github git-lfs/git-lfs v2.12.1
on GitHub

latest releases: v3.5.1, v3.5.0, v3.4.1...
3 years ago

This release introduces a security fix for Windows systems, which has been
assigned CVE-2020-27955.

On Windows, if Git LFS operates on a malicious repository with a git.bat or
git.exe file in the current directory, that program is executed, permitting the
attacker to execute arbitrary code. This security problem does not affect Unix
systems.

This occurs because on Windows, Go includes (and prefers) the current directory
when the name of a command run does not contain a directory separator. This has
been solved by always using PATH to pre-resolve paths before handing them to Go.

We would like to extend a special thanks to the following open-source
contributors:

Bugs

  • subprocess: avoid using relative program names (@bk2204)

Packages

Up to date packages are available on PackageCloud and Homebrew.

RPM RHEL 6/CentOS 6
RPM RHEL 7/CentOS 7
RPM RHEL 8/CentOS 8
Debian 8
Debian 9
Debian 10

SHA-256 hashes:

git-lfs-darwin-amd64-v2.12.1.zip
df9321896c7537969911227d900861c6ca840b2f1ac5fd5c7e5deeb2bf9c2cbd

git-lfs-freebsd-386-v2.12.1.tar.gz
777374374a7fef476145e80b06f4a6d36022b7d7544c6c248ab6c3ed95261991

git-lfs-freebsd-amd64-v2.12.1.tar.gz
b9149f4838ff65d96a47ce3adab119e6f8b91e6f75a320ab1ee3705f5711ba10

git-lfs-linux-386-v2.12.1.tar.gz
861f36921be0b206a0ad7b179ba6e595e8f32f9747541579bb3d7a54360798b5

git-lfs-linux-amd64-v2.12.1.tar.gz
f1ad07284dfdefaca96fbd047b804dd95731332c90ae79acc30a5ab575a42c5c

git-lfs-linux-arm-v2.12.1.tar.gz
6b47a3e7104534616fc2ac6fa0ec400b0ec7de2c29f3ca9208079d3931d81389

git-lfs-linux-arm64-v2.12.1.tar.gz
53d6851160f71fdd0c243fc3435e8eec92b116d7a9ea30fa923eb533cbbd6052

git-lfs-linux-ppc64le-v2.12.1.tar.gz
a738e35f102c1849d9e0565ac88aeb9d6797d7f9e9b8c5a082b9632a0ddf8169

git-lfs-linux-s390x-v2.12.1.tar.gz
3ca0262b1d3694445c9c7d668e225e191b25625ad1eadd6c6393ab19b65e33fd

git-lfs-v2.12.1.tar.gz
2b2e70f1233f7efe9a010771510391a07527ec7c0af721ecf8edabac5d60f62b

git-lfs-windows-386-v2.12.1.zip
246d6ad24ae6c89d88453dac50aa6ec991b0f09b21a72b56397c4ee3d795b2fc

git-lfs-windows-amd64-v2.12.1.zip
1243626c8b7d3607e1335c31cc00972e34904a568dcfb48e7c0f404877cceadc

git-lfs-windows-v2.12.1.exe
4a0118684f8e1445433a91a8ecd3176a201b5a90793f240fb9c61207fdb96e20

sha256sums.asc
24b9b046a8bb55a8e6daff2d7b8a465b87a8e3eca6453b616ef33a17b245fb0d

Check out latest releases or
releases around git-lfs/git-lfs v2.12.1

Don't miss a new git-lfs release

NewReleases is sending notifications on new releases.

Get notifications