diff --git a/CMakeLists.txt b/CMakeLists.txt index 3dccec3109a..893361e741f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -13,7 +13,7 @@ CMAKE_MINIMUM_REQUIRED(VERSION 3.5.1) -project(libgit2 VERSION "1.3.0" LANGUAGES C) +project(libgit2 VERSION "1.3.1" LANGUAGES C) # Add find modules to the path set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${libgit2_SOURCE_DIR}/cmake/") diff --git a/docs/changelog.md b/docs/changelog.md index 8060874df0e..31c3bd0e7bc 100644 --- a/docs/changelog.md +++ b/docs/changelog.md @@ -1,3 +1,18 @@ +v1.3.1 +------ + +🔒 This is a security release to provide compatibility with git's changes to address [CVE 2022-24765](https://github.blog/2022-04-12-git-security-vulnerability-announced/). + +**libgit2 is not directly affected** by this vulnerability, because libgit2 does not directly invoke any executable. But we are providing these changes as a security release for any users that use libgit2 for repository discovery and then _also_ use git on that repository. In this release, we will now validate that the user opening the repository is the same user that owns the on-disk repository. This is to match git's behavior. + +In addition, we are providing several correctness fixes where invalid input can lead to a crash. These may prevent possible denial of service attacks. At this time there are not known exploits to these issues. + +Full list of changes: + +* Validate repository directory ownership (v1.3) by @ethomson in https://github.com/libgit2/libgit2/pull/6268 + +All users of the v1.3 release line are recommended to upgrade. + v1.3 ---- diff --git a/include/git2/version.h b/include/git2/version.h index 3503a62781a..738789dac2b 100644 --- a/include/git2/version.h +++ b/include/git2/version.h @@ -7,10 +7,10 @@ #ifndef INCLUDE_git_version_h__ #define INCLUDE_git_version_h__ -#define LIBGIT2_VERSION "1.3.0" +#define LIBGIT2_VERSION "1.3.1" #define LIBGIT2_VER_MAJOR 1 #define LIBGIT2_VER_MINOR 3 -#define LIBGIT2_VER_REVISION 0 +#define LIBGIT2_VER_REVISION 1 #define LIBGIT2_VER_PATCH 0 #define LIBGIT2_SOVERSION "1.3" diff --git a/package.json b/package.json index e2e672f9fe6..42f8a5c2ec9 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "libgit2", - "version": "1.3.0", + "version": "1.3.1", "repo": "https://github.com/libgit2/libgit2", "description": " A cross-platform, linkable library implementation of Git that you can use in your application.", "install": "mkdir build && cd build && cmake .. && cmake --build ."