Releases: git-ecosystem/git-credential-manager
Release list
GCM 2.9.1
Announcements:
Note
This is planned to be the last release major release (2.x) that supports Windows 7 and 8.x. We will be moving off of .NET Framework to .NET (Core) on Windows this year with version 3.0.
Changes:
- Use
AbsoluteUrito open URIs in the system browser to avoid double encoded URLs on macOS (90884de)
GCM 2.9.0
Announcements:
Note
This is planned to be the last release major release (2.x) that supports Windows 7 and 8.x. We will be moving off of .NET Framework to .NET (Core) on Windows this year with version 3.0.
Changes:
GCM 2.8.0
Announcements:
Note
This is planned to be the last release major release that supports Windows 7 and 8.x. We will be moving off of .NET Framework to .NET (Core) on Windows this year.
Changes:
- Workload Identity Federation for Azure Repos (#2297)
- Git config caching to reduce git process calls
- Dark theme support for OAuth authentication response pages (#2325)
- Allow installing on Azure Linux (#2269)
- Fix GPG ID lookup for
.gpg-idin subdirectories (#2274) - Fix CS0121
string.Splitcall ambiguity with .NET 8.0 (#2287) - Fix SYSLIB0057 warning for
X509Certificate2Collection.Import(#2326) - Fix several small bugs (#2303)
- Migrate to .NET 10 (Mac/Linux) and adopt Central Package Management (#2313)
- Bump
Tmds.DBus.Protocolfrom 0.16.0 to 0.21.3 (#2316) - Azure Pipelines: specify
pool.hostArchitecturecorrectly (#2323) - Documentation updates
- Actions dependency updates
GCM 2.7.3
Announcements:
Note
This is planned to be the last release major release that supports Windows 7 and 8.x. We will be moving off of .NET Framework to .NET (Core) on Windows this year.
Changes:
-
Emit new warning when Git has built-in NTLM support disabled.
As part of the fix for CVE-2025-66413, Git for Windows now disables built-in NTLM support by default.
Only ifhttp.allowNTLMAuthis explicitly enabled will Git use NTLM authentication.GCM will now display a warning message when it detects this scenario and presents options for re-enabling NTLM.
GCM 2.7.2
GCM 2.7.1
Announcements:
Note
This is planned to be the last release major release that supports Windows 7 and 8.x. We will be moving off of .NET Framework to .NET (Core) on Windows this year.
Changes:
GCM 2.7.0
Announcements:
Note
Thanks to all our contributors who've been waiting for this release. It's been a year since the last release, which as many will note is highly unusual. Ownership issues of the project have meant that there was a freeze on releases and maintenance. This has now been resolved and we expect regular releases (approximately every 12 weeks; aligned with Git's release schedule), and engagement on our part with the community. Thank you for your patience.
Note
The code ownership/responsibility model of the Git Credential Manager project has changed. Microsoft will now maintain the core GCM platform (responsible for releases, and major architectural changes). The major Git host providers will be responsible for their plugins (e.g., GitHub for GitHub functionality, Azure DevOps for Azure Repos etc).
Note
This is planned to be the last release major release that supports Windows 7 and 8.x. We will be moving off of .NET Framework to .NET (Core) on Windows this year.
Changes:
- Fix Generic provider refresh token refresh logic (#1838)
- Allow unsafe remotes via config (#1721)
- Drop no longer needed GitLab OAuth params (#1538)
- No-op credential storage option (#1740)
- Fix TRACE2 logging (#1909)
- Linux ARM and ARM64 support
- Windows ARM64 and x64 support (#2230)
- Support Oracle Linux vis install-from-source (#2212)
- Linux install-from-source bug fixes
- macOS enterprise defaults (#1811)
- Documentation updates & fixes
- Fixes to CI & build
- Use Azure Pipelines for official builds
- Actions dependency updates
GCM 2.6.1
Security Fixes:
- CVE-2024-50338
- Do not treat the lone carriage-return character (CR,
\r) as a line terminator in the credential helper protocol
- Do not treat the lone carriage-return character (CR,
Changes:
- Fix Linux build scripts (#1752)
- Documentation fix for broken links (#1722)
- Permit use of HTTP (not-S) remotes for providers via config (#1721)
- Omit the client secret for GitLab (#1538)
- Various workflow action updates (#1725, #1738, #1751, #1750)
- Fix CentOS install from source workflow (#1746)
- Add Mariner and Arch Linux distribution validation builds (#1747)
- Add no-op credential storage option (#1740)