#9974: mercurial-4.4.1
-------------------------+------------------------------
Reporter: bdubbs@… | Owner: pierre.labastie
Type: enhancement | Status: assigned
Priority: normal | Milestone: 8.2
Component: BOOK | Version: SVN
Severity: normal | Resolution:
Keywords: |
-------------------------+------------------------------
Comment (by pierre.labastie):
Now 4.4.1
{{{
Mercurial 4.4.1 (2017-11-07)
1.1. Notable changes
Git and Subversion subrepos have been disabled by default to mitigate a
potential security risk if files overlapping with a subrepo managed to be
committed to a repository.
Subrepos are now more paranoid about symlink traversal.
The share extension handles drive letters on Windows better.
It is possible that a specially malformed repository can cause Git
subrepositories to run arbitrary code in the form of a
.git/hooks/post-update script checked in to the repository in Mercurial
4.4
and earlier. Typical use of Mercurial prevents construction of such
repositories,
but they can be created programmatically.
}}}
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/9974#comment:3>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
