Hi, Is there an official list of the Git versions that are still actively supported? According to hearsay from colleagues, the latest five release series receive security patches. I can’t find a source for that, but might that be correct? There’s also the Wikipedia page on Git [1], but it doesn’t point to a proper source either. According to Wikipedia, versions 2.4.x to 2.9.x are still supported. This surprised me, because the fix for CVE-2017-14867 [2] hasn’t been backported to versions earlier than 2.10 if I see that correctly. CVE-2017-14867 was fixed for Git series 2.10.x and newer on September 22, 2017, and publicly disclosed on September 29, 2017. However, the latest releases for the 2.7.x, 2.8.x, and 2.9.x series date back to July 30, 2017 (and 2.4.x hasn’t been touched since September 4, 2015). Best wishes, Patrick [1] https://en.wikipedia.org/wiki/Git#Releases [2] https://www.cvedetails.com/cve/CVE-2017-14867/
Attachment:
signature.asc
Description: OpenPGP digital signature
