Announcements:

Changes:

• Fix Generic provider refresh token refresh logic (#1838)
• Allow unsafe remotes via config (#1721)
• Drop no longer needed GitLab OAuth params (#1538)
• No-op credential storage option (#1740)
• Fix TRACE2 logging (#1909)
• Linux ARM and ARM64 support
  • #1633
  • #2232
• Windows ARM64 and x64 support (#2230)
• Support Oracle Linux vis install-from-source (#2212)
• Linux install-from-source bug fixes
  • #1757
  • #2049
  • #2052
• macOS enterprise defaults (#1811)
• Documentation updates & fixes
  • #1713
  • #1722
  • #1884
  • #2123
  • #2154
• Fixes to CI & build
  • #1746
  • #1747
  • #1752
  • #2104
  • #2217
• Use Azure Pipelines for official builds
  • #2054
  • #2176
• Actions dependency updates
  • #1725
  • #1751
  • #1750
  • #1760
  • #1799
  • #2022
  • #2048
  • #1989
  • #2011
  • #2029
  • #2051
  • #2050
  • #2070
  • #2080
  • #2089
  • #2088
  • #2092
  • #2189
  • #2193

Security Fixes:

• CVE-2024-50338
  • Do not treat the lone carriage-return character (CR, \r) as a line terminator in the credential helper protocol

Changes:

• Fix Linux build scripts (#1752)
• Documentation fix for broken links (#1722)
• Permit use of HTTP (not-S) remotes for providers via config (#1721)
• Omit the client secret for GitLab (#1538)
• Various workflow action updates (#1725, #1738, #1751, #1750)
• Fix CentOS install from source workflow (#1746)
• Add Mariner and Arch Linux distribution validation builds (#1747)
• Add no-op credential storage option (#1740)

Changes:

• Drop no longer needed workflows (#1659)
• Documentation fixes (#1664, #1697)
• Configurable GPG store path via Git config (#1698)
• Fix Visual Studio build problems and update dependencies (#1711)
• Support sending X5C with certificate auth (#1666)

Changes:

• Update MSAL and Avalonia to latest versions (#1640).
• Changes to release workflow to publish NuGet signing certificate (#1594, #1644, #1647).
• Updates to Managed Identity and Service Principal docs.

Important Note:

The NuGet package/.NET Tool for this release was not generated correctly, and as such is not published to nuget.org. The artifact remains attached to this GitHub release for prosperity, but should not be used.

Changes:

• Fixes to install from source script (#1469)
• Use Avalonia generated view code (#1479)
• Various GitHub Actions updates (#1473, #1483, #1487, #1486, #1488, #1528, #1547)
• Fix bug in Azure Repos URL handling (#1522)
• Add Azure Managed Identity and SP docs (#1548)
• Fix error messages when using GCM outside of repo (#1561, #1583)
• Remove ESRP (#1571)
• Update to .NET 8 for Mac and Linux (#1579, #1580)
• Fix Alpine install from source script (#1582)
• Update MSAL and Avalonia (#1591)
• Fix issue with diagnostic messages (#1590)
• Address CVE-2024-32478 (this issue only affected the Linux Debian package)

Changes:

Since 2.4.0:

• Fix macOS ARM64 tarball contents (#1458)

Since 2.3.x:

• Add support for managed identity and service principals in Azure Repos (#1372)
• Support universal Gitea OAuth app configuration (#1442)
• Set default generic OAuth redirect URI value (#1444)
• Drop WPF helpers on Windows (#1417)
• Add software rendering override for Windows (#1445, #1453)
• Recognise GitLab hosts via WWW-Authenticate header (#1428)
• Recognise Bitbucket hosts via WWW-Authenticate header (#1441)
• Support GitHub Gist remote URLs (#1402)
• Update to Avalonia 11.x (#1383)
• Documentation updates (#1416)
• Drop unnecessary .NET Framework-specific code (#1447)
• Updates to release process (#1386, #1381)
• Update code signing certificates (#1431)

Changes:

• Add support for managed identity and service principals in Azure Repos (#1372)
• Support universal Gitea OAuth app configuration (#1442)
• Set default generic OAuth redirect URI value (#1444)
• Drop WPF helpers on Windows (#1417)
• Add software rendering override for Windows (#1445, #1453)
• Recognise GitLab hosts via WWW-Authenticate header (#1428)
• Recognise Bitbucket hosts via WWW-Authenticate header (#1441)
• Support GitHub Gist remote URLs (#1402)
• Update to Avalonia 11.x (#1383)
• Documentation updates (#1416)
• Drop unnecessary .NET Framework-specific code (#1447)
• Updates to release process (#1386, #1381)
• Update code signing certificates (#1431)

Changes:

• Catch unhandled Trace2 exception when writing to a file (#1378)

Changes

• Ensure only unique accounts are returned from credential store (#1368, #1369)
• Migrate GCM from microsoft/homebrew-git to Homebrew/homebrew-core tap (#1102, #1374)

Announcement 📣

The git-credential-manager-core symlinks have been removed as of this release. The links, together with warning messages, were originally provided in GCM 2.0.877 (Nov 2022) after the “core” suffix was dropped from the project name to help ensure a smooth transition.

If you have old configuration that was not updated with later GCM versions or Git for Windows installs, you may see error messages such as:

git: 'credential-manager-core' is not a git command. See 'git --help'.

Please see our documentation about how to migrate your configuration here.

Changes

• Fix a GCM/Git Trace2 file locking issue (#1323, #1340)
• Remove symlinks to git-credential-manager-core exe (#1322, #1327)
• Add fallback http uri to diagnose command (#1215, #1339)
• Workaround MSAL tenant issue with silent auth (#1297, #1321)