A critical security vulnerability has been found affecting all versions of the Git client ^1. If not patched, remote repos could be able to modify the .git config and execute commands on the system. The Git core team has announced maintenance releases for all current versions of Git (v1.8.5.6, v1.9.5, v2.0.5, v2.1.4, and v2.2.1).

Don't forget, even if not used directly, Git is still utilised in many popular tools including:

• Composer (PHP)
• NPM
• Bower
• oh-my-zsh

Be careful when using remote repos. Github has scanned all repos and therefore, should be considered safe.

Fixing:

OS X

Using Homebrew:

$ brew update && brew upgrade git

Without Homebrew:

• Install homebrew

or

• Wait for Apple to release the fix

Ubuntu

$ sudo add-apt-repository ppa:git-core/ppa
$ sudo apt-get update
$ sudo apt-get install git

CentOS

$ sudo yum update git

Windows

• Update mSysGit

Clients

• Update libgit2
• Update JGit