Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update jgit to prevent a critical Git security vulnerability #48

Closed
szpak opened this issue Dec 18, 2014 · 1 comment
Closed

Update jgit to prevent a critical Git security vulnerability #48

szpak opened this issue Dec 18, 2014 · 1 comment
Labels
bug

Comments

@szpak
Copy link
Contributor

szpak commented Dec 18, 2014

https://github.com/blog/1938-git-client-vulnerability-announced

Version 3.5.3.201412180710-r should be not affected.
@ajoberstar ajoberstar added the bug label Dec 19, 2014
@ajoberstar
Copy link
Owner

Thanks for sending that in. Unfortunately, I've had trouble upgrading JGit for a while now which is the only reason I'm still on 3.3.x. There seems to be a behavior change that exhibits in the LogCommand, causing the order to be off in some cases.

Given most use cases of Grgit are with Gradle, I would expect that the "untrusted" hosts portion doesn't apply as much. I just commented on an issue that may be related to my LogCommand problems, so I'll see if anything comes of that.

ajoberstar added a commit that referenced this issue Jan 29, 2015
@ajoberstar
Upgrade JGit to fix #30 and #48.
3ea2320
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@szpak @ajoberstar