Bug Fixes
-
prevent very long path from using unbounded time in
realpath().
It's possible to inject such paths using urls which can then end up
being canonicalized, causing very long runtimes with excessively long
paths due tois_symlinkcalls which will be slow.Now the amount of components is limited to 4096/2, which should be
a worst-case path at the border of realistic.If this limitation becomes too arbitrary, one could consider making
this cut-off value configurable.
Commit Statistics
- 6 commits contributed to the release over the course of 4 calendar days.
- 20 days passed between releases.
- 1 commit was understood as conventional.
- 0 issues like '(#ID)' were seen in commit messages
Commit Details
view details
- Uncategorized
- Prepare changelogs prior to release (6a2e0be)
- Merge branch 'url-fuzz' (db86fba)
- Prevent very long path from using unbounded time in
realpath(). (8d4bf40) - Merge branch 'dirwalk' (5d176fc)
- Use
gix_fs::current_dir(precompose_unicode). (7d8d167) - Release gix-trace v0.1.7, gix-features v0.37.2, gix-commitgraph v0.23.2, gix-traverse v0.36.2, gix-index v0.28.2 (b6c04c8)