Eclipse JGit: Java implementation of Git 5.13.5 | projects.eclipse.org

5.13.5

Description

Bug Fixes

jgit-48 AdvertisedRequestValidator: fix WantNotValidException caused by race in fetch protocol v2
Fix "Comparison of narrow type with wide type in loop condition"

Security fixes

The following changes fix CVE-2025-4949:

ManifestParser: Do not accept DOCTYPE and entities to harden XML parser
AmazonS3: Do not accept DOCTYPE and entities to harden XML parser

Kudos to Simon Gerst for reporting this vulnerability.

Build and release engineering

Fix packaging build
202: fix build to compile against JDK 8. This fixes the build of the broken 5.13.4 which was built using source level 8 but against JDK 17 which doesn't work for a Java 8 runtime.

Conforms To UI/UX Guidelines

Not verified