This seems to be related to this announcement of a vulnerability: Git config -global -add safe.directory "*" However, if you are the sole user of your machine 100% of the time, and your repositories are stored locally, then disabling this check should, theoretically, pose no increased risk.Īlso note that you can't currently combine this with a file path, as the command doesn't interpret the wildcard * as an operator per say– it just takes the "*" argument to mean "disable safe repository checks/ consider all repositories as safe".ġ - If this fails in your particular terminal program in Windows, try surrounding the wildcard with double quotes instead of single (Via this GitHub issue): You should not do this if your repositories are stored on a shared drive. gitconfig file: īefore disabling, make sure you understand this security measure, and why it exists. It will add the following setting to your global. Git config -global -add safe.directory '*' 1 GitHub Pages already prevents out-of-repository symbolic links, as well as non- submodule URLs, and is thus not affected by CVE-2022-39253.Starting in Git v2.35.3, safe directory checks can be disabled, which will end all the "unsafe repository" errors (this will also work in the latest patch versions of 2.30-34). GitHub also does not run `git shell` and is thus not affected by CVE-2022-39260 either. GitHub’s repository storage backend does not recursively clone submodules, so is not affected by CVE-2022-39253. ![]() Scheduled updates to GitHub Codespaces 2 and GitHub Actions to upgrade their versions of Git.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |