The latest maintenance release Git 1.7.3.4 is available at the usual places: http://www.kernel.org/pub/software/scm/git/ git-1.7.3.4.tar.{gz,bz2} (source tarball) git-htmldocs-1.7.3.4.tar.{gz,bz2} (preformatted docs) git-manpages-1.7.3.4.tar.{gz,bz2} (preformatted docs) The RPM binary packages for a few architectures are found in: RPMS/$arch/git-*-1.7.3.4-1.fc13.$arch.rpm (RPM) Among many fixes since v1.7.3.3, it contains a fix to a recently discovered XSS vulnerability in Gitweb (CVE 2010-3906). A backport to an earlier maintenance track 1.6.6.3 is available (replace 1.7.3.4 with 1.6.6.3 above). The Gitweb fix has also been backported to maintenance tracks of other earlier releases (1.7.2.5, 1.7.1.4, 1.7.0.9, 1.6.5.9, and 1.6.4.5) and are available from the main repository and shortly will be available from its mirrors: git://git.kernel.org/pub/scm/git/git.git/ git://repo.or.cz/alt-git.git/ git://git-core.git.sourceforge.net/gitroot/git-core/git-core/ git://github.com/git/git.git/ ---------------------------------------------------------------- Git v1.7.3.4 Release Notes ========================== Fixes since v1.7.3.3 -------------------- * Smart HTTP transport used to incorrectly retry redirected POST request with GET request. * "git apply" did not correctly handle patches that only change modes if told to apply while stripping leading paths with -p option. * "git apply" can deal with patches with timezone formatted with a colon between the hours and minutes part (e.g. "-08:00" instead of "-0800"). * "git checkout" removed an untracked file "foo" from the working tree when switching to a branch that contains a tracked path "foo/bar". Prevent this, just like the case where the conflicting path were "foo" (c752e7f..7980872d). * "git cherry-pick" or "git revert" refused to work when a path that would be modified by the operation was stat-dirty without a real difference in the contents of the file. * "git diff --check" reported an incorrect line number for added blank lines at the end of file. * "git imap-send" failed to build under NO_OPENSSL. * Setting log.decorate configuration variable to "0" or "1" to mean "false" or "true" did not work. * "git push" over dumb HTTP protocol did not work against WebDAV servers that did not terminate a collection name with a slash. * "git tag -v" did not work with GPG signatures in rfc1991 mode. * The post-receive-email sample hook was accidentally broken in 1.7.3.3 update. * "gitweb" can sometimes be tricked into parrotting a filename argument given in a request without properly quoting. Other minor fixes and documentation updates are also included. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html