git-lambda-layer icon indicating copy to clipboard operation
git-lambda-layer copied to clipboard

Published 20 hours ago verified publisher icon lambci

Support for GIT v2.30.2 because of Security Vulnerability

Open michal-simon opened this issue 3 years ago • 3 comments

Hi, I've noticed there is a new security vulnerability in the last few versions of GIT and there is a patch already available in version v2.30.2.

More info from GitHub: https://github.blog/2021-03-09-git-clone-vulnerability-announced/

Would you mind building the latest patched version of GIT into a new layer version so everybody can upgrade as soon as possible?

Also, deprecating the vulnerable versions would be nice.

Thank you, we appreciate your work. :)

michal-simon avatar Mar 11 '21 09:03 michal-simon

Hey there – that vulnerability is for LFS functionality, which this layer doesn't support (though there is a PR open for it)

So I'll upgrade when I get the time, but you shouldn't need to worry about any existing versions being vulnerable to this.

mhart avatar Mar 11 '21 14:03 mhart

Thank you for the info @mhart. Take your time then :)

michal-simon avatar Mar 11 '21 14:03 michal-simon

@mhart Would you please give some guidance on how you might build a layer for a more recent version of Git? As time passes, more Git features are missing from the latest layer.

Cheers

RoxKilly avatar Sep 05 '23 02:09 RoxKilly