path: root/NEWS
diff options
authorJoeyHess <>2018-06-26 16:03:00 (GMT)
committerhdiff <>2018-06-26 16:03:00 (GMT)
commit2cdd87347d8d7aa238de5d163e78cae1d3a12c85 (patch)
tree5f4cd7526be5ce21f5c9ab0fc4c4887f2f325496 /NEWS
parent9ac5de07ccf351b09ffb9ad922ee85fe22fcfea6 (diff)
version 6.201806266.20180626
Diffstat (limited to 'NEWS')
1 files changed, 26 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index a127219..f757a23 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,29 @@
+git-annex (6.20180626) upstream; urgency=high
+ A security fix has changed git-annex to refuse to download content from
+ some special remotes when the content cannot be verified with a hash check.
+ In particular URL and WORM keys stored on such remotes won't be downloaded.
+ See the documentation of the
+ configuration for how to deal with this if it affects your files.
+ A security fix has changed git-annex to only support http, https, and ftp
+ URL schemes by default. You can enable other URL schemes, at your own risk,
+ using
+ A related security fix prevents git-annex from connecting to http
+ servers (and proxies) on localhost or private networks. This can
+ be overridden, at your own risk, using
+ Setting annex.web-options no longer is enough to make curl be used,
+ and youtube-dl is also no longer used by default. See the
+ documentation of for
+ details and how to enable them.
+ The annex.web-download-command configuration has been removed,
+ use annex.web-options instead.
+ -- Joey Hess <> Fri, 15 Jun 2018 17:54:23 -0400
git-annex (6.20180309) upstream; urgency=medium
Note that, due to not using rsync to transfer files over ssh