Documentation/RelNotes/2.30.3.txt - git - Git at Google

 Git v2.30.2 Release Notes
 =========================

 This release addresses the security issue CVE-2022-24765.

 Fixes since v2.30.2
 -------------------

  * Build fix on Windows.

  * Fix `GIT_CEILING_DIRECTORIES` with Windows-style root directories.

  * CVE-2022-24765:
    On multi-user machines, Git users might find themselves
    unexpectedly in a Git worktree, e.g. when another user created a
    repository in `C:\.git`, in a mounted network drive or in a
    scratch space. Merely having a Git-aware prompt that runs `git
    status` (or `git diff`) and navigating to a directory which is
    supposedly not a Git worktree, or opening such a directory in an
    editor or IDE such as VS Code or Atom, will potentially run
    commands defined by that other user.

 Credit for finding this vulnerability goes to 俞晨东; The fix was
 authored by Johannes Schindelin.
	Git v2.30.2 Release Notes
	=========================

	This release addresses the security issue CVE-2022-24765.

	Fixes since v2.30.2
	-------------------

	* Build fix on Windows.

	* Fix `GIT_CEILING_DIRECTORIES` with Windows-style root directories.

	* CVE-2022-24765:
	On multi-user machines, Git users might find themselves
	unexpectedly in a Git worktree, e.g. when another user created a
	repository in `C:\.git`, in a mounted network drive or in a
	scratch space. Merely having a Git-aware prompt that runs `git
	status` (or `git diff`) and navigating to a directory which is
	supposedly not a Git worktree, or opening such a directory in an
	editor or IDE such as VS Code or Atom, will potentially run
	commands defined by that other user.

	Credit for finding this vulnerability goes to 俞晨东; The fix was
	authored by Johannes Schindelin.