v3.6.3

This is mostly a CVE-fixing build for base-image issues.

#658

Available at: registry.k8s.io/git-sync/git-sync:v3.6.3

What's Changed

• V3 e2e: fix git submodules for file:// by @thockin in #648

Full Changelog: v3.6.2...v3.6.3

v3.6.2

Mostly a baseimage CVE update

What's Changed

• V3: Allow quoted keys for --git-config by @thockin in #642

Available at: registry.k8s.io/git-sync/git-sync:v3.6.2

Full Changelog: v3.6.1...v3.6.2

v3.6.1

What's Changed

• Bump base image to 1.4.2 by @thockin in #623

Full Changelog: v3.6.0...v3.6.1

Available for all supported platforms at k8s.gcr.io/git-sync/git-sync:v3.6.1

v3.6.0

NOTE: 3.6.x is probably the final minor series of 3.x, with future focus on bugfixes and security issues only. Further efforts will shift to 4.x, which has several breaking changes (mostly flags) but is cleaner overall.

What's Changed

• v3: log.V(9) md5sums of credentials by @thockin in #581
  • This might help debug unreproduceable issues with credentials
• v3: Change from "store" to "cache" for credentials by @thockin in #583
  • This is a security improvement and should help with some unreproduceable issues with credentials
• v3: Don't set known_hosts to /dev/null by @thockin in #585
  • This cleans up log-spam

Full Changelog: v3.5.1...v3.6.0

Available for all supported platforms at k8s.gcr.io/git-sync/git-sync:v3.6.0

v3.5.1

What's Changed

• TrimSpace exec's stdout/stderr for log (v3) by @thockin in #510
• Pass the whole environment to exechooks (v3 branch) by @thockin in #515
• v3: Clean up fail-count logging by @thockin in #548
• upgrade base image to address vulnerabilities by @thockin in #558
• v3: Bump build image to go 1.18 by @thockin in #559
• v3: Bump go.mod to 1.18 by @thockin in #561
• Fix CVE-2022-2068 by @Liujingfang1 in #589

Full Changelog: v3.5.0...v3.5.1

Available for all supported platforms at k8s.gcr.io/git-sync/git-sync:v3.5.1

v3.5.0

What's Changed

• Bump to go 1.17 by @thockin in #483
• Set $GITSYNC_HASH in exechook (v3) by @thockin in #490
• Set repoReady even when there wasn't a 1st clone (v3 branch) by @thockin in #493
• Add GC controls, e2e regexes (v3 branch) by @thockin in #495
• Support repo change between invocations by @sed-i in #499
• update the base image to fix vulnerabilities by @Liujingfang1 in #502

New Contributors

• @sed-i made their first contribution in #499
• @Liujingfang1 made their first contribution in #502

Full Changelog: v3.4.0...v3.5.0

Available for all supported platforms at k8s.gcr.io/git-sync/git-sync:v3.5.0

v3.4.0

What's Changed

• Avoid writing to /etc/passwd unless needed by @mac-chaffee in #461
• Expose the ssh diagnostic message by @nan-yu in #464
• Ensure web/exec hooks complete in --one-time by @thockin in #469 and @ChrisERo in #466
• Don't try to remove the root if it appears corrupt by @thockin in #473
• Don't double-register the hook metric by @thockin in #475
• Allow --dest to be an absolute path by @thockin in #477

New Contributors

• @mac-chaffee made their first contribution in #461
• @ChrisERo made their first contribution in #466 (on the v4 branch, ported to v3 in #469)

Full Changelog: v3.3.5...v3.4.0

Available for all supported platforms at k8s.gcr.io/git-sync/git-sync:v3.4.0

v3.3.5

This is a minor release. It includes the following changes and also picks up the latest base image, which addresses some vulnerabilities.

• Flag --sync-hook-command ($GIT_SYNC_HOOK_COMMAND) is deprecated (but still works). Use --exechook-command ($GIT_SYNC_EXECHOOK_COMMAND) instead (functionally identical). This adds flags --exechook-timeout ($GIT_SYNC_EXECHOOK_TIMEOUT) and --exechook-backoff ($GIT_SYNC_EXECHOOK_BACKOFF) to parallel webhooks.
• Fix a bug that can mis-attribute callers in log-lines.
• Create git worktrees using the specific SHA rather than branch name. This allows to change branches with persistent volumes. Otherwise should be functionally identical.
• Add flag password-file ($GIT_SYNC_PASSWORD_FILE), which reads the password from a file and this is considered as safer than reading from env or flag directly.
  • --password and --password-file can't be specified at the same time.
  • If --username is specified, then one of --password or --password-file must be specified.

Available for all supported platforms at k8s.gcr.io/git-sync/git-sync:v3.3.5

v3.3.4

This is a security release. It picks up the latest base image, which addresses:

• https://nvd.nist.gov/vuln/detail/CVE-2021-20231

• https://nvd.nist.gov/vuln/detail/CVE-2021-20232

Available for all supported platforms at k8s.gcr.io/git-sync/git-sync:v3.3.4

v3.3.3

This is a minor release.

• Fix a race between ls-remote and fetch that could crash
• Clean up worktrees in case of corruption

Available for all supported platforms at k8s.gcr.io/git-sync/git-sync:v3.3.3