2.2.24 - released 2024-06-10
View the release on GitHub
Changelog
- Security: Fixed command injection via malicious git branch name (GHSA-47f6-5gq3-vx9c / CVE-2024-35241)
- Security: Fixed multiple command injections via malicious git/hg branch names (GHSA-v9qv-c7wm-wgmf / CVE-2024-35242)
- Security: Fixed secure-http checks that could be bypassed by using malformed URL formats (fa3b9582c)
- Security: Fixed Filesystem::isLocalPath including windows-specific checks on linux (3c37a67c)
- Security: Fixed perforce argument escaping (3773f775)
- Security: Fixed handling of zip bombs when extracting archives (de5f7e32)
- Security: Fixed Windows command parameter escaping to prevent abuse of unicode characters with best fit encoding conversion (3130a7455, 04a63b324)