Git Updated Due To A Potentially Nasty Vulnerability On Windows

Git 2.35.2 was just released along with updates to prior series in the form of Git 2.34.2, 2.33.2, 2.32.1, 2.31.2, and 2.30.3 due to a new security issue.

While this CVE-2022-24765 vulnerability is enough to issue updates to all supported versions in maintenance mode, the issue is likely due to only affect Microsoft Windows due to its file-system hierarchy / folder permissions. Ultimately for multi-user Windows systems it comes down to the possibility of arbitrary code execution as the running user for that arbitrary code set by other users on the system. While the complete CVE-2022-24765 hasn't been disclosed yet, it's summed up in the Git announcement as:

On multi-user machines, Git users might find themselves unexpectedly in a Git worktree, e.g. when another user created a repository in `C:\.git`, in a mounted network drive or in a scratch space. Merely having a Git-aware prompt that runs `git status` (or `git diff`) and navigating to a directory which is supposedly not a Git worktree, or opening such a directory in an editor or IDE such as VS Code or Atom, will potentially run commands defined by that other user.

Thuse if you are on a multi-user Windows environment, go grab the latest Git point releases. CVE-2022-24765 is the only change noted with today's announcement.