Changes since Git for Windows v2.45.2 (June 3rd 2024)

Git for Windows for Windows v2.46 is the last version to support for Windows 7 and for Windows 8, see MSYS2's corresponding deprecation announcement (Git for Windows relies on MSYS2 for components such as Bash and Perl).

Please also note that the 32-bit variant of Git for Windows is deprecated; Its last official release is planned for 2025.

New Features

• Comes with Git v2.46.0-rc1.
• Comes with OpenSSL v3.2.2.
• Comes with PCRE2 v10.44.
• Comes with OpenSSH v9.8.P1.
• Comes with Git Credential Manager v2.5.1.
• Comes with MinTTY v3.7.4.
• git config respects two user-wide configs: .gitconfig in the home directory, and .config/git/config. Since the latter isn't a Windows-native directory, Git for Windows now looks for Git/config in the AppData directory, unless .config/git/config exists.
• The FSMonitor feature is no longer experimental, and therefore no longer offered as installer option. Users are encouraged to enable this on a per-repository basis, via the config setting core.fsmonitor=true (scalar clone does this automatically).
• The server-side component of OpenSSH, which had been shipped with Git for Windows for historical reasons only, is now no longer distributed with it.

Bug Fixes

• Git Bash's ls command can now be used in OneDrive-managed folders without having to hydrate all the files.
• Git LFS v3.5.x and newer no longer support Windows 7. Instead of a helpful error message, it now simply crashes on that Windows version, leaving the user with the error message "panic before malloc heap initialized". This has been addressed: In addition to the unhelpful error message, Git is now saying what is going on and how to get out of the situation.
• As of v2.45.0, the manual pages of git clone and git init were broken, which has been fixed.

Changes since Git for Windows v2.45.2 (June 3rd 2024)

Git for Windows for Windows v2.46 is the last version to support for Windows 7 and for Windows 8, see MSYS2's corresponding deprecation announcement (Git for Windows relies on MSYS2 for components such as Bash and Perl).

Please also note that the 32-bit variant of Git for Windows is deprecated; Its last official release is planned for 2025.

New Features

• Comes with Git v2.46.0-rc0.
• Comes with OpenSSL v3.2.2.
• Comes with PCRE2 v10.44.
• Comes with OpenSSH v9.8.P1.
• Comes with Git Credential Manager v2.5.1.
• Comes with MinTTY v3.7.4.
• git config respects two user-wide configs: .gitconfig in the home directory, and .config/git/config. Since the latter isn't a Windows-native directory, Git for Windows now looks for Git/config in the AppData directory, unless .config/git/config exists.

Bug Fixes

• Git Bash's ls command can now be used in OneDrive-managed folders without having to hydrate all the files.
• Git LFS v3.5.x and newer no longer support Windows 7. Instead of a helpful error message, it now simply crashes on that Windows version, leaving the user with the error message "panic before malloc heap initialized". This has been addressed: In addition to the unhelpful error message, Git is now saying what is going on and how to get out of the situation.

Changes since Git for Windows v2.45.1 (May 14th 2024)

Git for Windows for Windows v2.45 is the last version to support for Windows 7 and for Windows 8, see MSYS2's corresponding deprecation announcement (Git for Windows relies on MSYS2 for components such as Bash and Perl).

Please also note that the 32-bit variant of Git for Windows is deprecated; Its last official release is planned for 2025.

New Features

• Comes with Git v2.45.2.
• Comes with Tig v2.5.10.
• Comes with cURL v8.8.0.

Bug Fixes

• When Git for Windows v2.44.0 introduced the ability to use native Win32 Console ANSI sequence processing, an inadvertent fallout was that in this instance, non-ASCII characters were no longer printed correctly unless the current code page was set to 65001. This bug has been fixed.

Changes since Git for Windows v2.45.0 (April 29th 2024)

Git for Windows for Windows v2.45 is the last version to support for Windows 7 and for Windows 8, see MSYS2's corresponding deprecation announcement (Git for Windows relies on MSYS2 for components such as Bash and Perl).

Please also note that the 32-bit variant of Git for Windows is deprecated; Its last official release is planned for 2025.

New Features

• Comes with Git v2.45.1.

Bug Fixes

• CVE-2024-32002: Recursive clones on case-insensitive filesystems that support
  symbolic links are susceptible to case confusion that can be exploited to
  execute just-cloned code during the clone operation.
• CVE-2024-32004: Repositories can be configured to execute arbitrary code
  during local clones. To address this, the ownership checks introduced in
  v2.30.3 are now extended to cover cloning local repositories.
• CVE-2024-32020: Local clones may end up hardlinking files into the target
  repository's object database when source and target repository reside on the
  same disk. If the source repository is owned by a different user, then those
  hardlinked files may be rewritten at any point in time by the untrusted user.
• CVE-2024-32021: When cloning a local source repository that contains symlinks
  via the filesystem, Git may create hardlinks to arbitrary user-readable files
  on the same filesystem as the target repository in the objects/ directory.
• CVE-2024-32465: It is supposed to be safe to clone untrusted repositories,
  even those unpacked from zip archives or tarballs originating from untrusted
  sources, but Git can be tricked to run arbitrary code as part of the clone.
• Defense-in-depth: submodule: require the submodule path to contain
  directories only.
• Defense-in-depth: clone: when symbolic links collide with directories, keep
  the latter.
• Defense-in-depth: clone: prevent hooks from running during a clone.
• Defense-in-depth: core.hooksPath: add some protection while cloning.
• Defense-in-depth: fsck: warn about symlink pointing inside a gitdir.
• Various fix-ups on HTTP tests.
• HTTP Header redaction code has been adjusted for a newer version of cURL
  library that shows its traces differently from earlier versions.
• Fix was added to work around a regression in libcURL 8.7.0 (which has already
  been fixed in their tip of the tree).
• Replace macos-12 used at GitHub CI with macos-13.
• ci(linux-asan/linux-ubsan): let's save some time
• Tests with LSan from time to time seem to emit harmless message that makes
  our tests unnecessarily flakey; we work it around by filtering the
  uninteresting output.
• Update GitHub Actions jobs to avoid warnings against using deprecated version
  of Node.js.

Changes since Git for Windows v2.44.0 (February 23rd 2024)

Git for Windows for Windows v2.45 is the last version to support for Windows 7 and for Windows 8, see MSYS2's corresponding deprecation announcement (Git for Windows relies on MSYS2 for components such as Bash and Perl).

Please also note that the 32-bit variant of Git for Windows is deprecated; Its last official release is planned for 2025.

New Features

• Comes with Git v2.45.0.
• Comes with PCRE2 v10.43.
• Comes with GNU Privacy Guard v2.4.5.
• Comes with Git LFS v3.5.1.
• MinGit now supports running git difftool.
• Comes with OpenSSH v9.7.P1.
• Comes with GNU TLS v3.8.4.
• Comes with Tig v2.5.9.
• Comes with cURL v8.7.1.
• Comes with Git Credential Manager v2.5.0.

Bug Fixes

• Since v2.14.0(2), Git for Windows' installer registers the Open Git Bash here and Open Git GUI here context menu items also in the special Libraries folders, but the uninstaller never removed them from those folders, which was fixed.
• A regression where git clone no longer worked in the presence of includeIf.*.onbranch config settings has been fixed.
• Apparently some anti-malware programs fiddle with the mode of stdout which can lead to problems because expected output is missing, which was fixed.

Changes since Git for Windows v2.44.0 (February 23rd 2024)

New Features

• Comes with Git v2.45.0-rc1.
• Comes with PCRE2 v10.43.
• Comes with GNU Privacy Guard v2.4.5.
• Comes with Git LFS v3.5.1.
• MinGit now supports running git difftool.
• Comes with OpenSSH v9.7.P1.
• Comes with GNU TLS v3.8.4.
• Comes with Tig v2.5.9.
• Comes with cURL v8.7.1.
• Comes with Git Credential Manager v2.5.0.

Bug Fixes

• Since v2.14.0(2), Git for Windows' installer registers the Open Git Bash here and Open Git GUI here context menu items also in the special Libraries folders, but the uninstaller never removed them from those folders, which was fixed.
• A regression where git clone no longer worked in the presence of includeIf.*.onbranch config settings has been fixed.
• Apparently some anti-malware programs fiddle with the mode of stdout which can lead to problems because expected output is missing, which was fixed.

Changes since Git for Windows v2.44.0 (February 23rd 2024)

New Features

• Comes with Git v2.44.1.

Bug Fixes

• CVE-2024-32002: Recursive clones on case-insensitive filesystems that support
  symbolic links are susceptible to case confusion that can be exploited to
  execute just-cloned code during the clone operation.
• CVE-2024-32004: Repositories can be configured to execute arbitrary code
  during local clones. To address this, the ownership checks introduced in
  v2.30.3 are now extended to cover cloning local repositories.
• CVE-2024-32020: Local clones may end up hardlinking files into the target
  repository's object database when source and target repository reside on the
  same disk. If the source repository is owned by a different user, then those
  hardlinked files may be rewritten at any point in time by the untrusted user.
• CVE-2024-32021: When cloning a local source repository that contains symlinks
  via the filesystem, Git may create hardlinks to arbitrary user-readable files
  on the same filesystem as the target repository in the objects/ directory.
• CVE-2024-32465: It is supposed to be safe to clone untrusted repositories,
  even those unpacked from zip archives or tarballs originating from untrusted
  sources, but Git can be tricked to run arbitrary code as part of the clone.
• Defense-in-depth: submodule: require the submodule path to contain
  directories only.
• Defense-in-depth: clone: when symbolic links collide with directories, keep
  the latter.
• Defense-in-depth: clone: prevent hooks from running during a clone.
• Defense-in-depth: core.hooksPath: add some protection while cloning.
• Defense-in-depth: fsck: warn about symlink pointing inside a gitdir.
• Various fix-ups on HTTP tests.
• HTTP Header redaction code has been adjusted for a newer version of cURL
  library that shows its traces differently from earlier versions.
• Fix was added to work around a regression in libcURL 8.7.0 (which has already
  been fixed in their tip of the tree).
• Replace macos-12 used at GitHub CI with macos-13.
• ci(linux-asan/linux-ubsan): let's save some time
• Tests with LSan from time to time seem to emit harmless message that makes
  our tests unnecessarily flakey; we work it around by filtering the
  uninteresting output.
• Update GitHub Actions jobs to avoid warnings against using deprecated version
  of Node.js.

Changes since Git for Windows v2.44.0 (February 23rd 2024)

New Features

• Comes with Git v2.45.0-rc0.
• Comes with PCRE2 v10.43.
• Comes with GNU Privacy Guard v2.4.5.
• Comes with Git LFS v3.5.1.
• MinGit now supports running git difftool.
• Comes with OpenSSH v9.7.P1.
• Comes with GNU TLS v3.8.4.
• Comes with Tig v2.5.9.
• Comes with cURL v8.7.1.
• Comes with Git Credential Manager v2.5.0.

Bug Fixes

• Since v2.14.0(2), Git for Windows' installer registers the Open Git Bash here and Open Git GUI here context menu items also in the special Libraries folders, but the uninstaller never removed them from those folders, which was fixed.
• A regression where git clone no longer worked in the presence of includeIf.*.onbranch config settings has been fixed.
• Apparently some anti-malware programs fiddle with the mode of stdout which can lead to problems because expected output is missing, which was fixed.