Documentation / RelNotes / 2.14.5.txton commit Merge branch 'nd/corrupt-worktrees' into maint (933f294)
   1Git v2.14.5 Release Notes
   2=========================
   3
   4This release is to address the recently reported CVE-2018-17456.
   5
   6Fixes since v2.14.4
   7-------------------
   8
   9 * Submodules' "URL"s come from the untrusted .gitmodules file, but
  10   we blindly gave it to "git clone" to clone submodules when "git
  11   clone --recurse-submodules" was used to clone a project that has
  12   such a submodule.  The code has been hardened to reject such
  13   malformed URLs (e.g. one that begins with a dash).
  14
  15Credit for finding and fixing this vulnerability goes to joernchen
  16and Jeff King, respectively.