News

Perl 5.42.2.1 Released

NodeJS 25.9.0 & 24.14.1 Released

Python 3.14.4 & 3.13.13 Released

Infrastructure:
setuptools-82.0.0
New Packages:
Upgraded Packages:
panel-1.8.9, streamlit-1.55.0, papermill-2.7.0
onnxruntime-1.24.0, google-genai-1.66.0, huggingface-hub-1.6.0
pyomo-6.10.0, pillow-12.1.1
Removed Packages:
Differences among builds:
only slimf (python-3.14 free-threading) has pandas-3.0.1, as pydeck is not fully compatible yet with pandas-3

Git Security release

Security release!

Description

Summary

It is possible to obtain a user's NTLM hash by tricking them into cloning from a malicious server. Since NTLM hashing is weak, it is possible for the attacker to brute-force the user's account name and password.

Proof of Concept

An attacker who can control a server from which the attack's target clones a repository can extract the NTLM hash, which in turn allows brute-forcing the password. Steps to reproduce:

1- Run responder on host [attacker]
2- Run git clone [victim]
3- attacker receives user's NTLM hash

 Screencast.From.2025-10-09.23-02-48.mp4 

Impact

By brute-forcing the NTLMv2 hash (which is expensive, but possible), credentials can be extracted.

References

This is a security fix release, addressing CVE-2025-66413.

CVE-2025-66413, Git for Windows: When a user clones a repository from an attacker-controlled server, Git may attempt NTLM authentication and disclose the user's NTLMv2 hash to the remote server. Since NTLM hashing is weak, the captured hash can potentially be brute-forced to recover the user's credentials. This is addressed by disabling NTLM authentication by default.

Powershell 7.6.0 Released!

General Cmdlet Updates and Fixes

  • Update PowerShell Profile DSC resource manifests to allow null for content (#26973)

Tests

  • Add GitHub Actions annotations for Pester test failures (#26969)
  • Fix Import-Module.Tests.ps1 to handle Arm32 platform (#26888)

Build and Packaging Improvements

Update to .NET SDK 10.0.201
  • Update v7.6 release branch to use .NET SDK 10.0.201 (#27041)
  • Create LTS package and non-LTS package for macOS for LTS releases (#27040)
  • Fix the container image for package pipelines (#27020)
  • Update Microsoft.PowerShell.PSResourceGet version to 1.2.0 (#27007)
  • Update LTS and Stable release settings in metadata (#27006)
  • Update branch for release (#26989)
  • Fix ConvertFrom-ClearlyDefinedCoordinates to handle API object coordinates (#26986)
  • Update NuGet package versions in cgmanifest.json to actually match the branch (#26982)
  • Bump actions/upload-artifact from 6 to 7 (#26979)
  • Split TPN manifest and Component Governance manifest (#26978)
  • Bump github/codeql-action from 4.32.4 to 4.32.6 (#26975)
  • Bump actions/dependency-review-action from 4.8.3 to 4.9.0 (#26974)
  • Hardcode Official templates (#26972)
  • Fix a preview detection test for the packaging script (#26971)
  • Add PMC packages for debian13 and rhel10 (#26917)
  • Add version in description and pass store task on failure (#26889)
  • Exclude .exe packages from publishing to GitHub (#26887)
  • Correct the package name for .deb and .rpm packages (#26884)

  1. March Bearsampp Release
  2. NodeJS 25.8.0, 24.14.0 & 22.22.1 released
  3. Mailpit 1.29.2 Released!
  4. Memcached 1.6.41 Released!

Page 6 of 63

Our Supporters

OCH
Jet Brains
codium
Bear
AM Graphix
Simplify your web

Sorry, this website uses features that your browser doesn't support. Upgrade to a newer version of Firefox, Chrome, Safari, or Edge and you'll be all set.