Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [egit-dev] FYI 
On Thu, Mar 17, 2011 at 03:15, Alex Blewitt <alex.blewitt@xxxxxxxxx> wrote:
> http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_git_version

Yes. :-(

Fortunately JGit is immune to most of these. Because we don't
implement gitweb, and if we did, we don't implement it by running
shell commands from perl with tainted input from the user. :-)

And we don't support the external diff/merge stuff yet, and we don't
support the gitdir: file either.

*sigh*

-- 
Shawn.

Back to the top