This is a security release fixing two issues. The first one performs extra sanitization for some edge cases in the Git Smart Protocol which can lead to attempting to parse outside of the buffer.
The second fix affects the certificate check callback. It provides a
valid parameter to indicate whether the native cryptographic library considered the certificate to be correct. This parameter is always
true before this fix leading to a possible MITM.
This does not affect you if you do not use the custom certificate callback or if you do not take this value into account. This does affect you if you use pygit2 or git2go regardless of whether you specify a certificate check callback.
A list of commits since the last release follows
45a2ee3f4 https: don't test that RC4 is invalid d3cb8f64c http: correct the expected error for RC4 2b9298bfe Bump version to 0.24.6 84d30d569 smart_pkt: treat empty packet lines as error 4ac39c76c smart_pkt: verify packet length exceeds PKT_LEN_SIZE ca5319566 http: perform 'badssl' check also via certificate callback b5c6a1b40 http: check certificate validity before clobbering the error variable