BT

Your opinion matters! Please fill in the InfoQ Survey!

Git Continues to Improve Security and UI in Version 2.13

| by Sergio De Simone Follow 5 Followers on May 15, 2017. Estimated reading time: 2 minutes |

The latest release of Git introduces many changes aimed to improve its user interface, while also fixing two significant vulnerabilities.

As it is known, the SHA–1 hashing algorithm that Git uses to uniquely identify objects has been recently demonstrated vulnerable to collision attacks. While the Git team gets ready to transition to a new, more secure hashing algorithm, they have implemented a mechanism to detect and reject any objects that appear to have been created with the intent of producing a collision. This should effectively mitigate the risk of collision attacks.

Still on the security front, Git 2.13 also fixes a vulnerability affecting all Git hosting servers that use git shell, which provides restricted shell access through SSH to Git push/pull commands, plus custom commands installed in a git-shell-commands directory. The vulnerability allowed attackers to potentially run shell commands on the remote server.

As mentioned, Git 2.13 includes many improvements to its UI. In particular, a feature that will be useful to all developers doing work for different projects is the ability to handle multiple identities through conditional configurations. In short, conditional configurations provide a way to include a Git config file based on a set of conditions. For example, you could have the following directives in your ~/.gitconfig file to customize your Git configuration based on the path of the directory where the repository resides:

[includeIf "gitdir:~/work/"]
  path = .gitconfig-work
[includeIf "gitdir:~/play/"]
  path = .gitconfig-play

Specifically, this can be used to define different user and email in .gitconfig-work and .gitconfig-play.

Another feature that almost all developers use and that has got a few touches in Git 2.13 is the handling of paths in Git commands, i.e., pathspecs. For example, if you want to execute a grep on all files of a given type in your repository, you could write:

git grep my_pattern '*.c'

Now, you can also use negative pathspecs, to exclude specific pathspecs from commands, and pathspecs using attributes, which allows to include attributes to the pathspec definition. For example:

git grep text_to_search -- src ':(exclude)*.c'

Other notable improvements include:

  • git branch, git tag, and git for-each-ref support now the --no-contains option, which can be used to select tags or branches that do not contain a given commit, e.g.:
    git tag -l --no-contains cf5c725 'v[0-9]*' | sort | tail -n 10
    

    The --no-contains option can be missed with they already existing --contains option to, e.g., find branches that were created between two tags:

    git branch --contains v2.8.0 --no-contains v2.10.0
    
  • git stash supports the use of pathspecs to stashing only a part of the current working tree, thus allowing more control on what is to be stashed.

  • A number of commands are now submodules aware, including checkout, grep, and ls-files. This means they will recursively traverse your submodules. Additionally, git status --short reports more information about submodules.

You can read the full release notes to have a more detailed view of what is new in Git 2.13.

Rate this Article

Adoption Stage
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Discuss

Login to InfoQ to interact with what matters most to you.


Recover your password...

Follow

Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.

Like

More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.

Notifications

Stay up-to-date

Set up your notifications and don't miss out on content that matters to you

BT