|
1 | 1 | # Git LFS Changelog |
2 | 2 |
|
| 3 | +## 2.13.0 (10 Dec 2020) |
| 4 | + |
| 5 | +This release introduces several new features, such as the `--above` option to |
| 6 | +`git lfs migrate import` and support for `socks5h` proxies. In addition, many |
| 7 | +bugs have been fixed and several miscellaneous fixes have been included. |
| 8 | + |
| 9 | +Unless someone steps up to fix and maintain NTLM support, this will be the last |
| 10 | +Git LFS release to support NTLM. See #4247 for more details. Note that Git LFS |
| 11 | +supports Kerberos as well, which is far more secure and may be a viable |
| 12 | +replacement in many situations. |
| 13 | + |
| 14 | +We would like to extend a special thanks to the following open-source |
| 15 | +contributors: |
| 16 | + |
| 17 | +* @EliRibble for adding support for the `--above` option to `git lfs migrate import` |
| 18 | +* @andrewshadura for adding support for the `GIT_LFS_SKIP_PUSH` environment variable |
| 19 | +* @sinbad for fixing problems with retaining objects used by stashes |
| 20 | +* @tklauser for cleaning up our use of error constants in the code |
| 21 | + |
| 22 | +### Features |
| 23 | + |
| 24 | +* Add --above parameter to 'migrate import'. #4276 (@EliRibble) |
| 25 | +* Add GIT_LFS_SKIP_PUSH to allow skipping the pre-push hook #4202 (@andrewshadura) |
| 26 | +* lfshttp: add support for socks5h proxies #4259 (@bk2204) |
| 27 | +* Add manual pages to release assets #4230 (@bk2204) |
| 28 | +* Honor GIT_WORK_TREE #4269 (@bk2204) |
| 29 | + |
| 30 | +### Bugs |
| 31 | + |
| 32 | +* Make git lfs migrate import handle missing extensions #4318 (@bk2204) |
| 33 | +* fs: don't panic when using a too-short object ID to push #4307 (@bk2204) |
| 34 | +* Fix pattern matching for .gitattributes #4301 (@bk2204) |
| 35 | +* config: map missing port to default for HTTP key lookups #4282 (@bk2204) |
| 36 | +* tools: use IoctlFileClone from golang.org/x/sys/unix #4261 (@tklauser) |
| 37 | +* tools/util_darwin.go: Remove use of direct syscalls #4251 (@stanhu) |
| 38 | +* tools: always force a UTF-8 locale for cygpath #4231 (@bk2204) |
| 39 | +* prune: fix deleting objects referred to by stashes #4209 (@sinbad) |
| 40 | + |
| 41 | +### Misc |
| 42 | + |
| 43 | +* migrate import: warn about refs on case insensitive file systems #4332 (@larsxschneider) |
| 44 | +* Drop obsolete OS support #4328 (@bk2204) |
| 45 | +* tools: use ERROR_SHARING_VIOLATION const from golang.org/x/sys/windows #4291 (@tklauser) |
| 46 | +* pull: gracefully handle merge conflicts #4289 (@bk2204) |
| 47 | +* script/upload: avoid using Ruby's URI.escape #4266 (@bk2204) |
| 48 | +* add documentation of security bug report process #4244 (@chrisd8088) |
| 49 | + |
| 50 | +## 2.12.1 (4 Nov 2020) |
| 51 | + |
| 52 | +This release introduces a security fix for Windows systems, which has been |
| 53 | +assigned CVE-2020-27955. |
| 54 | + |
| 55 | +On Windows, if Git LFS operates on a malicious repository with a git.bat or |
| 56 | +git.exe file in the current directory, that program is executed, permitting the |
| 57 | +attacker to execute arbitrary code. This security problem does not affect Unix |
| 58 | +systems. |
| 59 | + |
| 60 | +This occurs because on Windows, Go includes (and prefers) the current directory |
| 61 | +when the name of a command run does not contain a directory separator. This has |
| 62 | +been solved by always using PATH to pre-resolve paths before handing them to Go. |
| 63 | + |
| 64 | +We would like to extend a special thanks to the following open-source |
| 65 | +contributors: |
| 66 | + |
| 67 | +* @dawidgolunski for reporting this to us responsibly |
| 68 | + |
| 69 | +### Bugs |
| 70 | + |
| 71 | +* subprocess: avoid using relative program names (@bk2204) |
| 72 | + |
3 | 73 | ## 2.12.0 (1 Sep 2020) |
4 | 74 |
|
5 | 75 | This release introduces several new features, such as support for the SHA-256 |
|
0 commit comments