Skip to content

gitoxide

vgix-diff-v0.64.0 scope: gix-diff Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 9d Version Control
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

blazingly-fast built-with-rust cli git version-control

Summary

AI summary

Broad release touches Commit Details, Commit Statistics, https://www.conventionalcommits.org, and 575113d.

Changes in this release

Dependency Low

Raise MSRV for hash dependency updates.

Raise MSRV for hash dependency updates.

Source: llm_adapter@2026-05-26

Confidence: high
Bugfix Medium

Fix symlink prefix reuse and worktree escape vulnerability (GHSA-f89h-2fjh-2r9q).

Fix symlink prefix reuse and worktree escape vulnerability (GHSA-f89h-2fjh-2r9q).

Source: llm_adapter@2026-05-26

Confidence: low
Refactor Low

Update all crates to Rust 2024 edition.

Update all crates to Rust 2024 edition.

Source: llm_adapter@2026-05-26

Confidence: high
Refactor Low

Remove rust_2018_idioms lint declarations.

Remove rust_2018_idioms lint declarations.

Source: llm_adapter@2026-05-26

Confidence: high
Full changelog

Commit Statistics

  • 19 commits contributed to the release over the course of 28 calendar days.
  • 28 days passed between releases.
  • 0 commits were understood as conventional.
  • 0 issues like '(#ID)' were seen in commit messages

Commit Details

view details
  • Uncategorized
    • Merge pull request #2590 from GitoxideLabs/independent-testtools (575113d)
    • Adapt to changes in gix-testtools (ce9e6bd)
    • Merge pull request #2573 from cruessler/run-gix-traverse-tests-with-sha-256 (278d7ec)
    • sha1 and sha256 forwardings for all crates (09b982c)
    • Review (1cd36be)
    • Merge pull request #2575 from SarthakB11/fix/issue-2316 (4743361)
    • Document why each fixture archive is .gitignored (e3d5a04)
    • Merge pull request #2568 from GitoxideLabs/dependabot/cargo/cargo-56d6b174d8 (ab2fee1)
    • Update crates to Rust 2024 edition (2cb17b2)
    • Remove rust_2018_idioms lint declarations (e10d5f6)
    • Raise MSRV for hash dependency updates (3675a8d)
    • Merge pull request #2559 from GitoxideLabs/fix/symlink-prefix-reuse-worktree-escape-ghsa-f89h-2fjh-2r9q (3af9b4a)
    • Release gix-fs v0.21.1 (d3e4c17)
    • Merge pull request #2543 from cruessler/run-gix-worktree-stream-tests-with-sha-256 (23af41a)
    • Adapt to changes in gix_object::Data (4309fa4)
    • Adapt to changes in gix-testtoolsand rename hash_kind -> object_hash (d9648e8)
    • Merge pull request #2532 from cruessler/run-gix-diff-tests-with-sha-256 (7fbb9be)
    • Review (3660cef)
    • Merge pull request #2546 from GitoxideLabs/fix-2545 (adb8328)

Security Fixes

  • Fix symlink prefix reuse worktree escape (GHSA f89h‑2fjh‑2r9q)
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track gitoxide

Get notified when new releases ship.

Sign up free

About gitoxide

An idiomatic, lean, fast & safe pure Rust implementation of Git

All releases →

Related context

Earlier breaking changes

  • vgix-v0.84.0 Allow checkouts of empty repositories; `destination_must_be_empty` becomes `Option<bool>`
  • vgix-worktree-stream-v0.33.0 Changes API of `Stream::add_entry_from_path` to require `hash_kind` argument.
  • vgix-object-v0.61.0 Renames `Data::hash_kind` to `Data::object_hash` for consistency.

Beta — feedback welcome: [email protected]