Johannes Schindelin <Johannes.Schindelin@xxxxxx> writes: > The crucial part is the `sshd` part. Git for Windows does distribute the > `sshd.exe` binary, but it is in no way used by default, nor is there > support how to set it up to run an SSH server. > > Git for Windows is therefore not affected by this vulnerability, and > therefore it is not crucial to get a new version out as quickly as > possible. See also my assessment at > https://github.com/git-for-windows/git/issues/5031#issuecomment-2199722969 I think I've seen in the past another inquiry about vulnerability in OpenSSH, which turned out to be irrelevant in the context of Git for Windows for this exact reason (i.e. "sshd" is problematic but "ssh" is OK). Would it make future confusion like this less likely if you stopped shipping the sshd and ship only the ssh client? Thanks.
