v2.40.1.vfs.0.1

Major Updates

This release updates microsoft/git to fix a crash on exit in mi_thread_init() in v2.40.1.vfs.0.0 observed when a post-command hook was installed.

Pull Requests since v2.40.1.vfs.0.0

• #580: compat/mimalloc/init.c: use weak random seed when statically linked

v2.40.1.vfs.0.0 (Security Release)

Major Updates

This release includes the v2.40.1.windows.1 tag of Git for Windows to include the fixes for these security vulnerabilities: CVE-2023-25652, CVE-2023-29007, CVE-2023-25815, CVE-2023-29011, and CVE-2023-29012. See the GitHub blog for more details.

This version also includes an update to how prefetch pack-files are handled over the GVFS Protocol. The client is now more robust against an erroneous response from a cache server. This prevents invalid pack-files and pack-indexes from being stored in the shared object cache.

Pull Requests since v2.40.0.vfs.0.0

• #571: Harden gvfs-helper to validate the packfiles in a multipart prefetch response
• #568: Upgrade deprecated GitHub Actions in build-git-installers

v2.40.0.vfs.0.0

This release updates microsoft/git to match the upstream major release, v2.40.0.

There are no major updates specific to microsoft/git, only updates to CI and release mechanics.

Pull Requests since v2.39.0.vfs.0.0

• #566: Remove deprecated parts of Actions workflows
• #562: winget: auto-update license/copyright urls
• #560: Fix CI builds
• #559: Be nicer to the FreeBSD builds
• #558: docs: remove versions from Debian install instructions

v2.39.2.vfs.0.0 (Security Release)

This release includes the v2.39.2.windows.1 tag of Git for windows to include the fixes for these security vulnerabilities: CVE-2023-22490, CVE-2023-22743, CVE-2023-23618 and CVE-2023-23946. You can read more about these vulnerabilities on the GitHub blog.

v2.39.1.vfs.0.0 (Security Release)

This release includes the v2.39.1.windows.1 tag of Git for Windows to include the fixes for three security vulnerabilities: CVS-2022-23521, CVE-2022-41903, CVE-2022-41953. You can read more about these vulnerabilities on the GitHub blog.

v2.39.0.vfs.0.0

This release updates microsoft/git to match the upstream major release, v2.39.0.

v2.38.1.vfs.0.1 (scalar diagnose bugfix)

This pre-release fixes a bug in scalar diagnose that affects Scalar clones from Azure Repos. The bug was introduced in v2.38.0.vfs.0.0.

Pull Requests

• #543: Fix scalar diagnose failures

v2.38.1.vfs.0.0 (Security Release)

This release includes the v2.38.1.windows.1 bug fix release coordinated with Git v2.38.1, addressing CVE-2022-39260 and CVE-2022-39253.

v2.38.0.vfs.0.0

This release updates microsoft/git to match upstreams major release, v2.38.0.

Major Updates

• scalar clone now has a --no-src option to allow users to opt-out of the src directory.
• Scalar enlistments can use git worktree even when using the GVFS protocol.

Pull Requests

• #536: Allow --no-src during clones and git worktree after clones.

v2.37.3.vfs.0.0

This release updates microsoft/git to match upstream's maintenance release, v2.37.3.

Pull Requests

• #528: Fix links to the Scalar documentation.
• #529: Really fix links to the Scalar documentation.
• #526: release: add installer validation
• #531: release: access Azure Storage account with login credentials