Skip to main content
  • Log in
  • Manage Cookies
projects.eclipse.org
Download
  • Projects
  • Working Groups
  • Members
  • Community
    • Marketplace
    • Events
    • Planet Eclipse
    • Newsletter
    • Videos
    • Blogs
  • Participate
    • Report a Bug
    • Forums
    • Mailing Lists
    • Wiki
    • IRC
    • Research
  • Eclipse IDE
    • Download
    • Learn More
    • Documentation
    • Getting Started / Support
    • How to Contribute
    • IDE and Tools
    • Newcomer Forum
  • More

      • Community

      • Marketplace
      • Events
      • Planet Eclipse
      • Newsletter
      • Videos
      • Blogs

      • Participate

      • Report a Bug
      • Forums
      • Mailing Lists
      • Wiki
      • IRC
      • Research

      • Eclipse IDE

      • Download
      • Learn More
      • Documentation
      • Getting Started / Support
      • How to Contribute
      • IDE and Tools
      • Newcomer Forum

    • Search

  1. Home
  2. Projects
  3. Eclipse Technology
  4. Eclipse EGit™: Git...
  5. 3.5.3

Eclipse EGit™: Git Integration for Eclipse 3.5.3

Primary tabs

  • Overview(active tab)
  • Release Plan
  • Review Information

This is a security-fix for CVE-2014-9390, which affects users on Windows and Mac OS X but not typical UNIX users.

 

* We used to allow committing a path ".Git/config" with JGit & EGit that is

   running on a case sensitive filesystem, but an attempt to check out

   such a path with Git that runs on a case insensitive filesystem

   would have clobbered ".git/config", which is definitely not what

   the user would have expected.  JGit now prevents you from tracking

   a path with ".Git" (in any case combination) as a path component.

 

 * On Windows, certain path components that are different from ".git"

   are mapped to ".git", e.g. "git~1/config" is treated as if it were

   ".git/config".  HFS+ has a similar issue, where certain unicode

   codepoints are ignored, e.g. ".g\u200cit/config" is treated as if

   it were ".git/config".  Pathnames with these potential issues are

   rejected on the affected systems.

 

A big "thanks!" for bringing this issue to us goes to our friends in

the Mercurial land, namely, Matt Mackall and Augie Fackler.

 

 

Release Date: 
Thursday, December 18, 2014
Release Type: 
Service release (bug fixes only)

Project Links

  • Getting Started
  • Website
Eclipse EGit™: Git Integration for Eclipse

Related Projects

Related Projects:

  • Eclipse Technology
    • Eclipse JGit™: Java implementation of Git

Project Hierarchy:

  • Eclipse Technology
  • Eclipse EGit™: Git Integration for Eclipse

Tags

Technology Types
  • OSGi
  • Tools
Build Technologies
  • Jenkins
  • Maven
  • Tycho

Eclipse Foundation

  • About Us
  • Contact Us
  • Sponsor
  • Members
  • Governance
  • Code of Conduct
  • Logo and Artwork
  • Board of Directors
  • Careers

Legal

  • Privacy Policy
  • Terms of Use
  • Copyright Agent
  • Eclipse Public License
  • Legal Resources

Useful Links

  • Report a Bug
  • Documentation
  • How to Contribute
  • Mailing Lists
  • Forums
  • Marketplace

Other

  • IDE and Tools
  • Projects
  • Working Groups
  • Research@Eclipse
  • Report a Vulnerability
  • Service Status

Copyright © Eclipse Foundation. All Rights Reserved.

Back to the top