Releases: git-for-windows/git
Releases · git-for-windows/git
MinGit v2.21.0.windows.7
v2.21.0.windows.7
This tag was signed with the committer’s verified signature.
dscho
Johannes Schindelin
MinGit for Windows v2.21.0(7) Changes since MinGit v2.21.0(6) (April 20th 2020) Bug Fixes * A regression that was introduced by the backports of the CVE-2020-11008 patches was fixed: config keys of the form `credential.<partial-URL>.<key>` caused Git to `die()`.
MinGit v2.14.4.windows.8
v2.14.4.windows.8
This tag was signed with the committer’s verified signature.
dscho
Johannes Schindelin
MinGit for Windows v2.14.4(8) Changes since MinGit v2.14.4(7) (April 20th 2020) Bug Fixes * A regression that was introduced by the backports of the CVE-2020-11008 patches was fixed: config keys of the form `credential.<partial-URL>.<key>` caused Git to `die()`.
Git for Windows 2.26.2
Changes since Git for Windows v2.26.1 (April 9th 2020)
Yet another security fix release: With a crafted URL that contains a newline or empty host, or lacks a scheme, the credential helper machinery can be fooled into providing credential information that is not appropriate for the protocol in use and host being contacted (CVE-2020-11008).
New Features
- Comes with Git v2.26.2.
- Comes with tig v2.5.1.
- Worktree updates (e.g.
git checkout,git reset --hard) got a performance boost in sparse checkouts.
Bug Fixes
- A recent regression in
gitkthat prevented it from running in bare repositories has been fixed.
| Filename | SHA-256 |
|---|---|
| Git-2.26.2-64-bit.exe | cdf76510979dace4d3f5368e2f55d4289c405e249399e7ed09049765489da6e8 |
| Git-2.26.2-32-bit.exe | a7e470e7267d7ceaa94f8c5b0beafc86abf3c7fea66673e961ea48668b8e0b6c |
| PortableGit-2.26.2-64-bit.7z.exe | dd36f76a815b993165e67ad3cbc8f5b2976e5757a0c808a4a92fb72d1000e1c8 |
| PortableGit-2.26.2-32-bit.7z.exe | e18f75db932ab314263c5f7fca7a9d638df3539629dbf5248a4089beb4e03685 |
| MinGit-2.26.2-64-bit.zip | 2dfbb1c46547c70179442a92b8593d592292b8bce2fd02ac4e0051a8072dde8f |
| MinGit-2.26.2-32-bit.zip | d4953a8144eec84d210de48128cda4de4dd359e4112ab3086dda971b85aefb8e |
| MinGit-2.26.2-busybox-64-bit.zip | e834ea73fe093fb180dc45f67a1f2a7a566dab53d1d45bc3cd150106f5c40520 |
| MinGit-2.26.2-busybox-32-bit.zip | 09856289d5dbd445e1e109fea8be85b3bac01ae31f79bef182568061ca880120 |
| Git-2.26.2-64-bit.tar.bz2 | 7fdc729a332981857a97092ee4b248c69ec9e1728f5b6c432afe79466adfd7da |
| Git-2.26.2-32-bit.tar.bz2 | b48020961ba580d6f9a484f79d5e7e33ad532474fbf3ff69ac9b2be41f69105e |
MinGit v2.25.0.windows.3
v2.25.0.windows.3
This tag was signed with the committer’s verified signature.
dscho
Johannes Schindelin
MinGit for Windows v2.25.0(3) Changes since MinGit v2.25.0(2) (April 14th 2020) This release is to address a security issue: CVE-2020-11008 Bug Fixes * With a crafted URL that contains a newline or empty host, or lacks a scheme, the credential helper machinery can be fooled into providing credential information that is not appropriate for the protocol in use and host being contacted. Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the credentials are not for a host of the attacker's choosing; instead, they are for some unspecified host (based on how the configured credential helper handles an absent "host" parameter). The attack has been made impossible by refusing to work with under-specified credential patterns. Credit for finding the vulnerability goes to Carlo Arenas.
MinGit v2.23.0.windows.4
v2.23.0.windows.4
This tag was signed with the committer’s verified signature.
dscho
Johannes Schindelin
MinGit for Windows v2.23.0(4) Changes since MinGit v2.23.0(3) (April 14th 2020) This release is to address a security issue: CVE-2020-11008 Bug Fixes * With a crafted URL that contains a newline or empty host, or lacks a scheme, the credential helper machinery can be fooled into providing credential information that is not appropriate for the protocol in use and host being contacted. Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the credentials are not for a host of the attacker's choosing; instead, they are for some unspecified host (based on how the configured credential helper handles an absent "host" parameter). The attack has been made impossible by refusing to work with under-specified credential patterns. Credit for finding the vulnerability goes to Carlo Arenas.
MinGit v2.21.0.windows.6
v2.21.0.windows.6
This tag was signed with the committer’s verified signature.
dscho
Johannes Schindelin
MinGit for Windows v2.21.0(6) Changes since MinGit v2.21.0(5) (April 14th 2020) This release is to address a security issue: CVE-2020-11008 Bug Fixes * With a crafted URL that contains a newline or empty host, or lacks a scheme, the credential helper machinery can be fooled into providing credential information that is not appropriate for the protocol in use and host being contacted. Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the credentials are not for a host of the attacker's choosing; instead, they are for some unspecified host (based on how the configured credential helper handles an absent "host" parameter). The attack has been made impossible by refusing to work with under-specified credential patterns. Credit for finding the vulnerability goes to Carlo Arenas.
MinGit v2.14.4.windows.7
v2.14.4.windows.7
This tag was signed with the committer’s verified signature.
dscho
Johannes Schindelin
MinGit for Windows v2.14.4(7) Changes since MinGit v2.14.4(6) (April 14th 2020) This release is to address a security issue: CVE-2020-11008 Bug Fixes * With a crafted URL that contains a newline or empty host, or lacks a scheme, the credential helper machinery can be fooled into providing credential information that is not appropriate for the protocol in use and host being contacted. Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the credentials are not for a host of the attacker's choosing; instead, they are for some unspecified host (based on how the configured credential helper handles an absent "host" parameter). The attack has been made impossible by refusing to work with under-specified credential patterns. Credit for finding the vulnerability goes to Carlo Arenas.
Git for Windows 2.26.1
Changes since Git for Windows v2.26.0 (March 23rd 2020)
New Features
- Comes with Git v2.26.1.
- Comes with OpenSSL v1.1.1f.
Bug Fixes
- Git now accepts more date formats such as
%gand%V.
| Filename | SHA-256 |
|---|---|
| Git-2.26.1-64-bit.exe | 2f4595973f188d24a585e70e1cd77749dda05f6429f38ba37e5c4ca6b52fdb30 |
| Git-2.26.1-32-bit.exe | d2994836b3648d4cd8605dffd90ecaebe4b71e9f05b19f742b0ba3cc208a10cb |
| PortableGit-2.26.1-64-bit.7z.exe | db66a766eb6e832c840ac6f966e95c4eb6a06fb71db7a63117662850efeee648 |
| PortableGit-2.26.1-32-bit.7z.exe | 862fa87cb4c00872055efbdbf3ed0d5e87838605bb0c3024bed3b32acf43cc0c |
| MinGit-2.26.1-64-bit.zip | ddc2d4a19fab641b144b5ea30845d9b8ef070ba418f2b5a959f47118e1961274 |
| MinGit-2.26.1-32-bit.zip | 127c71b53c1855e7290b1e803ed4d2ff9b80af8e3c13ea2f073523ac5413f8c5 |
| MinGit-2.26.1-busybox-64-bit.zip | a0b1cf280b4b3dd135bda5d65a03eb7a26426838b0f528255ac1ebf201474066 |
| MinGit-2.26.1-busybox-32-bit.zip | 212bfdaa5724f50e68fadf9a06d6c1e90bac8ca6138c3e28a7e3a0a945da691e |
| Git-2.26.1-64-bit.tar.bz2 | 066c2e88c32d942e32d78aa888559b76ec1785e642b498c6710900026dc05310 |
| Git-2.26.1-32-bit.tar.bz2 | 7c9bf2b200d1f65ae0d038c6801efa410760da880eb1f5e683ea8e1efd288c38 |
Git for Windows 2.26.0
Changes since Git for Windows v2.25.1 (February 19th 2020)
New Features
- Comes with Git v2.26.0.
- Git for Windows' OpenSSH now can use USB security tokens (e.g. Yubikeys).
- The native Windows HTTPS backend (Secure Channel) has learned to work gracefully with Fiddler and corporate proxies.
- Git for Windows' release notes have been made a bit easier to read/navigate.
- The Free/Libre VSCodium version of Visual Studio Code is now also detected as an option for the default Git editor.
- Comes with cURL v7.69.1.
- Comes with OpenSSL v1.1.1e.
- Comes with GNU Privacy Guard v2.2.20.
Bug Fixes
- Git for Windows can now clone into directories the current user can write to, even if they lack permission to even read the parent directory.
- When asking for a password via Git GUI, non-ASCII characters are now handled correctly.
git update-git-for-windows -ynow is fully automatable.
| Filename | SHA-256 |
|---|---|
| Git-2.26.0-64-bit.exe | c8cd522b8a1eacd421a10591227cc6279f31485876462cd9fc335914584429f5 |
| Git-2.26.0-32-bit.exe | 8d5e451dffb0be07c128dc21338a365aa2c81c09036a065735b42e627d38e683 |
| PortableGit-2.26.0-64-bit.7z.exe | f14aeccf0b63700c13a9c3829c4b9a6d3933d6cc5adfbc52b5aa62921725fb73 |
| PortableGit-2.26.0-32-bit.7z.exe | c3afa6bb711b36c5fd1e80cc7a2536b0df083511b87d9686fec713ed4f410ada |
| MinGit-2.26.0-64-bit.zip | e19662da49c2891cb2ac04e9f4f413d13c0c0974b6221169a5717eb62e2288f3 |
| MinGit-2.26.0-32-bit.zip | e57761114a74a045972903146922ebe42ba399cb9e306e51bdd63465e856f5c8 |
| MinGit-2.26.0-busybox-64-bit.zip | 24b18a2327cc27ad2e979a9543c41e6dd54cbca92ca6383d6cea6fd7d007cc7f |
| MinGit-2.26.0-busybox-32-bit.zip | b562dc79515f8527d6e55fcc9dabe87ad8770affd75bed443854a70b24a41900 |
| Git-2.26.0-64-bit.tar.bz2 | c9502dedae1f9ea5b16052296f2297c28e8bd82d43f6227042e7d2f79ce2551f |
| Git-2.26.0-32-bit.tar.bz2 | 5e8ec3dd5d8697e64c29f662b423a50298bc3b2e8b6083c3469a02402f7c1d2d |
MinGit v2.25.0.windows.2
v2.25.0.windows.2
This tag was signed with the committer’s verified signature.
dscho
Johannes Schindelin
MinGit for Windows v2.25.0(2)
Changes since MinGit v2.25.0 (January 13th 2020)
Bug Fixes
* With a crafted URL that contains a newline in it, the credential
helper machinery can be fooled to give credential information for
a wrong host. The attack has been made impossible by forbidding
a newline character in any value passed via the credential
protocol.