Major Updates
- Includes Git for Windows 2.35.3(1).
- This includes the fixes from Git 2.35.2 that address CVE-2022-24765 and CVE-2022-24767.
- Includes additional fixes in Git 2.35.3 around the new
safe.directory
config. - Includes a fix for
git reset
in VFS for Git enlistments.
Note about safe.directory
The security issue in this release was about malicious actors on a multi-user machine. The fix involves checking to see that the parent directory of the repository is owned by the current user. Directories that have different owners will be rejected by Git.
If this protection interrupts one of your repositories, then you can add the path to the multi-valued safe.directory
config option in your global or system config. On Windows, network paths or WSL paths that start with //
will need to be written in the config using %(prefix)///wsl.localhost/path/to/repo
. Git will provide advice for this.
If you want to disable this security check (assuming all risk involved), then run git config --global --add safe.directory "*"
to automatically mark all repositories as safe.
Known Issues
The Windows installer runs scalar reconfigure --all
, but results in an error message: "Could not reconfigure Scalar enlistments (output: (no output), errors: (no output))." While confusing, this error message does not mean that anything is wrong with your Scalar enlistments. We will work to remove this problem in the next release.