This is a security release. All users are encouraged to upgrade.
Security fixes
-
GHSA-gfhv-vqv2-4544 -- Validate submodule paths in
porcelain.submodule_update(and thusporcelain.clone(recurse_submodules=True)). A crafted upstream repository could carry a submodule whose path was.git/hooks(or any other path inside.gitor above the work tree), causing the submodule's tree contents to be written there with their executable bits intact. The dulwich analogue of git's CVE-2024-32002 / CVE-2024-32004. (Reported by tonghuaroot) -
CVE-2026-42305 -- Harden tree path validation against entry names that are harmless on POSIX but dangerous when checked out on Windows.
validate_path_element_ntfsnow also rejects Windows path separators, the alternate data stream marker:, NTFS 8.3 short-name aliases of.git, and reserved Windows device names.core.protectNTFSnow defaults to true on every platform, and bothcore.protectNTFSandcore.protectHFSare now read under their correct option names. (Reported by Christopher Toth) -
CVE-2026-42563 -- Shell-quote values substituted into
ProcessMergeDrivercommands. A malicious branch could inject shell commands when a merge driver referencing%Pwas configured. (Reported by Ravishanker Kusuma (hayageek)) -
CVE-2026-47712 -- Sanitize commit subjects used in
porcelain.format_patchfilenames so a malicious subject (e.g.x/../../x) cannot direct the generated patch outsideoutdir. (Reported by Christopher Toth) -
receive.maxInputSize -- Honour
receive.maxInputSizeinReceivePackHandler. Previously a remote unauthenticated client could send a tiny crafted pack that declared a hugedest_sizeand trigger hundreds of MB of allocation overgit-receive-pack. (Reported by Liyi, Ziyue, Strick, Maurice and Chenchen @ University of Sydney)