diff options
| author | Junio C Hamano <gitster@pobox.com> | 2017-09-26 14:15:55 +0900 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2017-09-26 14:15:55 +0900 |
| commit | 7451fcdc0d3cffdb9aa79d2651830b44a8e052d6 (patch) | |
| tree | 2bb05e00cf7a150c6aff0a7c17966d6450e0c4a1 /Documentation/RelNotes/2.13.6.txt | |
| parent | 28996cec80690d2322359d3650a57e8de6e01eb6 (diff) | |
| parent | 4010f1d1b782eb7585e0e0abcefa794bd5ff29a0 (diff) | |
| download | git-7451fcdc0d3cffdb9aa79d2651830b44a8e052d6.tar.xz | |
Sync with 2.14.2
* maint:
Git 2.14.2
Git 2.13.6
Git 2.12.5
Git 2.11.4
Git 2.10.5
cvsimport: shell-quote variable used in backticks
archimport: use safe_pipe_capture for user input
shell: drop git-cvsserver support by default
cvsserver: use safe_pipe_capture for `constant commands` as well
cvsserver: use safe_pipe_capture instead of backticks
cvsserver: move safe_pipe_capture() to the main package
Diffstat (limited to 'Documentation/RelNotes/2.13.6.txt')
| -rw-r--r-- | Documentation/RelNotes/2.13.6.txt | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/Documentation/RelNotes/2.13.6.txt b/Documentation/RelNotes/2.13.6.txt new file mode 100644 index 0000000000..afcae9c808 --- /dev/null +++ b/Documentation/RelNotes/2.13.6.txt @@ -0,0 +1,17 @@ +Git v2.13.6 Release Notes +========================= + +Fixes since v2.13.5 +------------------- + + * "git cvsserver" no longer is invoked by "git daemon" by default, + as it is old and largely unmaintained. + + * Various Perl scripts did not use safe_pipe_capture() instead of + backticks, leaving them susceptible to end-user input. They have + been corrected. + +Credits go to joernchen <joernchen@phenoelit.de> for finding the +unsafe constructs in "git cvsserver", and to Jeff King at GitHub for +finding and fixing instances of the same issue in other scripts. + |