbranch config settings has been fixed.
* Apparently some anti-malware programs fiddle with the mode of
stdout which can lead to problems because expected output is
missing, which was fixed.
Git for Windows v2.44.1
Changes since Git for Windows v2.44.0 (February 23rd 2024):
New Features
* Comes with Git v2.44.1.
Bug Fixes
* CVE-2024-32002: Recursive clones on case-insensitive filesystems
that support symbolic links are susceptible to case confusion that
can be exploited to execute just-cloned code during the clone
operation.
* CVE-2024-32004: Repositories can be configured to execute arbitrary
code during local clones. To address this, the ownership checks
introduced in v2.30.3 are now extended to cover cloning local
repositories.
* CVE-2024-32020: Local clones may end up hardlinking files into the
target repository's object database when source and target
repository reside on the same disk. If the source repository is
owned by a different user, then those hardlinked files may be
rewritten at any point in time by the untrusted user.
* CVE-2024-32021: When cloning a local source repository that
contains symlinks via the filesystem, Git may create hardlinks to
arbitrary user-readable files on the same filesystem as the target
repository in the objects/ directory.
* CVE-2024-32465: It is supposed to be safe to clone untrusted
repositories, even those unpacked from zip archives or tarballs
originating from untrusted sources, but Git can be tricked to run
arbitrary code as part of the clone.
* Defense-in-depth: submodule: require the submodule path to contain
directories only.
* Defense-in-depth: clone: when symbolic links collide with
directories, keep the latter.
* Defense-in-depth: clone: prevent hooks from running during a clone.
* Defense-in-depth: core.hooksPath: add some protection while
cloning.
* Defense-in-depth: fsck: warn about symlink pointing inside a
gitdir.
* Various fix-ups on HTTP tests.
* HTTP Header redaction code has been adjusted for a newer version of
cURL library that shows its traces differently from earlier
versions.
* Fix was added to work around a regression in libcURL 8.7.0 (which
has already been fixed in their tip of the tree).
* Replace macos-12 used at GitHub CI with macos-13.
* ci(linux-asan/linux-ubsan): let's save some time
* Tests with LSan from time to time seem to emit harmless message
that makes our tests unnecessarily flakey; we work it around by
filtering the uninteresting output.
* Update GitHub Actions jobs to avoid warnings against using
deprecated version of Node.js.
MinGit for Windows v2.43.4
Changes since Git for Windows v2.43.0 (November 20th 2023):
New Features
* Comes with Git v2.43.4.
Bug Fixes
* CVE-2024-32002: Recursive clones on case-insensitive filesystems
that support symbolic links are susceptible to case confusion that
can be exploited to execute just-cloned code during the clone
operation.
* CVE-2024-32004: Repositories can be configured to execute arbitrary
code during local clones. To address this, the ownership checks
introduced in v2.30.3 are now extended to cover cloning local
repositories.
* CVE-2024-32020: Local clones may end up hardlinking files into the
target repository's object database when source and target
repository reside on the same disk. If the source repository is
owned by a different user, then those hardlinked files may be
rewritten at any point in time by the untrusted user.
* CVE-2024-32021: When cloning a local source repository that
contains symlinks via the filesystem, Git may create hardlinks to
arbitrary user-readable files on the same filesystem as the target
repository in the objects/ directory.
* CVE-2024-32465: It is supposed to be safe to clone untrusted
repositories, even those unpacked from zip archives or tarballs
originating from untrusted sources, but Git can be tricked to run
arbitrary code as part of the clone.
* Defense-in-depth: submodule: require the submodule path to contain
directories only.
* Defense-in-depth: clone: when symbolic links collide with
directories, keep the latter.
* Defense-in-depth: clone: prevent hooks from running during a clone.
* Defense-in-depth: core.hooksPath: add some protection while
cloning.
* Defense-in-depth: fsck: warn about symlink pointing inside a
gitdir.
* Various fix-ups on HTTP tests.
* HTTP Header redaction code has been adjusted for a newer version of
cURL library that shows its traces differently from earlier
versions.
* Fix was added to work around a regression in libcURL 8.7.0 (which
has already been fixed in their tip of the tree).
* Replace macos-12 used at GitHub CI with macos-13.
* ci(linux-asan/linux-ubsan): let's save some time
* Tests with LSan from time to time seem to emit harmless message
that makes our tests unnecessarily flakey; we work it around by
filtering the uninteresting output.
* Update GitHub Actions jobs to avoid warnings against using
deprecated version of Node.js.
MinGit for Windows v2.39.4
Changes since MinGit for Windows v2.39.3 (April 18th 2023):
Bug Fixes
* CVE-2024-32002: Recursive clones on case-insensitive filesystems
that support symbolic links are susceptible to case confusion that
can be exploited to execute just-cloned code during the clone
operation.
* CVE-2024-32004: Repositories can be configured to execute arbitrary
code during local clones. To address this, the ownership checks
introduced in v2.30.3 are now extended to cover cloning local
repositories.
* CVE-2024-32020: Local clones may end up hardlinking files into the
target repository's object database when source and target
repository reside on the same disk. If the source repository is
owned by a different user, then those hardlinked files may be
rewritten at any point in time by the untrusted user.
* CVE-2024-32021: When cloning a local source repository that
contains symlinks via the filesystem, Git may create hardlinks to
arbitrary user-readable files on the same filesystem as the target
repository in the objects/ directory.
* CVE-2024-32465: It is supposed to be safe to clone untrusted
repositories, even those unpacked from zip archives or tarballs
originating from untrusted sources, but Git can be tricked to run
arbitrary code as part of the clone.
* Defense-in-depth: submodule: require the submodule path to contain
directories only.
* Defense-in-depth: clone: when symbolic links collide with
directories, keep the latter.
* Defense-in-depth: clone: prevent hooks from running during a clone.
* Defense-in-depth: core.hooksPath: add some protection while
cloning.
* Defense-in-depth: fsck: warn about symlink pointing inside a
gitdir.
* Various fix-ups on HTTP tests.
* HTTP Header redaction code has been adjusted for a newer version of
cURL library that shows its traces differently from earlier
versions.
* Fix was added to work around a regression in libcURL 8.7.0 (which
has already been fixed in their tip of the tree).
* Replace macos-12 used at GitHub CI with macos-13.
* ci(linux-asan/linux-ubsan): let's save some time
* Tests with LSan from time to time seem to emit harmless message
that makes our tests unnecessarily flakey; we work it around by
filtering the uninteresting output.
* Update GitHub Actions jobs to avoid warnings against using
deprecated version of Node.js.
Git for Windows v2.45.0-rc0
Changes since Git for Windows v2.44.0 (February 23rd 2024)
New Features
* Comes with Git v2.45.0-rc0.
* Comes with PCRE2 v10.43.
* Comes with GNU Privacy Guard v2.4.5.
* Comes with Git LFS v3.5.1.
* MinGit now supports running git difftool.
* Comes with OpenSSH v9.7.P1.
* Comes with GNU TLS v3.8.4.
* Comes with Tig v2.5.9.
* Comes with cURL v8.7.1.
* Comes with Git Credential Manager v2.5.0.
Bug Fixes
* Since v2.14.0(2), Git for Windows' installer registers the Open Git
Bash here and Open Git GUI here context menu items also in the
special Libraries folders, but the uninstaller never removed them
from those folders, which was fixed.
* A regression where git clone no longer worked in the presence of
includeIf.*.onbranch config settings has been fixed.
* Apparently some anti-malware programs fiddle with the mode of
stdout which can lead to problems because expected output is
missing, which was fixed.
Git for Windows v2.44.0
Changes since Git for Windows v2.43.0 (November 20th 2023)
Git for Windows for Windows v2.44 is the last version to support for
Windows 7 and for Windows 8, see MSYS2's corresponding deprecation
announcement (Git for Windows relies on MSYS2 for components such as
Bash and Perl).
Please also note that the 32-bit variant of Git for Windows is
deprecated; Its last official release is planned for 2025.
New Features
* Comes with Git v2.44.0.
* Comes with libfido2 v1.14.0.
* Comes with the MSYS2 runtime (Git for Windows flavor) based on
Cygwin v3.4.10.
* Comes with Perl v5.38.2.
* Git for Windows learned to detect and use native Windows support
for ANSI sequences, which allows using 24-bit colors in terminal
windows.
* Comes with Git LFS v3.4.1.
* The repository viewer Tig that is included in Git for Windows can
now be called also directly from PowerShell/CMD.
* Comes with OpenSSH v9.6.P1.
* Comes with Bash v5.2.26.
* Comes with GNU TLS v3.8.3.
* Comes with OpenSSL v3.2.1.
* Comes with cURL v8.6.0.
* Comes with GNU Privacy Guard v2.4.4.
Bug Fixes
* The 32-bit variant of Git for Windows was missing some MSYS2
runtime updates, which was addressed; Do note 32-bit support is
phased out.
* The Git for Windows installer showed cut-off text in some setups.
This has been fixed.
* The git credential-manager --help command previously would not find
a page to display in the web browser, which has been fixed.
* A couple of bugs that could cause Git Bash to hang in certain
scenarios were fixed.
Git for Windows v2.44.0-rc2
Changes since Git for Windows v2.43.0 (November 20th 2023)
Git for Windows for Windows v2.44 is the last version to support for
Windows 7 and for Windows 8, see MSYS2's corresponding deprecation
announcement (Git for Windows relies on MSYS2 for components such as
Bash and Perl).
Please also note that the 32-bit variant of Git for Windows is
deprecated; Its last official release is planned for 2025.
New Features
* Comes with Git v2.44.0-rc2.
* Comes with libfido2 v1.14.0.
* Comes with the MSYS2 runtime (Git for Windows flavor) based on
Cygwin v3.4.10.
* Comes with Perl v5.38.2.
* Git for Windows learned to detect and use native Windows support
for ANSI sequences, which allows using 24-bit colors in terminal
windows.
* Comes with Git LFS v3.4.1.
* The repository viewer Tig that is included in Git for Windows can
now be called also directly from PowerShell/CMD.
* Comes with OpenSSH v9.6.P1.
* Comes with Bash v5.2.26.
* Comes with GNU TLS v3.8.3.
* Comes with OpenSSL v3.2.1.
* Comes with cURL v8.6.0.
* Comes with GNU Privacy Guard v2.4.4.
Bug Fixes
* The 32-bit variant of Git for Windows was missing some MSYS2
runtime updates, which was addressed; Do note 32-bit support is
phased out.
* The Git for Windows installer showed cut-off text in some setups.
This has been fixed.
* The git credential-manager --help command previously would not find
a page to display in the web browser, which has been fixed.
* A couple of bugs that could cause Git Bash to hang in certain
scenarios were fixed.
PreviousNext