From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Fri, 3 Aug 2018 21:08:16 +0200 Subject: [ANNOUNCE] CGIT v1.2.1 Released In-Reply-To: References: <153100f1c232fcdc@frisell.zx2c4.com> Message-ID: On Fri, Aug 3, 2018 at 5:12 PM Jason A. Donenfeld wrote: > * A fix for a critical directory traversal vulnerability, when > `enable-http-clone=1` is not turned off, discovered by Jann Horn. > This is pretty nasty and all users must update immediately. This has been assigned CVE-2018-14912.