git-lfs

This release introduces security fixes for Linux, macOS, and Windows systems, which have been collectively assigned CVE-2025-26625.

When populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links exist which collide with the paths of files tracked by Git L...

This release is a feature release which introduces several new options for fetching Git LFS objects, such as the ability to force objects to be re-downloaded and the capacity to output object URLs and HTTP metadata in JSON for external tools to consume. This release also adds a configurable in-memory cache of file path pattern matches, which along with other changes can help reduce the time...

This release introduces a security fix for all platforms, which has been assigned CVE-2024-53263.

When requesting credentials from Git for a remote host, prior versions of Git LFS passed portions of the host's URL to the git-credential(1) command without checking for embedded line-ending control characters, and then...

This release is a feature release which includes support for multi-stage authentication with Git credential helpers (requires Git 2.46.0) and relative worktree paths (requires Git 2.48.0), a new object transfer batch size configuration option, better path handling when installing on Windows, more POSIX-compliant hook scripts, and improved performance with sparse checkouts, partial clones, and...

This release is a patch release which includes some fixes to the release process to properly build assets. It should have no user-visible changes from v3.5.0.

Misc

• Build release assets with Go 1.21 #5668 (@bk2204)
• script/packagecloud: instantiate distro map properly #5662 (@bk2204)
• Install msgfmt on Windows in CI and release workflows #5666 (@chrisd8088)

Packages

Up to...