Security breach warning: update your git client ASAP!

A quick and short guide on updating your git client

A critical security breach with Git clients was discovered last Thursday. It affects all versions of official Git clients, both command-line and graphical tools such as the GitHub app.

What is going on?

According to GitHub engineers, this breach would allow hackers to hijack your Git tree when cloning/checking out a repository, allowing them to execute any command in the client machine. So, it is strongly suggested that you take 5 minutes of your time to update it ASAP!

How to update: Mac OSX

If you use Mac OSX, it is recommended that you NOT use the Xcode-provided Git anymore, once it is hard to update in situations like these. Instead, just use homebrew.

a) If you already use Homebrew’s git

If you have installed git through homebrew before, just update it by running:

brew update && brew upgrade git

b) If you still don’t use Homebew’s git

Then first let’s install git from homebrew. As soon as your homebrew is installed, just run:

brew update && brew install git

Now you need to force your console app to pick up homebrew’s git instead of Xcode’s (which we unfortunately can’t be uninstalled). So all you need to do is to edit your console init file (~/.bash_profile, ~/.bashrc, ~/.zshrc …) and prepend /usr/local/bin to your PATH definition so that it will become something like:

export PATH="/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin"

Then, verify that you are using git version 2.2.1 by doing:

git --version

Also, an updated version of GitHub for Mac is available for immediate download.

How to update: Windows

• Git for Windows (also known as MSysGit) has released maintenance version 1.9.5.
• Also, an updated version of GitHub for Windows is available for immediate download.

Source

The following article has more details on this regard: https://github.com/blog/1938-vulnerability-announced-update-your-git-clients