On December 27, 2022 10:34 PM, Junio C Hamano wrote: ><rsbecker@xxxxxxxxxxxxx> writes: > >> As of 2.39.0, I am now getting fatal: transport 'file' not allowed >> when performing a submodule add after a clone -l. The simple reproduce >> of this >> is: >> ... >> This happens for any submodule add on the same system. Some online >> research indicates that there was a security patch to git causing >> this, but I can't find it. This does not seem correct to me or how this improves >security. >> Help please - this is causing some of my workflows to break. > >Thanks for reporting, Randall. > >This suspiciously sounds like what a1d4f67c (transport: make `protocol.file.allow` >be "user" by default, 2022-07-29) is doing deliberately. Taylor, does this look like a >corner case the 2.30.6 updates forgot to consider? Any updates on this? Neither protocol.file.allow=always nor protocol.allow=always gets past the error condition. Thanks, Randall
