Releases: git-for-windows/git
Releases · git-for-windows/git
Git for Windows 2.39.2
Changes since Git for Windows v2.39.1 (January 17th 2023)
This is a security release, addressing CVE-2023-22490, CVE-2023-22743, CVE-2023-23618 and CVE-2023-23946.
New Features
- Comes with Git v2.39.2.
Bug Fixes
- Addresses CVE-2023-22743, a vulnerability rated "high" making the Git for Windows' installer susceptible to DLL side-loading attacks.
- Addresses CVE-2023-23618, a vulnerability rated "high" where
gitkwould inadvertently execute programs placed in the worktree. - Addresses CVE-2023-22490, a moderate vulnerability allowing for data exfiltration in local clones.
- Addresses CVE-2023-23946, a moderate vulnerability that would allow crafted patches to trick
git applyinto writing into files outside the current directory.
| Filename | SHA-256 |
|---|---|
| Git-2.39.2-64-bit.exe | d7608fbd854b3689102ff48b03c8cc77b35138f9f7350d134306da0ba5751464 |
| Git-2.39.2-32-bit.exe | addf55b0a57f38a7950b3ad37ce5c76752202e6818d9f8995b477496b71fb757 |
| PortableGit-2.39.2-64-bit.7z.exe | 20e3959d4e310a79b5cf4138797aa247d473d1f7b077a6c433cbfc4ddc5486f1 |
| PortableGit-2.39.2-32-bit.7z.exe | 84ea6be01df896f6d50192ba4cda85c38ab995154f7aa9d3849492a15f21b500 |
| MinGit-2.39.2-64-bit.zip | a53b90a42d9a5e3ac992f525b5805c4dbb8a013b09a32edfdcf9a551fd8cfe2d |
| MinGit-2.39.2-32-bit.zip | f2027f51f8b12e5bd3c94782edddcfe277e26a3fc7c014707a72b04714f3b90f |
| MinGit-2.39.2-busybox-64-bit.zip | ee36c33719ad2f4b23f00e40469045ac4d3ad30e4321fe6d2adbcf3176b747b2 |
| MinGit-2.39.2-busybox-32-bit.zip | c6c0b7fd055a968bb89bff1af6d8cad846f996664ef2aa1b5fdbab6b77c77679 |
| Git-2.39.2-64-bit.tar.bz2 | 14012aba35914970ace948a11b8749847f0e180d4e47eaa72dd091d56dbc7586 |
| Git-2.39.2-32-bit.tar.bz2 | fc0a304f933a7690e45187261ae9132d6586a62a79f540234ce836c000df3f56 |
MinGit v2.35.7.windows.1
v2.35.7.windows.1
This tag was signed with the committer’s verified signature.
dscho
Johannes Schindelin
MinGit for Windows v2.35.7 Changes since Git for Windows v2.35.6 (January 17 2023): Bug Fixes * CVE-2023-22490: Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GIT_DIR/objects directory contains symbolic links (c.f., CVE-2022-39253), the objects directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on known paths on the victim's filesystem within the malicious repository's working copy, allowing for data exfiltration in a similar manner as CVE-2022-39253. * CVE-2023-23946: By feeding a crafted input to "git apply", a path outside the working tree can be overwritten as the user who is running "git apply". * A mismatched type in `attr.c::read_attr_from_index()` which could cause Git to errantly reject attributes on Windows and 32-bit Linux has been corrected.
Git for Windows 2.39.1
Changes since Git for Windows v2.39.0(2) (December 21st 2022)
This is a security release, addressing CVE-2022-41903, CVE-2022-23521 and CVE-2022-41953.
New Features
- Comes with Git v2.39.1.
Bug Fixes
- Addresses CVE-2022-23521, a critical vulnerability in the
.gitattributesparsing that potentially allows malicious code to be executed while cloning. - Addresses CVE-2022-41953, a vulnerability that makes Git GUI's
Clonefunction susceptible to Remote Code Execution attacks. - Addresses CVE-2022-41903, a vulnerability that may allow heap overflows and code to be executed inadvertently during a
git archiveinvocation. - A regression introduced in Git for Windows v2.39.0(2) that prevented cloning from Bitbucket was fixed.
| Filename | SHA-256 |
|---|---|
| Git-2.39.1-64-bit.exe | 82d088233144054d14d8cc890870544f1ac6ac73aebade87c4d96c97b55d8508 |
| Git-2.39.1-32-bit.exe | b9ac2863b42eb60ee6cbb0663378bb119cb976a52985d4bbe92ad00b073ffed2 |
| PortableGit-2.39.1-64-bit.7z.exe | b898306a44084b5fa13b9a52e06408d97234389d07ae41d9409bdf58cad3d227 |
| PortableGit-2.39.1-32-bit.7z.exe | 2cb1a83f30f0c2948c97d3dc683c8b058c808f89b51bfb813de67253d17caa15 |
| MinGit-2.39.1-64-bit.zip | 000649846ec6e28e8f76d4a0d02f02b3dd1ba19914385f7dead1c5cde25b3bad |
| MinGit-2.39.1-32-bit.zip | e36dc71d97359f584d25efbdabb4122fb71514bcba5a99df1b82a83cee9472e3 |
| MinGit-2.39.1-busybox-64-bit.zip | c2b54edf2f5b3c7a7bb65640d49f8d7a953145b989125c8749e673d03e2a80f1 |
| MinGit-2.39.1-busybox-32-bit.zip | 4a28a9bd4e49d260ae3c35bf9a2cdb91f12d4a4cf081f21b3df278e76f401262 |
| Git-2.39.1-64-bit.tar.bz2 | 2a33c6fef5ed9d2794013fe965066b80c24b556168aca28c0252c1e11859f4ad |
| Git-2.39.1-32-bit.tar.bz2 | fdbbd5bcbe00f8981df11cdff87f74440b1a64f40898740559f68e4565555a44 |
MinGit v2.35.6.windows.1
v2.35.6.windows.1
This tag was signed with the committer’s verified signature.
dscho
Johannes Schindelin
MinGit for Windows v2.35.6 Changes since Git for Windows v2.35.5 (October 13 2022): Bug Fixes * CVE-2022-41903: git log has the ability to display commits using an arbitrary format with its --format specifiers. This functionality is also exposed to git archive via the export-subst gitattribute. When processing the padding operators (e.g., %<(, %<|(, %>(, %>>(, or %><( ), an integer overflow can occur in pretty.c::format_and_pad_commit() where a size_t is improperly stored as an int, and then added as an offset to a subsequent memcpy() call. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., git log --format=...). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in remote code execution. * CVE-2022-23521: gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge. These overflows can be triggered via a crafted `.gitattributes` file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index or both. This integer overflow can result in arbitrary heap reads and writes, which may result in remote code execution.
Git for Windows 2.39.0(2)
Changes since Git for Windows v2.39.0 (December 12th 2022)
New Features
- Comes with PCRE2 v10.42.
- Comes with Git Credential Manager v2.0.886.
- Comes with MinTTY v3.6.3.
- Comes with cURL v7.87.0.
Bug Fixes
- The installer is expected to stop GPG agents automatically, but there was a bug that prevented that from working, which has been fixed.
- A regression that caused
no_proxyto be ignored was fixed by upgrading libcurl. - The Git Credential Manager version shipped with Git for Windows v2.39.0 could not always find its UI helper which was fixed by upgrading to a fixed version.
- A bug in MinTTY caused it to throw a Critical Error when the printer spool service was not started, which was fixed by upgrading MinTTY.
| Filename | SHA-256 |
|---|---|
| Git-2.39.0.2-64-bit.exe | 8cf0ee3efaabe8a9b9b6b6889ae0ed369d9f1c85696ad637e715959921ed71c3 |
| Git-2.39.0.2-32-bit.exe | eb5a8bd17995117a3bcdb0b9fcec74141ae6b1a74fe960fd0c9192a2b1d9c903 |
| PortableGit-2.39.0.2-64-bit.7z.exe | 0a58c7b062a29bc44fb573c9afc5323011d01237dd94c74e6c833929cfe25436 |
| PortableGit-2.39.0.2-32-bit.7z.exe | 042de3e9f87e529ee53ed31385bc76b39a9794c32c18ea7c62e3e6445dd8484d |
| MinGit-2.39.0.2-64-bit.zip | 771e7bef1b672e3f63b18b8c4a62d626c8f47c41390a745f313758c0b6ae4d63 |
| MinGit-2.39.0.2-32-bit.zip | a5ac14121bb0fe879355f58db15aae41205046b7cd1832df40d1e784aa8e1c70 |
| MinGit-2.39.0.2-busybox-64-bit.zip | 4337be32536f6840da4ef67ef93996a3808b774c4f61e3a2a585f5d968d1b1d3 |
| MinGit-2.39.0.2-busybox-32-bit.zip | f68c4c5dce5cda8743d8a134174d1cbf0e0af725791bbc3c4062f3fdf93094b2 |
| Git-2.39.0.2-64-bit.tar.bz2 | 1e81e8b0026cfa71050f81abf10669733a7b66b44c68e5a9448ace15cf521030 |
| Git-2.39.0.2-32-bit.tar.bz2 | bf5e3281378e8ed23f6bff3f3e1ef7d84932050c2f590f75e4f19d419b7387ec |
Git for Windows 2.39.0
Changes since Git for Windows v2.38.1 (October 18th 2022)
New Features
- Comes with Git v2.39.0.
- Comes with OpenSSL v1.1.1s.
- Comes with cURL v7.86.0.
- The Portable Git edition (which comes as a self-extracting 7-Zip archive) now uses the latest 7-Zip version to self-extract.
- Comes with OpenSSH v9.1p1.
- It is now possible to generate and use SSH keys protected by security keys (AKA FIDO devices) via Windows Hello, e.g. via
ssh-keygen.exe -t ecdsa-sk. - Portable Git no longer configures
color.diff,color.statusandcolor.branchindividually, but configurescolor.uiinstead, which makes it easier to override the default. - Comes with GNU TLS v3.7.8.
- Comes with Git Credential Manager Core v2.0.877.
- Comes with MinTTY v3.6.2.
- Comes with Bash v5.2 patchlevel 12.
- Comes with Git LFS v3.3.0.
- Comes with PCRE2 v10.41.
Bug Fixes
- The Git executables (e.g.
git.exeitself) used to have incomplete version information recorded in their resources, which has been fixed. - A regression introduced in Git for Windows v2.38.0 that prevented
git.exefrom running in Windows Nano Server containers was fixed.
| Filename | SHA-256 |
|---|---|
| Git-2.39.0-64-bit.exe | 2eaba567e17784654be77ba997329742d87845c6f15e33c9620f9a331c69a976 |
| Git-2.39.0-32-bit.exe | 5b01ddb342a07e74e723fe93bc84c275a19236e853c406b4496478e64a7f8add |
| PortableGit-2.39.0-64-bit.7z.exe | 8ca31e8474048b48b813ebdf95f288d58f253717d071d11785cc23f37dc6a396 |
| PortableGit-2.39.0-32-bit.7z.exe | b8332fc12bcb1343d57c785d7ec140e2fd89f9d7f70309a00e79f9822c2cc855 |
| MinGit-2.39.0-64-bit.zip | ae6863d7b7641ecf73f61edadbc7d1ff8259d08eccb4b9f006bb443d90910c25 |
| MinGit-2.39.0-32-bit.zip | ad20467cf6a4c215b2c71f9bee192fb8ea1696fa3dda8e35e89544cdabdc1c7a |
| MinGit-2.39.0-busybox-64-bit.zip | a5d177bceeddfecc97c2340f0c8bc97d55ba113c4cd5b6b7d58e513dccb3d74f |
| MinGit-2.39.0-busybox-32-bit.zip | cb8371cbba56562f7af1d54281afb24bfa23395a57a0868398f644a79c2fea2a |
| Git-2.39.0-64-bit.tar.bz2 | ed78c21d89281d91fb1282043c3b618350e8ff721947ad01678356126b0447f3 |
| Git-2.39.0-32-bit.tar.bz2 | 09126077d63b3e3e19c90599f86c037eb57edddf255e75acc31720428d03d78b |
Git for Windows 2.39.0-rc2
Changes since Git for Windows v2.38.1 (October 18th 2022)
New Features
- Comes with Git v2.39.0-rc2.
- Comes with OpenSSL v1.1.1s.
- Comes with cURL v7.86.0.
- The Portable Git edition (which comes as a self-extracting 7-Zip archive) now uses the latest 7-Zip version to self-extract.
- Comes with OpenSSH v9.1p1.
- It is now possible to generate and use SSH keys protected by security keys (AKA FIDO devices) via Windows Hello, e.g. via
ssh-keygen.exe -t ecdsa-sk. - Portable Git no longer configures
color.diff,color.statusandcolor.branchindividually, but configurescolor.uiinstead, which makes it easier to override the default. - Comes with GNU TLS v3.7.8.
- Comes with Git Credential Manager Core v2.0.877.
- Comes with MinTTY v3.6.2.
- Comes with Bash v5.2 patchlevel 12.
- Comes with Git LFS v3.3.0.
Bug Fixes
- The Git executables (e.g.
git.exeitself) used to have incomplete version information recorded in their resources, which has been fixed. - A regression introduced in Git for Windows v2.38.0 that prevented
git.exefrom running in Windows Nano Server containers was fixed.
| Filename | SHA-256 |
|---|---|
| Git-2.39.0-rc2-64-bit.exe | 00845a71bc814d2ace4a83f25ee042e04e1e742813460ee64b99028c801aaac2 |
| Git-2.39.0-rc2-32-bit.exe | 214c9e69e1ca6b0a299b4028f0053a735f07cdc27504a187d720048de33f5715 |
| PortableGit-2.39.0-rc2-64-bit.7z.exe | 62557cbfb57e40da55dc96596d985dc409ee8f665fa265856982b92320773d27 |
| PortableGit-2.39.0-rc2-32-bit.7z.exe | ba968b714dab78d63ad0fa66c1ab38980d46a591c2752e987f47523c136de90a |
| MinGit-2.39.0-rc2-64-bit.zip | c05bd4694da21047083b0858a09453f6cf1c871933ec2c303bf352eb0b0391fb |
| MinGit-2.39.0-rc2-32-bit.zip | 6d55bf2e405f7005477af028d670ee5fe79e22d5e1b7ab282ef5c030b3c9625c |
| MinGit-2.39.0-rc2-busybox-64-bit.zip | c7617169686d04f6622a545019b000f318151a774e769e900595a1db21b4ba6d |
| MinGit-2.39.0-rc2-busybox-32-bit.zip | 9b1593b76b759f41631e43f775ac40ce902eba24247cadd02a0fdd1a265e063a |
| Git-2.39.0-rc2-64-bit.tar.bz2 | cf8d13e34810f6e90403098783c47c8c3213a3a6cbc35578d5e63f731b29e1a6 |
| Git-2.39.0-rc2-32-bit.tar.bz2 | 2e1e4100e80c62bcf7086140ea30e07f107328e2378545302620c27896f87be8 |
Git for Windows 2.39.0-rc1
Changes since Git for Windows v2.38.1 (October 18th 2022)
New Features
- Comes with Git v2.39.0-rc1.
- Comes with OpenSSL v1.1.1s.
- Comes with cURL v7.86.0.
- The Portable Git edition (which comes as a self-extracting 7-Zip archive) now uses the latest 7-Zip version to self-extract.
- Comes with OpenSSH v9.1p1.
- It is now possible to generate and use SSH keys protected by security keys (AKA FIDO devices) via Windows Hello, e.g. via
ssh-keygen.exe -t ecdsa-sk. - Portable Git no longer configures
color.diff,color.statusandcolor.branchindividually, but configurescolor.uiinstead, which makes it easier to override the default. - Comes with GNU TLS v3.7.8.
- Comes with Git Credential Manager Core v2.0.877.
- Comes with MinTTY v3.6.2.
- Comes with Bash v5.2 patchlevel 12.
Bug Fixes
- The Git executables (e.g.
git.exeitself) used to have incomplete version information recorded in their resources, which has been fixed. - A regression introduced in Git for Windows v2.38.0 that prevented
git.exefrom running in Windows Nano Server containers was fixed.
| Filename | SHA-256 |
|---|---|
| Git-2.39.0-rc1-64-bit.exe | ea2412da9d24706a9f600d34136536e281b1ec5d67ab04cb2edfeb16eb39fc33 |
| Git-2.39.0-rc1-32-bit.exe | aa4fc74ee343fb8e172a69ecb28b215cba84e93c70d1d25b15c70a24966bfb03 |
| PortableGit-2.39.0-rc1-64-bit.7z.exe | dd568bd0fab26f8660a89b125b91c0f681b2b7c235681973bbd886498a62070c |
| PortableGit-2.39.0-rc1-32-bit.7z.exe | 0c29213329d702efaeda39bccadbda7edf7eded113a68e2b0b4c7242ac6432ae |
| MinGit-2.39.0-rc1-64-bit.zip | d0bf3d86da0571cfc99b39d9b06c1d58136870e0dde0235db6b3f22685633072 |
| MinGit-2.39.0-rc1-32-bit.zip | 43f658e613de064c38619dcffa51d2fa4e55a4035f6b46054b8342613767a2de |
| MinGit-2.39.0-rc1-busybox-64-bit.zip | 5c4e74bc0f6d731e9fbc8693c4bfe25ea6b172d38adf70ff0c2d1015c7288f46 |
| MinGit-2.39.0-rc1-busybox-32-bit.zip | eaaf0444b95ab48f442e7a7375dfac0e97c1547afb348a627c70795ec5edb5e2 |
| Git-2.39.0-rc1-64-bit.tar.bz2 | 5db8ec7346080deceed5ee7f7e6c8025b4621954e0772873f1c8c528508979dc |
| Git-2.39.0-rc1-32-bit.tar.bz2 | db2b57ab50f4e4a5e225842f8ff31bc849ab0c5961fbdd177b3e92c45b6ba859 |
Git for Windows 2.39.0-rc0
Changes since Git for Windows v2.38.1 (October 18th 2022)
- Comes with OpenSSL v1.1.1q.
New Features
- Comes with Git v2.39.0-rc0.
- Comes with OpenSSL v1.1.1s.
- Comes with cURL v7.86.0.
- The Portable Git edition (which comes as a self-extracting 7-Zip archive) now uses the latest 7-Zip version to self-extract.
- Comes with OpenSSH v9.1p1.
- It is now possible to generate and use SSH keys protected by security keys (AKA FIDO devices) via Windows Hello, e.g. via
ssh-keygen.exe -t ecdsa-sk. - Comes with Bash v5.2 patchlevel 009 .
- Portable Git no longer configures
color.diff,color.statusandcolor.branchindividually, but configurescolor.uiinstead, which makes it easier to override the default. - Comes with GNU TLS v3.7.8.
- Comes with Git Credential Manager Core v2.0.877.
Bug Fixes
- The Git executables (e.g.
git.exeitself) used to have incomplete version information recorded in their resources, which has been fixed. - A regression introduced in Git for Windows v2.38.0 that prevented
git.exefrom running in Windows Nano Server containers was fixed.
| Filename | SHA-256 |
|---|---|
| Git-2.39.0-rc0-64-bit.exe | 74ba237e120c4528102001551f2b2c08a9643a6cad8d7a397b134e4dde5498ef |
| Git-2.39.0-rc0-32-bit.exe | 0c14e81e0746a151ca8937c3736160720b4cfecf9bc826f681de7f275978ab51 |
| PortableGit-2.39.0-rc0-64-bit.7z.exe | 02e73e5f584df658a709f373b0e0b8dc7ff72a754052bd76cd0af67fa23a9701 |
| PortableGit-2.39.0-rc0-32-bit.7z.exe | 2c6acc55ea0df14be2b1695445ec6ac9061eb6e5a0f50ee8d9a1054899e522c2 |
| MinGit-2.39.0-rc0-64-bit.zip | 638acc223365fc761655926b2cd86d9f4e2b6618a7ddee183a31c26dd3a63714 |
| MinGit-2.39.0-rc0-32-bit.zip | bc3c16ba093821ffb254a6c2eb44a9f84de163543f657e03ca1b797a826ab80c |
| MinGit-2.39.0-rc0-busybox-64-bit.zip | f898d769d717c85f380f65687b10734aa5cfb28b636805b7bf434b5c24dbc593 |
| MinGit-2.39.0-rc0-busybox-32-bit.zip | bd79b74dac8b69a8eba4c5324b5190dd85c71b74ffb8e2ca20358d94e244ec00 |
| Git-2.39.0-rc0-64-bit.tar.bz2 | 48f2855ec77fb608f3831b1aaab725ca599e42a8fb27c6aa6c872c4d3f2f9efd |
| Git-2.39.0-rc0-32-bit.tar.bz2 | 036afe5dda8cb98e70bbcbce92570dfe0bc6d6f82f2fb7e0129faf17b62eeb4f |
MinGit v2.35.5.windows.1
v2.35.5.windows.1