Skip to main content

Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.

Jump to: navigation, search

JGit/New and Noteworthy/3.6

< JGit‎ | New and Noteworthy
Revision as of 09:44, 23 December 2014 by Matthias.sohn.sap.com (Talk | contribs) (Fix for CVE-2014-9390)

JGit

Features

  • Ignore rule parser was reimplemented to support ** wildcard patterns, negation rules and improve performance
  • Add "aggressive" option to GC
  • GarbageCollectCommand now supports DfsRepository
  • Support for Submodule configuration submodule.<name>.ignore
  • Support for new submodule repository layout (.git/modules of the super project contains the submodule repositories)
  • InitCommand support for option "--separate-git-dir" to store .git meta data directory in a separate directory
  • CloneCommand support to store .git meta data directory in a separate directory
  • Permission bits for "executable" attribute are now set according to the umask on Posix/Java7
  • BundleWriter now supports including HEAD in bundle
  • New config parameter core.trustfolderstat

JGit Command Line

  • Add option --bare to clone command
  • Add options --heads and --tags to ls-remote command

Performance Improvements

  • Reimplemented ignore rule parser to improve performance of ignore rule evaluation
  • Enhance SubmoduleWalk with a fast check whether a repo contains submodules

Build and Release Engineering

  • The java7 feature is now included in org.eclipse.jgit.feature
  • Maven site generation for jgit

Bug Fixes

11 Bugs and 0 enhancement requests were closed

Fix for CVE-2014-9390

The patches fixing CVE-2014-9390 released in JGit 3.4.2 and 3.5.3 are also included in 3.6.0.

As described in Securing your Git server native git has been enhanced by configuration parameters allowing to configure a git server to check all objects it receives against problematic pathes. A server running e.g. on Linux can be configured to check also for pathes problematic on HFS+ or NTFS. This is also possible for JGit based Git servers. JGit understands the boolean config parameters receive.fsckobjects, fsck.safeForWindows and fsck.safeForMacOS. They match native git's receive.fsckobjects, core.protectNTFS, core.protectHFS.

git-core JGit Description
receive.fsckobjects receive.fsckobjects enable checks when receiving objects
core.protectNTFS fsck.safeForWindows check pathes problematic on NTFS
core.protectHFS fsck.safeForMacOS check pathes problematic on HFS+


Enabling receive.fsckObjects makes JGit check the integrity of objects before a push is accepted, which is a pre-requisite for the other flags. The fsck.safeForMacOS and fsck.safeForWindows flags prevent the OS X and Windows vulnerabilities described above, respectively. Both default to true on their respective systems but will need to be enabled specifically on other platforms. Since clients could be using a different operating system to your server you should enable both on JGit based servers.

Contributors

The following 11 developers worked on this release of JGit:

Andrey Loskutov, Axel Richard, Christian Halstrick, Dani Megert, Marc Strapetz, Matthias Sohn, Michael Keppler, Robin Stocker, Shawn Pearce, Stefan Beller, Yuxuan 'fishy' Wang

Retrieved from "https://wiki.eclipse.org/index.php?title=JGit/New_and_Noteworthy/3.6&oldid=375736"

Back to the top