changelog: include security updatesusers/ethomson/security_updates

author: Edward Thomson <ethomson@edwardthomson.com> 2019-08-05 00:32:11 +0100
committer: Edward Thomson <ethomson@edwardthomson.com> 2019-08-13 17:56:06 +0100
commit: df3f18acf0d4fae14f26c9de0c9675736aff0eb5 (patch)
tree: 3c8c2b7a8ecb7fec71c970f43a299b057941404c
parent: 57a9ccd5e21f8b98885e392f193ee6a7ead79172 (diff)
download: libgit2-users/ethomson/security_updates.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/docs/changelog.md b/docs/changelog.md
index e5eaf0794..563c5c9c8 100644
--- a/docs/changelog.md
+++ b/docs/changelog.md
@@ -22,6 +22,16 @@ v0.28 + 1
 * libgit2 can now correctly cope with URLs where the host contains a colon
   but a port is not specified.  (eg `http://example.com:/repo.git`).
 
+* A carefully constructed commit object with a very large number
+  of parents may lead to potential out-of-bounds writes or
+  potential denial of service.
+
+* The ProgramData configuration file is always read for compatibility
+  with Git for Windows and Portable Git installations.  The ProgramData
+  location is not necessarily writable only by administrators, so we
+  now ensure that the configuration file is owned by the administrator
+  or the current user.
+
 v0.28
 -----
author	Edward Thomson <ethomson@edwardthomson.com>	2019-08-05 00:32:11 +0100
committer	Edward Thomson <ethomson@edwardthomson.com>	2019-08-13 17:56:06 +0100
commit	df3f18acf0d4fae14f26c9de0c9675736aff0eb5 (patch)
tree	3c8c2b7a8ecb7fec71c970f43a299b057941404c
parent	57a9ccd5e21f8b98885e392f193ee6a7ead79172 (diff)
download	libgit2-users/ethomson/security_updates.tar.gz