gitoxide

vgix-v0.84.0 scope: gix Breaking

This release includes 1 breaking change for platform teams planning a safe upgrade.

Published 9d Version Control

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

blazingly-fast built-with-rust cli git version-control

Affected surfaces

rce_ssrf deps

ReleasePort's take

Moderate signal

editorial:auto 8d

gix‑v0.84.0 enables empty repository checkouts and adds SHA‑256 parsing while fixing a symlink escape vulnerability.

Why it matters: Severity 90 symlink‑prefix reuse flaw (GHSA‑f89h‑2fjh‑2r9q) could let attackers escape repositories; patch immediately.

Summary

AI summary

Broad release touches Commit Details, Commit Statistics, New Features, and Bug Fixes. Breaking: Turned destination_must_be_empty into an optional flag to allow checkouts of empty repositories

Changes in this release

Type	Severity	Summary	CVE
Security	Critical	Fix symlink‑prefix reuse vulnerability that could allow repository escape (GHSA-f89h-2fjh-2r9q) Fix symlink‑prefix reuse vulnerability that could allow repository escape (GHSA-f89h-2fjh-2r9q) Source: llm_adapter@2026-05-26 Confidence: high	—
Breaking	High	Allow checkouts of empty repositories; `destination_must_be_empty` becomes `Option<bool>` Allow checkouts of empty repositories; `destination_must_be_empty` becomes `Option<bool>` Source: llm_adapter@2026-05-26 Confidence: high	—
Feature	Medium	Add `SHA-256` support for object-format parsing Add `SHA-256` support for object-format parsing Source: llm_adapter@2026-05-26 Confidence: high	—
Bugfix	Medium	`Repository::is_dirty()` no longer fails on unborn repositories `Repository::is_dirty()` no longer fails on unborn repositories Source: llm_adapter@2026-05-26 Confidence: high	—
Bugfix	Medium	Follow submodule .gitdir files when opening and perform basic validation to avoid phantom HEAD changes Follow submodule .gitdir files when opening and perform basic validation to avoid phantom HEAD changes Source: llm_adapter@2026-05-26 Confidence: high	—

Full changelog

New Features (BREAKING)

Allow checkouts of empty repositories
Also make turn destination_must_be_empty into Option<bool>

New Features

Add SHA-256 support for object-format parsing.

Bug Fixes

Follow submodule gitdir files when opening and perform basic validation
Modern submodules store a .git file in the worktree whose gitdir: value points
at the repository to open. The previous resolver treated every non-directory
.git path like an uninitialized submodule and fell back to .git/modules/,
which can open the wrong repository after a submodule gitdir is relocated or
renamed. That shows up as phantom submodule HEAD changes in gix status.

Git baseline: Git setup.c::read_gitfile_gently() parses gitdir:
files and resolves relative targets against the .git file location;
submodule.c::submodule_to_gitdir() consults that gitfile before falling back to
the name-derived .git/modules path.

Update Submodule::git_dir_try_old_form() to validate the submodule name, then
follow worktree .git files when present while preserving the old-form directory
and uninitialized fallback behavior. Validate present gitdir file targets for
direct state/open/status queries so broken submodule checkouts are reported
if the gitlink doesn't point to a directory.
For status ignore=all, still parse valid gitdir files to keep state accurate,
but skip target validation and fall back without error if the gitdir file itself
is malformed or unreadable. Derive State::is_old_form directly from whether
the worktree .git path is a directory so a divergent modern gitlink is not
misclassified as old form.
Repository::is_dirty() won't fail on unborn repositories

Commit Statistics

37 commits contributed to the release over the course of 28 calendar days.
28 days passed between releases.
4 commits were understood as conventional.
2 unique issues were worked on: #, #2585

Commit Details

view details

#
- Repository::is_dirty() won't fail on unborn repositories (1f82a9f)
#2585
- Follow submodule gitdir files when opening and perform basic validation (82c483a)
Uncategorized
- Merge pull request #2595 from cruessler/add-hex-to-id-sha1-only (87433ed)
- Review (f962ed1)
- Add hex_to_id_sha1_only, use in SHA-1 only tests (d80c534)
- Merge pull request #2508 from j-walther/feat/allow-empty-dir (9013c3f)
- Review (8606b7a)
- Allow checkouts of empty repositories (e75fbfa)
- Merge pull request #2578 from cruessler/run-gix-tests-with-sha-256 (2d4a6f2)
- Review (31c2de3)
- Return SHA-1 when there's no corresponding SHA-256 (b8510b2)
- Feat! add object_hash to gix::create::Options (b123b4c)
- Merge pull request #2588 from GitoxideLabs/fix/gix-status-phantom-submodule-modifications-2585 (db925ec)
- Merge pull request #2589 from GitoxideLabs/fix-status-in-unborn-repo (ba7d9a4)
- Address auto-review (5a37fbd)
- Add another test to learn what is_dirty() does when there are modifications. (3406b1d)
- Merge pull request #2581 from GitoxideLabs/improvements (8af2691)
- Add SHA-256 support for object-format parsing. (011316e)
- Merge pull request #2583 from tisonkun/patch-1 (a791ea3)
- Improve comment in object/commit.rs (a8f7717)
- Merge pull request #2573 from cruessler/run-gix-traverse-tests-with-sha-256 (278d7ec)
- Address auto-review (0ec3bb7)
- Cleanup the justfile and automate feature tests (db7b97b)
- Cleanup sha1 feature in gix to just set what's needed. (16a6fc4)
- Merge pull request #2575 from SarthakB11/fix/issue-2316 (4743361)
- Review (1980190)
- Document why each fixture archive is .gitignored (e3d5a04)
- Merge pull request #2568 from GitoxideLabs/dependabot/cargo/cargo-56d6b174d8 (ab2fee1)
- Update crates to Rust 2024 edition (2cb17b2)
- Raise MSRV for hash dependency updates (3675a8d)
- Merge pull request #2559 from GitoxideLabs/fix/symlink-prefix-reuse-worktree-escape-ghsa-f89h-2fjh-2r9q (3af9b4a)
- Release gix-fs v0.21.1 (d3e4c17)
- Address auto-review (1d9bae2)
- Add clone reproducer for symlink prefix reuse checkout escape (c2ae6cd)
- Merge pull request #2543 from cruessler/run-gix-worktree-stream-tests-with-sha-256 (23af41a)
- Adapt to changes in gix_object::Data (4309fa4)
- Merge pull request #2546 from GitoxideLabs/fix-2545 (adb8328)

Breaking Changes

Turned `destination_must_be_empty` into an optional flag to allow checkouts of empty repositories.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track gitoxide

Get notified when new releases ship.

About gitoxide

An idiomatic, lean, fast & safe pure Rust implementation of Git

All releases →

Related context

Related tools

Earlier breaking changes

vgix-worktree-stream-v0.33.0 Changes API of `Stream::add_entry_from_path` to require `hash_kind` argument.
vgix-object-v0.61.0 Renames `Data::hash_kind` to `Data::object_hash` for consistency.