[ANNOUNCE] CGIT v1.2.1 Released

Jason A. Donenfeld Jason at zx2c4.com
Fri Aug 3 21:08:16 CEST 2018

On Fri, Aug 3, 2018 at 5:12 PM Jason A. Donenfeld <Jason at zx2c4.com> wrote:
> * A fix for a critical directory traversal vulnerability, when
>   `enable-http-clone=1` is not turned off, discovered by Jann Horn.
>   This is pretty nasty and all users must update immediately.

This has been assigned CVE-2018-14912.

More information about the CGit mailing list