@@ -271,7 +271,17 @@ notes for details).
271271
272272 * "git push --signed" gave an incorrectly worded error message when
273273 the other side did not support the capability.
274- (merge 45917f0 jc/push-cert later to maint).
274+
275+ * The "git push --signed" protocol extension did not limit what the
276+ "nonce" that is a server-chosen string can contain or how long it
277+ can be, which was unnecessarily lax. Limit both the length and the
278+ alphabet to a reasonably small space that can still have enough
279+ entropy.
280+ (merge afcb6ee jc/push-cert later to maint).
281+
282+ * The completion script (in contrib/) contaminated global namespace
283+ and clobbered on a shell variable $x.
284+ (merge 852ff1c ma/bash-completion-leaking-x later to maint).
275285
276286 * We didn't format an integer that wouldn't fit in "int" but in
277287 "uintmax_t" correctly.
@@ -465,6 +475,11 @@ notes for details).
465475 when working in a subdirectory without any untracked files.
466476 (merge 9bdc517 ct/prompt-untracked-fix later to maint).
467477
478+ * An earlier update to the parser that disects a URL broke an
479+ address, followed by a colon, followed by an empty string (instead
480+ of the port number), e.g. ssh://example.com:/path/to/repo.
481+ (merge 6b6c5f7 tb/connect-ipv6-parse-fix later to maint).
482+
468483 * Code cleanups and documentation updates.
469484 (merge 2ce63e9 rs/simple-cleanups later to maint).
470485 (merge 33baa69 rj/no-xopen-source-for-cygwin later to maint).
@@ -491,3 +506,5 @@ notes for details).
491506 (merge 6c3b2af jg/cguide-we-cannot-count later to maint).
492507 (merge 2b8bd44 jk/pack-corruption-post-mortem later to maint).
493508 (merge 9585cb8 jn/doc-fast-import-no-16-octopus-limit later to maint).
509+ (merge 5dcd1b1 ps/grep-help-all-callback-arg later to maint).
510+ (merge f1f4c84 va/fix-git-p4-tests later to maint).
0 commit comments