You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There are only two CVEs addressed by this version, the rest is new features (with the potential to introduce regressions, which is why I am hesitant to upgrade to that .0 version):
CVE-2023-47038 - Write past buffer end via illegal user-defined Unicode property
Already addressed in v5.38.1, Git for Windows uses v5.38.2
CVE-2023-47039 - Perl for Windows binary hijacking vulnerability
Git for Windows ships with the MSYS2 variant of Perl, which does not use cmd.exe (but bash.exe) as shell, and even then, MSYS2 side-steps Windows' default path lookup, therefore Git for Windows' variant of Perl is not susceptible to this vulnerability.
Let's wait for Perl 5.40.1, or for a month without any hot bug fix release, whichever comes first. (Leaving this open in case it's the latter.)
https://github.com/Perl/perl5/releases/tag/v5.40.0
The text was updated successfully, but these errors were encountered: