Hello,
please update your git clients to fix issue
which can lead to malicious code being executed on your machine.
cc @cintiadr, is this something we still have to do for our infra? Not sure how git is installed/updated on bamboo for example.
Hello,
please update your git clients to fix issue
which can lead to malicious code being executed on your machine.
cc @cintiadr, is this something we still have to do for our infra? Not sure how git is installed/updated on bamboo for example.
Thanks for the message, @teleivo!
Sort of yes. We installed the package, but security patches are applied very frequently, automatically. https://people.canonical.com/~ubuntu-security/cve/pkg/git.html
That’s why we tend to have mini-outages every weekend.
As always @teleivo, thanks for looking out for the OpenMRS community.
Given someone cloning a repo is likely to be compiling & running the code in that repo, having someone committing malicious code to the repo seems like a bigger problem than this bug. Is it typical for people to issue git clone --recursive
on a repo for which they aren’t going to run the code? Am I missing something? This feels like a warning “we have discovered a vulnerability that would allow someone preparing your food to plant a bomb in your house.”
update: Oh. I see from the videos that merely cloning a repo to check it out could get you into trouble. That’s not good. Time to update git! Thanks @teleivo!
Upgraded!
For macOS/Homebrew the upgrade process is just:
brew install git
brew switch git 2.17.1
brew upgrade
did the update for me as well