Security breach warning: update your git client ASAP!
A quick and short guide on updating your git client
A critical security breach with Git clients was discovered last Thursday. It affects all versions of official Git clients, both command-line and graphical tools such as the GitHub app.
What is going on?
According to GitHub engineers, this breach would allow hackers to hijack your Git tree when cloning/checking out a repository, allowing them to execute any command in the client machine. So, it is strongly suggested that you take 5 minutes of your time to update it ASAP!
How to update: Mac OSX
If you use Mac OSX, it is recommended that you NOT use the Xcode-provided Git anymore, once it is hard to update in situations like these. Instead, just use homebrew.
a) If you already use Homebrew’s git
If you have installed git through homebrew before, just update it by running:
brew update && brew upgrade git
b) If you still don’t use Homebew’s git
Then first let’s install git from homebrew. As soon as your homebrew is installed, just run:
brew update && brew install git
Now you need to force your console app to pick up homebrew’s git instead of Xcode’s (which we unfortunately can’t be uninstalled). So all you need to do is to edit your console init file (~/.bash_profile, ~/.bashrc, ~/.zshrc …) and prepend /usr/local/bin to your PATH definition so that it will become something like:
Then, verify that you are using git version 2.2.1 by doing:
Also, an updated version of GitHub for Mac is available for immediate download.
How to update: Windows
- Git for Windows (also known as MSysGit) has released maintenance version 1.9.5.
- Also, an updated version of GitHub for Windows is available for immediate download.
The following article has more details on this regard: https://github.com/blog/1938-vulnerability-announced-update-your-git-clients
Originally published at www.avenuecode.com/code-highway on December 22, 2014.