From: "Ævar Arnfjörð Bjarmason" <avarab@gmail.com>
To: Junio C Hamano <gitster@pobox.com>
Cc: git@vger.kernel.org, git-packagers@googlegroups.com
Subject: Re: [ANNOUNCE] Git v2.29.0-rc0
Date: Wed, 07 Oct 2020 11:54:04 +0200 [thread overview]
Message-ID: <87k0w2gy4j.fsf@evledraar.gmail.com> (raw)
In-Reply-To: <xmqqa6x070tn.fsf@gitster.c.googlers.com>
On Tue, Oct 06 2020, Junio C Hamano wrote:
> An early preview release Git v2.29.0-rc0 is now available for
> testing at the usual places. It is comprised of 588 non-merge
> commits since v2.28.0, contributed by 76 people, 22 of which are
> new faces.
> [...]
> Ævar Arnfjörð Bjarmason (17):
> [...]
> remote-mediawiki: convert to quoted run_git() invocation
> remote-mediawiki: annotate unquoted uses of run_git()
> remote-mediawiki: use "sh" to eliminate unquoted commands
We didn't do a point release for this security fix, but I think we
should still credit it in the same way we've done for security point
releases, e.g. in the notes for v2.7.6 and v2.10.5.
It's still an RCE, and even if we considered it minor due to the
obscurity of the exposed component every little thing we can do to
encourage responsible security research & reporting helps.
next prev parent reply other threads:[~2020-10-07 9:54 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-05 22:41 [ANNOUNCE] Git v2.29.0-rc0 Junio C Hamano
2020-10-05 23:33 ` Bryan Turner
2020-10-05 23:42 ` Randall S. Becker
2020-10-06 3:57 ` Martin Ågren
2020-10-06 6:08 ` Junio C Hamano
2020-10-07 9:54 ` Ævar Arnfjörð Bjarmason [this message]
2020-10-07 15:39 ` Jeff King
2020-10-07 15:45 ` Jeff King
2020-10-07 17:38 ` Junio C Hamano
2020-10-07 18:17 ` [PATCH 0/3] jt/threaded-inex-pack leftovers Jeff King
2020-10-07 18:19 ` [PATCH 1/3] index-pack: restore "resolving deltas" progress meter Jeff King
2020-10-07 18:50 ` Junio C Hamano
2020-10-07 18:19 ` [PATCH 2/3] index-pack: drop type_cas mutex Jeff King
2020-10-07 20:09 ` Jonathan Tan
2020-10-07 18:19 ` [PATCH 3/3] index-pack: stop mentioning find_unresolved_deltas() Jeff King
2020-10-07 18:41 ` [ANNOUNCE] Git v2.29.0-rc0 Jonathan Tan
2020-10-07 18:48 ` Jeff King
2020-10-07 20:16 ` [PATCH] index-pack: make get_base_data() comment clearer Jonathan Tan
2020-10-07 20:46 ` Junio C Hamano
2020-10-07 22:28 ` [ANNOUNCE] Git v2.29.0-rc0 Philippe Blain
2020-10-09 19:51 ` Randall S. Becker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87k0w2gy4j.fsf@evledraar.gmail.com \
--to=avarab@gmail.com \
--cc=git-packagers@googlegroups.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).