1Git v2.5.4 Release Notes 2======================== 3 4Fixes since v2.5.4 5------------------ 6 7 * xdiff code we use to generate diffs is not prepared to handle 8 extremely large files. It uses "int" in many places, which can 9 overflow if we have a very large number of lines or even bytes in 10 our input files, for example. Cap the input size to soemwhere 11 around 1GB for now. 12 13 * Some protocols (like git-remote-ext) can execute arbitrary code 14 found in the URL. The URLs that submodules use may come from 15 arbitrary sources (e.g., .gitmodules files in a remote 16 repository), and can hurt those who blindly enable recursive 17 fetch. Restrict the allowed protocols to well known and safe 18 ones.