v2.13.2
版本发布时间: 2021-01-14 02:47:39
git-lfs/git-lfs最新发布版本:v3.5.1(2024-03-08 05:03:09)
This release introduces a security fix for Windows systems, which has been assigned CVE-2021-21237.
On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program is executed, permitting the attacker to execute arbitrary code. This security problem does not affect Unix systems. This is the same issue as CVE-2020-27955, but the fix for that issue was incomplete and certain options can still cause the problem to occur.
This occurs because on Windows, Go includes (and prefers) the current directory when the name of a command run does not contain a directory separator. This has been solved by always using PATH to pre-resolve paths before handing them to Go.
We would like to extend a special thanks to the following open-source contributors:
- @Ry0taK for reporting this to us responsibly
Bugs
- Use subprocess for invoking all commands (@bk2204)
Packages
Up to date packages are available on PackageCloud and Homebrew.
RPM RHEL 7/CentOS 7 RPM RHEL 8/CentOS 8 Debian 9 Debian 10
SHA-256 hashes:
git-lfs-darwin-amd64-v2.13.2.zip c2ba5d42dfae821e8e013a6be7527a1a8e773af0f140f0b4c0a9c19e367a56cb
git-lfs-freebsd-386-v2.13.2.tar.gz 20a7dba8c1691be5d5a130935e7a8bbf9de5667b5b0925d68fd728d923fd2c16
git-lfs-freebsd-amd64-v2.13.2.tar.gz 2b871fed8e75dbd1ec24ee42d0c45eb2102dfdef1b64ed5bf32cd6bcd574b712
git-lfs-linux-386-v2.13.2.tar.gz 16548c11c02dbe9ca1ff817fd0b453e5bc97f43267c40d5beaf83ce997d0938f
git-lfs-linux-amd64-v2.13.2.tar.gz 7913f267c84518860551384313ece6f2e72cb5a18cf9987189a087108346267d
git-lfs-linux-arm-v2.13.2.tar.gz 0970357d9c21e5024e5a8712f4aaf64facf69c2d9aff1f0d058ad3d4ba0d829c
git-lfs-linux-arm64-v2.13.2.tar.gz e5b509fc18ed75974cd0ee3634e3f392d3ceed60023210c482cab4292e0560e7
git-lfs-linux-ppc64le-v2.13.2.tar.gz 92921cfa791da627f1b59a0685e7f726d608ff1076727b4132eb909e4c6a1517
git-lfs-linux-s390x-v2.13.2.tar.gz 04af15fe15611c695d27a9f04fb54cdeaeaa70f96ee16e7d375373d1a9c2594b
git-lfs-v2.13.2.tar.gz 782e6275df9ca370730945112e16a0b8c64b9819f0b61fae52ba1ebbc8dce2d5
git-lfs-windows-386-v2.13.2.zip 27d061f9fd6b14555c220758ae0b77d81ef20f64dde0179a515d55a75f5355a8
git-lfs-windows-amd64-v2.13.2.zip 0e13b411ca6c2b2cfb3d82b67ae747ca5d055734d0ab2030d0823fc37ad48902
git-lfs-windows-v2.13.2.exe f9da82f94ad447b307002222e0b7faab046c162b33a0962cce7f2bdac1e8a443
sha256sums.asc 673d4c73d273155668b5bc818286ac426718dadfb86fc8bd2a7f615da9312801
1、 git-lfs-darwin-amd64-v2.13.2.zip 4.41MB
2、 git-lfs-freebsd-386-v2.13.2.tar.gz 4.29MB
3、 git-lfs-freebsd-amd64-v2.13.2.tar.gz 4.52MB
4、 git-lfs-linux-386-v2.13.2.tar.gz 4.29MB
5、 git-lfs-linux-amd64-v2.13.2.tar.gz 4.52MB
6、 git-lfs-linux-arm-v2.13.2.tar.gz 4.2MB
7、 git-lfs-linux-arm64-v2.13.2.tar.gz 4.15MB
8、 git-lfs-linux-ppc64le-v2.13.2.tar.gz 4.11MB
9、 git-lfs-linux-s390x-v2.13.2.tar.gz 4.47MB
10、 git-lfs-v2.13.2.tar.gz 2.41MB
11、 git-lfs-windows-386-v2.13.2.zip 4.08MB
12、 git-lfs-windows-amd64-v2.13.2.zip 4.31MB
13、 git-lfs-windows-v2.13.2.exe 7.35MB
14、 sha256sums.asc 2.09KB