Skip to content
  1. Mar 14, 2022
  2. Mar 10, 2022
  3. Mar 07, 2022
  4. Mar 05, 2022
    • Carlo Sala's avatar
      feat(fzf)!: default to using `fd` before `rg` (#10757) · f96a900e
      Carlo Sala authored
      BREAKING CHANGE: if both `fd` and `rg` are installed, default to using `fd`. This
      is the recommendation of the ripgrep author, and it's been found to be faster.
      If you want to force using `rg`, set the `FZF_DEFAULT_COMMAND` variable.
      f96a900e
  5. Mar 04, 2022
  6. Mar 03, 2022
  7. Mar 02, 2022
  8. Feb 28, 2022
  9. Feb 25, 2022
  10. Feb 24, 2022
  11. Feb 22, 2022
  12. Feb 21, 2022
  13. Feb 18, 2022
  14. Feb 13, 2022
    • Marc Cornellà's avatar
      fix: apply workaround patch for vcs_info (CVE-2021-45444) · ef3f7c43
      Marc Cornellà authored
      This lib function applies a patch to the VCS_INFO_formats function
      in zsh versions from v5.0.3 until v5.8, which don't quote % chars
      in some arguments received. Normally that just means that some
      % characters in these strings (branch names, directories, etc.)
      will be incorrectly parsed as formatting sequences.
      
      With CVE-2021-45444, however, this means that one of these strings
      from a malicious source (e.g. a malicious git repository) can
      trigger command injection and run arbitrary code in the user's
      machine when visiting such git repository.
      
      Zsh 5.8.1 fixes this vulnerability [1], but older vcs_info setups
      still need a workaround such as this one to patch the vulnerability.
      
      [1] https://github.com/zsh-users/zsh/commit/c3ea1e5d52eff8b7b172fa8c1ccc3462b43b2790
      ef3f7c43
  15. Feb 11, 2022
Loading