gitoxide

vgix-fs-v0.21.1 scope: gix-fs Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 1mo Version Control

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

blazingly-fast built-with-rust cli git version-control

Affected surfaces

rce_ssrf

Summary

AI summary

Updates Commit Statistics, Commit Details, and https://www.conventionalcommits.org across a mixed release.

Full changelog

A security fix for https://github.com/GitoxideLabs/gitoxide/security/advisories/GHSA-f89h-2fjh-2r9q,
which could allow attackers to trick gix clone into writing outside of the repository.

Commit Statistics

3 commits contributed to the release over the course of 2 calendar days.
2 days passed between releases.
0 commits were understood as conventional.
0 issues like '(#ID)' were seen in commit messages

Commit Details

view details

Uncategorized
- Update changelog of gix-fs prior to release (e26d378)
- Revalidate cached stack leaves before directory reuse (93d0ff6)
- Merge pull request #2546 from GitoxideLabs/fix-2545 (adb8328)

Security Fixes

GHSA-f89h-2fjh-2r9q – Prevents `gix clone` from writing outside repository bounds.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track gitoxide

Get notified when new releases ship.

About gitoxide

An idiomatic, lean, fast & safe pure Rust implementation of Git

All releases →

Related context

Related tools

Earlier breaking changes

vgix-v0.84.0 Allow checkouts of empty repositories; `destination_must_be_empty` becomes `Option<bool>`
vgix-worktree-stream-v0.33.0 Changes API of `Stream::add_entry_from_path` to require `hash_kind` argument.
vgix-object-v0.61.0 Renames `Data::hash_kind` to `Data::object_hash` for consistency.