SourceTree Update to Address GitHub Security Issue?

Hi all,

I've just deployed Mac 2.0.4 which has updated embedded version of Git and Mercurial to address CVE-2014-9390.

The Windows version will follow shortly and in the meantime you can use a system Git/Mercurial version.

EDIT: Windows version 1.6.12 [released] addresses CVE-2014-9390.

Update: please read the blog post for instructions to update the embedded Git/Mercurial versions in SourceTree for Windows. https://blog.sourcetreeapp.com/2014/12/18/atlassian-update-for-git-and-mercurial-vulnerability/

Cheers

Here are the instructions from Atlassian on how to update SourceTree to a safe version of Git: https://blog.sourcetreeapp.com/2014/12/18/atlassian-update-for-git-and-mercurial-vulnerability/

There is a Blog entry, stating to switch from embedded GIT to System GIT... However, neither for Mac nor for Windows there is an uptodate command line package available (see http://git-scm.com/download/mac and http://git-scm.com/download/mac).

One workaround I found, is to install the GitHub client (https://mac.github.com/, https://windows.github.com/) and let SourceTree use the git commandline from GitHub. But this does not work (error message: fatal: Unable to find remote helper for 'http'), or compile GIT from the sources.

Atlassian should come up asap with an update for SourceTree!

I've posted an answer on this thread, thanks for bringing this AAC Q to my attention.

Maybe @Kieran Senior [Atlassian] can give us an idea when/if there will be an update to SourceTree's embedded git.

You could install latest git (2.2.1) with homebrew this way:

brew install git

And then simply point to /usr/local/bin/git as system git in SourceTree.

My experience on MAC was that when I told SourceTree to use System Git,  it offered to install "Apple Git".  I took that option, "Apple Git" installed itself,  and SourceTree since then has been pointing to that version of git, as shown below:

RdgJrMacBookPro:SourceTreeTest1 rdg$ cd /usr/bin

RdgJrMacBookPro:bin rdg$ ls -lsa git

8 -rwxr-xr-x  1 root  wheel  14160 Sep 26 22:06 git

RdgJrMacBookPro:bin rdg$ git --version

git version 1.9.3 (Apple Git-50)

RdgJrMacBookPro:bin rdg$ pwd

/usr/bin

RdgJrMacBookPro:bin rdg$ 

In the case of Win7,  I also run SourceTree on Win7 via bootcamp.  Over there, I had already installed git before I installed SourceTree.  I think it was "msysgit".  Anywhere, it was a simple matter of pointing SourceTree to the location of "git" in that prior installation, to use instead of SourceTree's internal git.