gitoxide

vgix-tempfile-v23.0.1 scope: gix-tempfile Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 9d Version Control

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

blazingly-fast built-with-rust cli git version-control

ReleasePort's take

Light signal

editorial:auto 8d

The release bumps the Minimum Supported Rust Version (MSRV) for hash dependencies and fixes a symlink‑related worktree escape vulnerability (GHSA-f89h-2fjh-2r9q).

Why it matters: Rust projects must meet the raised MSRV to compile; the critical symlink fix prevents directory traversal attacks in Git worktrees.

Summary

AI summary

Updates Commit Details, Commit Statistics, and https://www.conventionalcommits.org across a mixed release.

Changes in this release

Type	Severity	Summary	CVE
Dependency	Low	Raise MSRV for hash dependency updates. Raise MSRV for hash dependency updates. Source: llm_adapter@2026-05-26 Confidence: high	—
Dependency	Low	Bump the cargo group across 1 directory with 10 updates. Bump the cargo group across 1 directory with 10 updates. Source: llm_adapter@2026-05-26 Confidence: high	—
Bugfix	Medium	Fix symlink prefix reuse and worktree escape issue (GHSA-f89h-2fjh-2r9q). Fix symlink prefix reuse and worktree escape issue (GHSA-f89h-2fjh-2r9q). Source: llm_adapter@2026-05-26 Confidence: high	—
Bugfix	Medium	Fix issue #2545. Fix issue #2545. Source: llm_adapter@2026-05-26 Confidence: high	—
Refactor	Low	Update crates to Rust 2024 edition. Update crates to Rust 2024 edition. Source: llm_adapter@2026-05-26 Confidence: high	—
Refactor	Low	Remove rust_2018_idioms lint declarations. Remove rust_2018_idioms lint declarations. Source: llm_adapter@2026-05-26 Confidence: high	—

Full changelog

Commit Statistics

8 commits contributed to the release over the course of 28 calendar days.
28 days passed between releases.
0 commits were understood as conventional.
0 issues like '(#ID)' were seen in commit messages

Commit Details

view details

Uncategorized
- Merge pull request #2568 from GitoxideLabs/dependabot/cargo/cargo-56d6b174d8 (ab2fee1)
- Update crates to Rust 2024 edition (2cb17b2)
- Remove rust_2018_idioms lint declarations (e10d5f6)
- Raise MSRV for hash dependency updates (3675a8d)
- Bump the cargo group across 1 directory with 10 updates (4c77f81)
- Merge pull request #2559 from GitoxideLabs/fix/symlink-prefix-reuse-worktree-escape-ghsa-f89h-2fjh-2r9q (3af9b4a)
- Release gix-fs v0.21.1 (d3e4c17)
- Merge pull request #2546 from GitoxideLabs/fix-2545 (adb8328)

Breaking Changes

Raise MSRV for hash dependency updates (minimum Rust edition now 2024)
Update crates to Rust 2024 edition

Security Fixes

Fix symlink prefix reuse worktree escape (GHSA‑F89H‑2FJH‑2R9Q)

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track gitoxide

Get notified when new releases ship.

About gitoxide

An idiomatic, lean, fast & safe pure Rust implementation of Git

All releases →

Related context

Related tools

Earlier breaking changes

vgix-v0.84.0 Allow checkouts of empty repositories; `destination_must_be_empty` becomes `Option<bool>`
vgix-worktree-stream-v0.33.0 Changes API of `Stream::add_entry_from_path` to require `hash_kind` argument.
vgix-object-v0.61.0 Renames `Data::hash_kind` to `Data::object_hash` for consistency.