
Is it necessary to run the latest Git release? - bashit
I noticed that some linux distros ship with an older version of git. For example, my CentOS7 setup is using 1.8.3.1. As of now, the latest is 2.19. My question is more specific towards the precautions of running older versions of Git that may come preinstalled on a system.<p>Are there any precautions or issues with running older versions?<p>What are they and can they pose as a significant threat in your development?<p>I noticed there are a wide set of tools for git like gitk, git-lfs, etc... Are there older versions of git that may not include these tool sets and therefore require the user to install them manually?<p>Where do I find release notes per each release of Git?
======
jepler
Make sure your distro provides security updates for git. For instance,
CVE-2018-17456 (another RCE via submodules bug) was recently disclosed and
patched in Debian Jessie (oldstable), even though jessie has git 2.1.x which
may not be getting updates from git core developers.

Otherwise, old and new git interact really quite well. You'll miss out on new
features, naturally. Because of reasons, I still make daily use of 1.8.2.2 and
it's fine! (but only when interacting with trusted peers within my
organization, that thing hasn't seen a security patch in a decade or so)

As for release notes, every release gets its own file here:
[https://github.com/git/git/tree/master/Documentation/RelNote...](https://github.com/git/git/tree/master/Documentation/RelNotes)
\-- you'll get the highlights of major features by reading the x.y.0 release
notes.

Git is not a hard build from source as such things go, but it leaves you to
track security fixes on your own.

~~~
bashit
@jepler Could you explain the part on security updates regarding CVE and
jessie or point me somewhere that does please? I'm sorry but I don't
understand this terminology.

This is very helpful thank you!

~~~
jepler
Sure thing. CVE is a list of software vulnerabilities
[https://cve.mitre.org/](https://cve.mitre.org/) and Jessie is an older
version of the Debian operating system, a flavor of Linux
[https://www.debian.org/](https://www.debian.org/)

