HEX
Server: Apache/2
System: Linux nexus-01 4.18.0-553.120.1.el8_10.x86_64 #1 SMP Mon Apr 20 18:04:27 EDT 2026 x86_64
User: aglcoke (1118)
PHP: 8.2.31
Disabled: mail,exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
$ pwd: /proc/1/root/proc/thread-self/root/usr/share/doc/git/RelNotes/
Upload Files
File: //proc/1/root/proc/thread-self/root/usr/share/doc/git/RelNotes/2.14.5.txt
Git v2.14.5 Release Notes
=========================

This release is to address the recently reported CVE-2018-17456.

Fixes since v2.14.4
-------------------

 * Submodules' "URL"s come from the untrusted .gitmodules file, but
   we blindly gave it to "git clone" to clone submodules when "git
   clone --recurse-submodules" was used to clone a project that has
   such a submodule.  The code has been hardened to reject such
   malformed URLs (e.g. one that begins with a dash).

Credit for finding and fixing this vulnerability goes to joernchen
and Jeff King, respectively.
@ Telegram