From 9faef71650951fe96a7a03fb14045ad8e94f446c Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 21 Jun 2018 18:16:44 -0400 Subject: [PATCH] add upgrade note --- doc/security/CVE-2018-10857_and_CVE-2018-10859.mdwn | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/security/CVE-2018-10857_and_CVE-2018-10859.mdwn b/doc/security/CVE-2018-10857_and_CVE-2018-10859.mdwn index 9f2d6d95b6..e789a73d49 100644 --- a/doc/security/CVE-2018-10857_and_CVE-2018-10859.mdwn +++ b/doc/security/CVE-2018-10857_and_CVE-2018-10859.mdwn @@ -9,7 +9,8 @@ key. This attack could be used to expose encrypted data that was never stored in git-annex. Daniel Dent discovered this attack in collaboration with Joey Hess. -These security holes were fixed in git-annex 6.20180626. +These security holes were fixed in git-annex 6.20180626. After upgrading +git-annex, you should restart any git-annex assistant processes. Also, some external special remotes (plugins) were improved, as a second line of defense against CVE-2018-10857: