forked from git-for-windows/git
-
Notifications
You must be signed in to change notification settings - Fork 98
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge tag 'v2.47.1.windows.2' into vfs-2.47.2
Git for Windows v2.47.1(2) Changes since Git for Windows v2.47.1 (November 25th 2024): New Features * Comes with Git Credential Manager v2.6.1, addressing CVE-2024-50338. * Comes with Git LFS v3.6.1, addressing CVE-2024-53263. Bug Fixes * CVE-2024-50338: Git Credential Manager can be tricked to exfiltrate credentials for a trusted site to an untrusted site. Since the URLs needed for such an attack look suspicious, this usually requires a recursive clone or fetch. * CVE-2024-53263: In conjunction with CVE-2024-52006, Git LFS can be tricked to exfiltrate credentials for a trusted site to an untrusted site. * CVE-2024-50349: When prompting the user for a password in the terminal, Git does not neutralize control characters. * CVE-2024-52005: The sideband channel does not neutralize control characters. * CVE-2024-52006: Similar to CVE-2020-5260, affecting credential helpers that interpret Carriage Returns as newlines. Signed-off-by: Johannes Schindelin <[email protected]>
- Loading branch information
Showing
5 changed files
with
125 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
sideband.allowControlCharacters:: | ||
By default, control characters that are delivered via the sideband | ||
are masked, except ANSI color sequences. This prevents potentially | ||
unwanted ANSI escape sequences from being sent to the terminal. Use | ||
this config setting to override this behavior: | ||
+ | ||
-- | ||
color:: | ||
Allow ANSI color sequences, line feeds and horizontal tabs, | ||
but mask all other control characters. This is the default. | ||
false:: | ||
Mask all control characters other than line feeds and | ||
horizontal tabs. | ||
true:: | ||
Allow all control characters to be sent to the terminal. | ||
-- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters