This release is a security fix for a RCE vulnerability in the go-git dependency.
Details: go-git v4 - CVE-2023049569/CWE-22 - Path Traversal
Overview
Affected versions of this package are vulnerable to Path Traversal via malicious server replies. An attacker can create and amend files across the filesystem and potentially achieve remote code execution by sending crafted responses to the client.
Notes
This is only exploitable if the client is using ChrootOS, which is the default for certain functions such as PlainClone.
Applications using BoundOS or in-memory filesystems are not affected by this issue.
Users loading rules from remote Git servers are encouraged to upgrade to v1.15.0 as soon as possible.