
Xcode 7.3.1 is available on the Mac app store - marvel_boy
https://itunes.apple.com/us/app/xcode/id497799835?mt=12
======
0x0
That's a really long time to patch that critical git 2.7.4 vulnerability. Have
they even patched the openssh UseRoaming bug yet?

Using only Apple tools to interface with foreign git repositories on the
internet is a high risk sport these days (weeks (months))...

~~~
jeremyhu
Upstream fixed the issue a couple days before Xcode 7.3 was released (and
didn't even have their story straight about what version actually contained
the fix). The fix was available in the 7.3.1 beta less than a month later, so
I'm not sure where you get "months" from there.

As for the OpenSSH issues you mention (CVE-0216-0777 and CVE-0216-0778), those
were fixed in OS X 10.11.4 months ago.

~~~
0x0
The git bugs were announced around March 15th (with some funny business going
on with 2.7.1 and 2.7.3, before 2.7.4 came about). Debian released patches for
git in DSA-3521-1 on March 19th, Xcode didn't fix this before 7.3.1 yesterday.
That's about a month and a half. Beta versions of Xcode can't be used to
submit to the app store, so they aren't useful because any serious developer
will still need to have the latest stable xcode installed and probably set as
default to not risk appstore submission problems.

Debian: 4 days to patch. Xcode: 50 days.

The openssh bugs were announced around January 14th. Debian released patches
for OpenSSH in DSA-3446-1 on the same day. I guess Apple finally fixed it in
OSX 10.11.4 which was released on March 21st. That's more than two months.
Thanks for the heads-up, though, after two months with no patch I kind of
assumed there would never be a patch.

Debian: 0 days to patch. OSX: 67 days

------
larrik
As someone who hasn't used XCode in a while, why is this release news-worthy?

------
askyourmother
Holy multi-GB download Batman!

How do developers on slow and metered connection deal with this?

~~~
mwfunk
How do developers on a slow and metered connection download OS updates? Surely
that's 100x worse.

~~~
ChristinaM
I'm travelling semi-permanently (away from "home" ~9 months now). I had to
update OS X and Xcode recently. 11GB fortunately only took 2 days (and $60 of
data charges) since I'm somewhere with ok cell LTE. I did have to delay the
update for a month or two until I was somewhere I could do it.

------
grav
Will the Mac App Store download only the diff?

~~~
tomku
It did for me, was about 235mb.

------
b123400
Glad that the XLIFF file import bug is fixed

------
58028641
Why is this interesting? It looks like any other Xcode update.

