Be notified of new releases
Create your free GitHub account today to subscribe to this repository for new releases and build software alongside 28 million developers.Sign up
This is a security release fixing two issues. The first one performs extra sanitization for some edge cases in the Git Smart Protocol which can lead to attempting to parse outside of the buffer.
The second fix affects the certificate check callback. It provides a valid parameter to indicate whether the native cryptographic library considered the certificate to be correct. This parameter is always 1/true before this fix leading to a possible MITM.
This does not affect you if you do not use the custom certificate callback or if you do not take this value into account. This does affect you if you use pygit2 or git2go regardless of whether you specify a certificate check callback.
A list of commits since the last release follows
2ac57aa89 https: don't test that RC4 is invalid 3829ba2e7 http: correct the expected error for RC4 a5cf255b4 Bump version to 0.25.1 2fdef641f smart_pkt: treat empty packet lines as error 66e3774d2 smart_pkt: verify packet length exceeds PKT_LEN_SIZE 98d66240e http: perform 'badssl' check also via certificate callback 9a64e62f0 http: check certificate validity before clobbering the error variable