This is a security-fix for CVE-2014-9390, which affects users on Windows and Mac OS X but not typical UNIX users.
* We used to allow committing a path ".Git/config" with JGit & EGit that is
running on a case sensitive filesystem, but an attempt to check out
such a path with Git that runs on a case insensitive filesystem
would have clobbered ".git/config", which is definitely not what
the user would have expected. JGit now prevents you from tracking
a path with ".Git" (in any case combination) as a path component.
* On Windows, certain path components that are different from ".git"
are mapped to ".git", e.g. "git~1/config" is treated as if it were
".git/config". HFS+ has a similar issue, where certain unicode
codepoints are ignored, e.g. ".g\u200cit/config" is treated as if
it were ".git/config". Pathnames with these potential issues are
rejected on the affected systems.
A big "thanks!" for bringing this issue to us goes to our friends in
the Mercurial land, namely, Matt Mackall and Augie Fackler.