Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News Git Continues to Improve Security and UI in Version 2.13

Git Continues to Improve Security and UI in Version 2.13

This item in japanese

Lire ce contenu en français

The latest release of Git introduces many changes aimed to improve its user interface, while also fixing two significant vulnerabilities.

As it is known, the SHA–1 hashing algorithm that Git uses to uniquely identify objects has been recently demonstrated vulnerable to collision attacks. While the Git team gets ready to transition to a new, more secure hashing algorithm, they have implemented a mechanism to detect and reject any objects that appear to have been created with the intent of producing a collision. This should effectively mitigate the risk of collision attacks.

Still on the security front, Git 2.13 also fixes a vulnerability affecting all Git hosting servers that use git shell, which provides restricted shell access through SSH to Git push/pull commands, plus custom commands installed in a git-shell-commands directory. The vulnerability allowed attackers to potentially run shell commands on the remote server.

As mentioned, Git 2.13 includes many improvements to its UI. In particular, a feature that will be useful to all developers doing work for different projects is the ability to handle multiple identities through conditional configurations. In short, conditional configurations provide a way to include a Git config file based on a set of conditions. For example, you could have the following directives in your ~/.gitconfig file to customize your Git configuration based on the path of the directory where the repository resides:

[includeIf "gitdir:~/work/"]
  path = .gitconfig-work
[includeIf "gitdir:~/play/"]
  path = .gitconfig-play

Specifically, this can be used to define different user and email in .gitconfig-work and .gitconfig-play.

Another feature that almost all developers use and that has got a few touches in Git 2.13 is the handling of paths in Git commands, i.e., pathspecs. For example, if you want to execute a grep on all files of a given type in your repository, you could write:

git grep my_pattern '*.c'

Now, you can also use negative pathspecs, to exclude specific pathspecs from commands, and pathspecs using attributes, which allows to include attributes to the pathspec definition. For example:

git grep text_to_search -- src ':(exclude)*.c'

Other notable improvements include:

  • git branch, git tag, and git for-each-ref support now the --no-contains option, which can be used to select tags or branches that do not contain a given commit, e.g.:
    git tag -l --no-contains cf5c725 'v[0-9]*' | sort | tail -n 10

    The --no-contains option can be missed with they already existing --contains option to, e.g., find branches that were created between two tags:

    git branch --contains v2.8.0 --no-contains v2.10.0
  • git stash supports the use of pathspecs to stashing only a part of the current working tree, thus allowing more control on what is to be stashed.

  • A number of commands are now submodules aware, including checkout, grep, and ls-files. This means they will recursively traverse your submodules. Additionally, git status --short reports more information about submodules.

You can read the full release notes to have a more detailed view of what is new in Git 2.13.

Rate this Article