Git Blog

Releasing the Power of Git

Critical Security Patch in Git and GitKraken

On 12-10-2019, Git released patch v2.24.1 to address several common vulnerabilities and exposures, or CVE. For those unfamiliar with what CVE is, it is a dictionary that provides definitions for publicly disclosed cybersecurity vulnerabilities and exposures.

These Security Vulnerabilities are Critical

These security issues could allow complete takeover of a computer through the use of various git commands. They can affect all Git and GitKraken users, especially those that have exposure to lots of obscure public repos.

Recommend Immediate Actions:

  1. Update your GitKraken installation to v6.4 or later
  2. If you use git on the CLI, update it to v2.24.1

GitKraken utilizes libgit2 for handling its Git operations, but that does not mean it is immune to these vulnerabilities. Fortunately, the libgit2 team has merged in a fix for these new vulnerabilities which are included in GitKraken v6.4.0 and later.

This includes fixes for:

  • CVE-2019-1348
  • CVE-2019-1349
  • CVE-2019-1350
  • CVE-2019-1351
  • CVE-2019-1352
  • CVE-2019-1353
  • CVE-2019-1354
  • CVE-2019-1387

For users who only use GitKraken, please be sure to always update GitKraken to the latest available version whether that is through our updater or our downloads page. We actively monitor security channels and want to ensure our users are not prone to these vulnerabilities and exposures. 

For any users who utilize Git for the CLI, Git Hooks, or Git LFS, it is advisable to also make sure your current version of Git is v2.24.1 or later. You can download the latest version of Git here.

Like this post? Share it!

Share on facebook
Share on twitter
Share on linkedin

Read More Articles

Git vs GitHub

Git vs GitHub

Many people confuse Git and GitHub as being the same thing. Understand the difference between Git vs GitHub, and see how to use both to streamline your workflow.

Read More »

WordPress + GitHub

Learn how to work with WordPress, GitHub, and GitKraken to get the benefits of using Git for WordPress, including how to install a WordPress GitHub plugin.

Read More »

Git vs SVN

When deciding between Git vs SVN, there are a few things to compare, like Git and SVN commands and industry adoption (over 95% of developers worldwide are using Git).

Read More »

Git for Teams

See the powerful GitKraken team features that enable better workflows in Git for teams, including merge conflict detection and resolution and Git pull request management.

Read More »

Make Git Easier, Safer &
More Powerful

with GitKraken