为什么 Heroku 告诉我我的 git (2.1.0) 版本存在严重的安全漏洞?
Why does Heroku tell me that my version of git (2.1.0) has serious security vulnerabilities?
Heroku 工具带 似乎是最新的:
-bash> heroku --version
Your version of git is 2.1.0. Which has serious security vulnerabilities.
More information here: https://blog.heroku.com/archives/2014/12/23/update_your_git_clients_on_windows_and_os_x
heroku-toolbelt/3.22.1 (x86_64-darwin10.8.0) ruby/1.9.3
根据 homebrew,git 是当前的:
-bash> brew outdated git
-bash> which git
/usr/local/bin/git
-bash> git --version
git version 2.1.0
我在撰写本文时意识到 the current source code release of Git is version 2.2.1 - but that is quite bleeding edge, and even the official Git website is shipping version 2.0.1 of Git for the Mac platform。
存在严重漏洞 announced (and fixed) recently,影响 Git 的 Windows 和 Mac 版本。
Atlassian 有一个 good writeup:
A critical vulnerability was identified in Git last week. This has been fixed in all maintained versions of Git (v1.8.5.6, v1.9.5, v2.0.5, v2.1.4, and v2.2.1) so upgrading is the best way to protect yourself. However a sensible second step is to secure your Git hosting server, so that pushes containing malicious trees are automatically rejected. This will prevent attackers from exploiting users who have yet to upgrade their local versions of Git.
同一篇文章继续解释如何保护自己。
最近在 Git 中发现(并随后修复)了一个影响不区分大小写的文件系统的漏洞;您可以在 this blogpost by Junio Hamano (Git's current maintainer), and in .
中找到更多详细信息
Heroku 实用程序检测到您运行正在使用存在问题漏洞的 Git (v2.1.0) 版本,您最好升级,以免成为恶意人士的牺牲品。
在撰写本文时,Git 的最新版本是 v2.2.1。由于您使用的是 Homebrew,因此可以通过 运行ning
升级到该版本
brew doctor # checks for potential problems
brew update # fetches the latest list of formulas
brew upgrade git # self-explanatory
(请注意,如果您有一段时间没有 运行 brew update,Homebrew 将不会检测到新版本可用。)
至于...
even the official Git website is shipping version 2.0.1 of Git for the Mac platform
请注意,Git installer for Mac OS X 始终比当前 Git 版本(可通过 Homebrew 获得)落后几个版本。这是使用包管理器而不是安装程序的另一个原因:立即获取最新版本的 Git(和其他软件)!
Heroku 工具带 似乎是最新的:
-bash> heroku --version
Your version of git is 2.1.0. Which has serious security vulnerabilities.
More information here: https://blog.heroku.com/archives/2014/12/23/update_your_git_clients_on_windows_and_os_x
heroku-toolbelt/3.22.1 (x86_64-darwin10.8.0) ruby/1.9.3
根据 homebrew,git 是当前的:
-bash> brew outdated git
-bash> which git
/usr/local/bin/git
-bash> git --version
git version 2.1.0
我在撰写本文时意识到 the current source code release of Git is version 2.2.1 - but that is quite bleeding edge, and even the official Git website is shipping version 2.0.1 of Git for the Mac platform。
存在严重漏洞 announced (and fixed) recently,影响 Git 的 Windows 和 Mac 版本。
Atlassian 有一个 good writeup:
A critical vulnerability was identified in Git last week. This has been fixed in all maintained versions of Git (v1.8.5.6, v1.9.5, v2.0.5, v2.1.4, and v2.2.1) so upgrading is the best way to protect yourself. However a sensible second step is to secure your Git hosting server, so that pushes containing malicious trees are automatically rejected. This will prevent attackers from exploiting users who have yet to upgrade their local versions of Git.
同一篇文章继续解释如何保护自己。
最近在 Git 中发现(并随后修复)了一个影响不区分大小写的文件系统的漏洞;您可以在 this blogpost by Junio Hamano (Git's current maintainer), and in
Heroku 实用程序检测到您运行正在使用存在问题漏洞的 Git (v2.1.0) 版本,您最好升级,以免成为恶意人士的牺牲品。
在撰写本文时,Git 的最新版本是 v2.2.1。由于您使用的是 Homebrew,因此可以通过 运行ning
升级到该版本brew doctor # checks for potential problems
brew update # fetches the latest list of formulas
brew upgrade git # self-explanatory
(请注意,如果您有一段时间没有 运行 brew update,Homebrew 将不会检测到新版本可用。)
至于...
even the official Git website is shipping version 2.0.1 of Git for the Mac platform
请注意,Git installer for Mac OS X 始终比当前 Git 版本(可通过 Homebrew 获得)落后几个版本。这是使用包管理器而不是安装程序的另一个原因:立即获取最新版本的 Git(和其他软件)!