On 2024-05-21 16:25:17, Harald Dunkel wrote:
It is possible to disable this feature globally using something like git config --system --add safe.directory /somepath/.git
PS: Its obvious that each peer running git can verify only local directories for dubious access bits. Working with shared remote repositories you have to consider setting the safe.directory option on the remote server. Since CVE-2024-32004 assumes an attacker running its own repository, I just wonder why he should use the most recent, fixed git version? Regards Harri
