Mercurial Mercurial > hg / changelog
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | zip | gz | bz2 | help
(0) -30000 -10000 -3000 -1000 -300 -100 -30 -10 -3 +3 +10 +30 +100 +300 +1000 +3000 +10000 tip
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Mon, 06 Nov 2017 14:56:17 -0500 config: add some more documentation around why svn and git subrepos are off stable
changeset
Augie Fackler <augie@google.com> [Mon, 06 Nov 2017 14:56:17 -0500] rev 34988
config: add some more documentation around why svn and git subrepos are off
Sun, 05 Nov 2017 21:51:42 +0900 subrepo: disable git and svn subrepos by default (BC) (SEC) stable
changeset
Yuya Nishihara <yuya@tcha.org> [Sun, 05 Nov 2017 21:51:42 +0900] rev 34987
subrepo: disable git and svn subrepos by default (BC) (SEC) We have a security issue with git subrepos. I'm not sure if svn subrepo is vulnerable, but it seems not 100% safe to allow writing arbitrary data into a metadata directory. So for now, only hg subrepo is enabled by default. Maybe we should improve the help to describe why git/svn subrepos are disabled.
Sun, 05 Nov 2017 21:48:58 +0900 subrepo: extend config option to disable subrepos by type (SEC) stable
changeset
Yuya Nishihara <yuya@tcha.org> [Sun, 05 Nov 2017 21:48:58 +0900] rev 34986
subrepo: extend config option to disable subrepos by type (SEC) This allows us to minimize the behavior change introduced by the next patch. I have no idea which config style is preferred in UX POV, but I decided to get things done. a) list: 'allowed = hg, git, svn' b) sub option: 'allowed.hg = True' or 'allowed:hg = True' c) per-type action: 'hg = allow', 'git = abort'
(0) -30000 -10000 -3000 -1000 -300 -100 -30 -10 -3 +3 +10 +30 +100 +300 +1000 +3000 +10000 tip
Mercurial