1f010d6bdf
We presently use the ".txt" extension for our AsciiDoc files. While not wrong, most editors do not associate this extension with AsciiDoc, meaning that contributors don't get automatic editor functionality that could be useful, such as syntax highlighting and prose linting. It is much more common to use the ".adoc" extension for AsciiDoc files, since this helps editors automatically detect files and also allows various forges to provide rich (HTML-like) rendering. Let's do that here, renaming all of the files and updating the includes where relevant. Adjust the various build scripts and makefiles to use the new extension as well. Note that this should not result in any user-visible changes to the documentation. Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
23 lines
828 B
Plaintext
23 lines
828 B
Plaintext
Git v2.17.5 Release Notes
|
|
=========================
|
|
|
|
This release is to address a security issue: CVE-2020-11008
|
|
|
|
Fixes since v2.17.4
|
|
-------------------
|
|
|
|
* With a crafted URL that contains a newline or empty host, or lacks
|
|
a scheme, the credential helper machinery can be fooled into
|
|
providing credential information that is not appropriate for the
|
|
protocol in use and host being contacted.
|
|
|
|
Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the
|
|
credentials are not for a host of the attacker's choosing; instead,
|
|
they are for some unspecified host (based on how the configured
|
|
credential helper handles an absent "host" parameter).
|
|
|
|
The attack has been made impossible by refusing to work with
|
|
under-specified credential patterns.
|
|
|
|
Credit for finding the vulnerability goes to Carlo Arenas.
|