| Git v2.17.4 Release Notes | |
| ========================= | |
| This release is to address the security issue: CVE-2020-5260 | |
| Fixes since v2.17.3 | |
| ------------------- | |
| * With a crafted URL that contains a newline in it, the credential | |
| helper machinery can be fooled to give credential information for | |
| a wrong host. The attack has been made impossible by forbidding | |
| a newline character in any value passed via the credential | |
| protocol. | |
| Credit for finding the vulnerability goes to Felix Wilhelm of Google | |
| Project Zero. |