Eclipse JGit: Java implementation of Git 6.10.1

Improvements

  • Support built-in diff drivers for hunk header function names
  • Add numberOfObjectsSinceBitmap to RepoStatistics
  • Add `numberOfPackFilesAfterBitmap` to RepoStatistics
  • ResolveMerger: Allow setting the TreeWalk AttributesNodeProvider
  • Add Union merge strategy support in .gitattributes files
  • RepoProject: read the 'dest-branch' attribute of a project
  • Make RepoProject#setUpstream public
  • RepoCommand: Add error to ManifestErrorException
  • RepoCommand: Copy manifest upstream into .gitmodules ref field
  • RepoProject: read the "upstream" attribute of a project

Performance improvements

  • Do not load bitmap indexes during directory scans
  • RevWalk: Add an isMergedIntoAnyCommit() method
  • Pack: separate an open/close accounting lock
  • WindowCache: share removal work among multiple threads
  • Optionally.Hard: avoid Optional creation on every use
  • WindowCache: add bulk purge(), call from bulk sites
  • Replace custom encoder Constants#encodeASCII by JDK implementation
  • Replace custom encoder `Constants#encode` by JDK implementation

Bug fixes

  • jgit-140 Fix calculation of pack files and objects since bitmap
  • Pack: fix threading bug getting idx
  • Fix potential NPE in TreeWalk#getFilterCommandDefinition
  • jgit-118 Advertise "agent" capability when using protocol v2
  • FileSnapshot: silence "Stale file handle" exceptions
  • FileSnapshot: silence "Not a Directory" exceptions
  • Fix potential NPE in ResolveMerger#getAttributesContentMergeStrategy
  • Fix NPE in DiffFormatter#getDiffDriver
  • Pack: ensure packfile is still valid while still recoverable
  • PackDirectory: Filter out tmp GC pack files
  • jgit-68 lign SHA request policies with CGit
  • DiffDriver: fix formatting of javadoc
  • Don't fail when trying to prune pack which is already gone
  • Pack.java: Recover more often in Pack.copyAsIs2()
  • jgit-48 AdvertisedRequestValidator: fix WantNotValidException caused by race in fetch protocol v2
  • jgit-87 AmazonS3: Ensure SAXParserFactory sets valid/expected input params
  • LockFile: Retry lock creation if parent dirs were removed
  • Fix "Comparison of narrow type with wide type in loop condition"

Security fixes

The following changes fix CVE-2025-4949:

  • ManifestParser: Do not accept DOCTYPE and entities to harden XML parser
  • AmazonS3: Do not accept DOCTYPE and entities to harden XML parser

Kudos to Simon Gerst for reporting this vulnerability.

Build and Release Engineering

  • Update target platform version in maven build to 4.32 (2024-06)
  • Update Apache sshd to 2.14.0
  • Update tycho to 4.0.8
  • Update org.eclipse.dash:license-tool-plugin to 1.1.0
     
Release Date
Release Type
Service release (bug fixes only)