| Bug Fixes | ||
|---|---|---|
|
|
|
|
| JGit 3.6 New and Noteworthy | Contributors | |
11 Bugs and 0 enhancement requests were closed
The patches fixing CVE-2014-9390 released in JGit 3.4.2 and 3.5.3 are also included in 3.6.0.
As described in Securing your Git server native git has been enhanced by configuration parameters allowing to configure a git server to check all objects it receives against problematic pathes. A server running e.g. on Linux can be configured to check also for pathes problematic on HFS+ or NTFS. This is also possible for JGit based Git servers. JGit understands the boolean config parameters receive.fsckobjects, fsck.safeForWindows and fsck.safeForMacOS. They match native git's receive.fsckobjects, core.protectNTFS, core.protectHFS.
| git-core | JGit | Description |
|---|---|---|
| receive.fsckobjects | receive.fsckobjects | enable checks when receiving objects |
| core.protectNTFS | fsck.safeForWindows | check pathes problematic on NTFS |
| core.protectHFS | fsck.safeForMacOS | check pathes problematic on HFS+ |
Enabling receive.fsckObjects makes JGit check the integrity of objects before a push is accepted, which is a pre-requisite for the other flags. The fsck.safeForMacOS and fsck.safeForWindows flags prevent the OS X and Windows vulnerabilities described above, respectively. Both default to true on their respective systems but will need to be enabled specifically on other platforms. Since clients could be using a different operating system to your server you should enable both on JGit based servers.
|
|
|
|
| JGit 3.6 New and Noteworthy | Contributors |