Update to 2.36.0 (release notes)
Among the changes, this release includes changes to address CVE-2022-24765. Per the release announcement:
On multi-user machines, Git users might find themselves unexpectedly in a Git worktree, e.g. when another user created a repository in
C:\.git
, in a mounted network drive or in a scratch space. Merely having a Git-aware prompt that runsgit status
(orgit diff
) and navigating to a directory which is supposedly not a Git worktree, or opening such a directory in an editor or IDE such as VS Code or Atom, will potentially run commands defined by that other user.
A broad "escape hatch" is available in cases where all the repositories you may enter are considered safe, regardless of their ownership. Quoting another release announcement:
*
can be used as the value for thesafe.directory
variable to signal that the user considers that any directory is safe.
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2022-e99ae504f5
Please login to add feedback.
This update has been submitted for testing by tmz.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'passed'.
This update has been pushed to testing.
This update can be pushed to stable now if the maintainer wishes
I was glad to git this update on my machine and was able to git it working without issues. 👏
no issues
Works.
basic operations seem to work fine
no regressions noted
Basic stuff I use is working fine.
Works fine
Works
This update has been submitted for stable by tmz.
This update has been pushed to stable.