Skip to content

Git for Windows 2.40.1
Compare
Choose a tag to compare
@git-for-windows-ci git-for-windows-ci released this 25 Apr 17:15
· 10908 commits to main since this release
v2.40.1.windows.1
ceee26d

Changes since Git for Windows v2.40.0 (March 14th 2023)

This is a security release, addressing CVE-2023-29012, CVE-2023-29011, CVE-2023-29007, CVE-2023-25815 and CVE-2023-25652.

As announced previously, Git for Windows will drop support for Windows 7 and for Windows 8 in one of the next versions, following Cygwin's and MSYS2's lead (Git for Windows relies on MSYS2 for components such as Bash and Perl).

Also following the footsteps of the MSYS2 and Cygwin projects on which Git for Windows depends, the 32-bit variant of Git for Windows is nearing its end of support.

New Features

Bug Fixes

  • Addresses CVE-2023-29012, a vulnerability where starting Git CMD would execute doskey.exe in the current directory, if it exists.
  • Addresses CVE-2023-29011, a vulnerability where the SOCKS5 proxy called connect.exe is susceptible to picking up an untrusted configuration on multi-user machines.
  • Addresses CVE-2023-29007, a vulnerability where git submodule deinit can inadvertently introduce malicious changes into the Git config file.
  • Addresses CVE-2023-25815, a vulnerability where Git can unexpectedly show crafted "localized" messages written by another user on a multi-user machine.
  • Addresses CVE-2023-25652, a vulnerability where git apply --reject could follow symbolic links to write files outside the worktree.
Filename SHA-256
Git-2.40.1-64-bit.exe d2f0fbf9d84622b2aa4aed401daf6dedb8ac89bb388af02078ba375496a873dc
Git-2.40.1-32-bit.exe 3ee2289a4f6e9917f702bd032a67874c11aa05bf2d28d967986e40d4f7f50636
PortableGit-2.40.1-64-bit.7z.exe 9e1d819aef3284420adf6d923b0d4865254bd403641d915975e49ddea1e7cdf9
PortableGit-2.40.1-32-bit.7z.exe e1360e94cb292862fb023018578a1029022a09278b160f7264c6dc444f65c9ca
MinGit-2.40.1-64-bit.zip 36498716572394918625476ca207df3d5f8b535a669e9aad7a99919d0179848c
MinGit-2.40.1-32-bit.zip 8bfc48e5211cc209768297e0b71c253b2d8393875d7b3daef8c54909634daa16
MinGit-2.40.1-busybox-64-bit.zip 8c829d6f3ae0d48e5939b7ddccbaea44b8ef2a38f9e28c3afa691e0451432b14
MinGit-2.40.1-busybox-32-bit.zip e31c73c0b7d3546fba54e9416bf4ce850ea7e528eb6c8b059fdd941ad78749c7
Git-2.40.1-64-bit.tar.bz2 249b3f31b14b802c26e64f082131fe3346af7de204a897438a0027b67fdcd0b7
Git-2.40.1-32-bit.tar.bz2 be7c1b51bc30187a28d77e5f71e5bbcd768b2d0021ba11ad26178f08920533fb
Assets 14