Releases: Bearsampp/module-git
Git 2.52.0
As announced in several recent release notes, git-for-windows/git#5405.
New Features
Comes with Git v2.52.0.
Comes with PCRE2 v10.47.
Comes with cURL v8.17.0.
The Git for Windows installer is git-for-windows/build-extra#655 with version 6.6.0 of InnoSetup, giving it a more modern look.
Bug Fixes
The command git help git-bash was broken by a change in upstream Git v2.49.0, which git-for-windows/MINGW-packages#171.
Git 2.51.2
In addition to fixes for an unfortunate regression introduced in Git 2.51.1 that caused "git diff --quiet -w" to be not so quiet when there are additions, deletions and conflicts, this maintenance release merges more fixes/improvements that have landed on the master front, primarily to make the CI part of the system a bit more robust.
-
Recently we attempted to improve "git diff -w --quiet" and friends to handle cases where patch output would be suppressed, but it introduced a bug that emits unnecessary output, which has been corrected.
-
The code to squelch output from "git diff -w --name-status" etc. for paths that "git diff -w -p" would have stayed silent leaked output from dry-run patch generation, which has been corrected.
-
Windows "real-time monitoring" interferes with the execution of tests and affects negatively in both correctness and performance, which has been disabled in Gitlab CI.
-
An earlier addition to "git diff --no-index A B" to limit the output with pathspec after the two directories misbehaved when these directories were given with a trailing slash, which has been corrected.
-
The "--short" option of "git status" that meant output for humans and "-z" option to show NUL delimited output format did not mix well, and colored some but not all things. The command has been updated to color all elements consistently in such a case.
-
Unicode width table update.
-
Recent OpenSSH creates the Unix domain socket to communicate with ssh-agent under $HOME instead of /tmp, which causes our test to fail doe to overly long pathname in our test environment, which has been worked around by using "ssh-agent -T".
Also contains various documentation updates, code cleanups and minor fixups.
Git 2.50.1
This release merges up the fixes that appear in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, and v2.49.1 to address the following CVEs: CVE-2025-27613, CVE-2025-27614, CVE-2025-46334, CVE-2025-46835, CVE-2025-48384, CVE-2025-48385, and CVE-2025-48386. See the release notes for v2.43.7 for details.
Bug Fixes
CVE-2025-27613, Gitk: When a user clones an untrusted repository and runs Gitk without additional command arguments, any writable file can be created and truncated. The option "Support per-file encoding" must have been enabled. The operation "Show origin of this line" is affected as well, regardless of the option being enabled or not.
CVE-2025-27614, Gitk: A Git repository can be crafted in such a way that a user who has cloned the repository can be tricked into running any script supplied by the attacker by invoking gitk filename, where filename has a particular structure.
CVE-2025-46334, Git GUI (Windows only): A malicious repository can ship versions of sh.exe or typical textconv filter programs such as astextplain. On Windows, path lookup can find such executables in the worktree. These programs are invoked when the user selects "Git Bash" or "Browse Files" from the menu.
CVE-2025-46835, Git GUI: When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite any writable file.
CVE-2025-48384, Git: When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout.
CVE-2025-48385, Git: When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows the server-side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection. This protocol injection can cause the client to write the fetched bundle to a location controlled by the adversary. The fetched content is fully controlled by the server, which can in the worst case lead to arbitrary code execution.
CVE-2025-48386, Git: The wincred credential helper uses a static buffer (target) as a unique key for storing and comparing against internal storage. This credential helper does not properly bounds check the available space remaining in the buffer before appending to it with wcsncat(), leading to potential buffer overflows.
Git 2.50.0.2
2025.7.2 🔄 synced local '.github/workflows' with remote '.dispatcher'
Git 2.49.0
2025.4.19 🔄 synced local '.github/workflows' with remote '.dispatcher'
Git 2.48.1
2025.2.22 🔄 synced local '.github/workflows' with remote '.dispatcher'
Git 2.48.0-rc2 & 2.47.1
Git for Windows v2.48.0-rc2.windows.1 Pre-release
Changes since Git for Windows v2.47.1 (November 25th 2024)
New Features
Comes with Git v2.48.0-rc2.
Comes with cURL v8.11.1.
Comes with MinTTY v3.7.7.
New Git for Windows installation git-for-windows/build-extra#586.
Bug Fixes
The installer now correctly blocks the installation on Windows 7 and Windows 8 as these versions of Windows are no longer supported since Git for Windows v2.47.0
When using the cache credential helper, it could error out with "fatal: unable to connect to cache daemon: Unknown error" under certain circumstances; This git-for-windows/git#5329.
Git 2.47.1
Changes since Git for Windows v2.47.0(2) (October 22nd 2024)
This release comes with the first early native git-for-windows/git#3107, ready for testing (the included Git Bash is actually not native, for technical reasons, but the git.exe is a native ARM64 executable). Please report any issues!
New Features
Comes with Git v2.47.1.
Comes with cURL v8.11.0.
Comes with Git LFS v3.6.0.
Bug Fixes
Due to a bug introduced in the v2.47 cycle, git-for-windows/git#5231, which was git-for-windows/build-extra#578.
A potential crash in Git Bash on Insider versions of Windows/ARM64 git-for-windows/msys2-runtime#76.
On Windows/ARM64, running the 64-bit version of Git for Windows could infrequently cause deadlocked threads (see e.g. msys2/msys2-autobuild#62 or this one), git-for-windows/msys2-runtime#73.
Git 2.47.0.2
Merge pull request #19 from Bearsampp/2.47.0 2.47.0