@@ -13,6 +13,15 @@ Backward compatibility warts
1313 top-level a partial clone, while submodules are fully cloned. This
1414 behaviour is changed to pass the same filter down to the submodules.
1515
16+ * With the fixes for CVE-2022-24765 that are common with versions of
17+ Git 2.30.4, 2.31.3, 2.32.2, 2.33.3, 2.34.3, and 2.35.3, Git has
18+ been taught not to recognise repositories owned by other users, in
19+ order to avoid getting affected by their config files and hooks.
20+ You can list the path to the safe/trusted repositories that may be
21+ owned by others on a multi-valued configuration variable
22+ `safe.directory` to override this behaviour, or use '*' to declare
23+ that you trust anything.
24+
1625
1726Note to those who build from the source
1827
@@ -46,10 +55,10 @@ UI, Workflows & Features
4655
4756 * "git branch" learned the "--recurse-submodules" option.
4857
49- * A not-so-common mistake is to write a script to feed "git bisect
50- run" without making it executable, in which case all tests will
51- exit with 126 or 127 error codes, even on revisions that are marked
52- as good. Try to recognize this situation and stop iteration early.
58+ * A user can forget to make a script file executable before giving
59+ it to "git bisect run". In such a case, all tests will exit with
60+ 126 or 127 error codes, even on revisions that are marked as good.
61+ Try to recognize this situation and stop iteration early.
5362
5463 * When "index-pack" dies due to incoming data exceeding the maximum
5564 allowed input size, include the value of the limit in the error
@@ -397,8 +406,6 @@ Fixes since v2.35
397406 entry it moved.
398407 (merge b7f9130a06 vd/mv-refresh-stat later to maint).
399408
400- * Fix for CVE-2022-24765 has been merged up from 2.35.2 and others.
401-
402409 * Other code cleanup, docfix, build fix, etc.
403410 (merge cfc5cf428b jc/find-header later to maint).
404411 (merge 40e7cfdd46 jh/p4-fix-use-of-process-error-exception later to maint).
0 commit comments