GitoxideLabs
diff --git a/‎Cargo.lock‎
Lines changed: 3 additions & 1 deletion b/‎Cargo.lock‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎etc/plan/performance.md‎
Lines changed: 282 additions & 0 deletions b/‎etc/plan/performance.md‎
Lines changed: 282 additions & 0 deletions
diff --git a/‎gix-diff/Cargo.toml‎
Lines changed: 1 addition & 1 deletion b/‎gix-diff/Cargo.toml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎gix-dir/Cargo.toml‎
Lines changed: 1 addition & 1 deletion b/‎gix-dir/Cargo.toml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎gix-discover/Cargo.toml‎
Lines changed: 1 addition & 1 deletion b/‎gix-discover/Cargo.toml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎gix-fs/CHANGELOG.md‎
Lines changed: 28 additions & 1 deletion b/‎gix-fs/CHANGELOG.md‎
Lines changed: 28 additions & 1 deletion
diff --git a/‎gix-fs/Cargo.toml‎
Lines changed: 1 addition & 1 deletion b/‎gix-fs/Cargo.toml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎gix-fs/src/stack.rs‎
Lines changed: 18 additions & 5 deletions b/‎gix-fs/src/stack.rs‎
Lines changed: 18 additions & 5 deletions
@@ -54,7 +54,7 @@ gix-filter = { version = "^0.30.0", path = "../gix-filter", optional = true }
 gix-worktree = { version = "^0.52.0", path = "../gix-worktree", default-features = false, features = ["attributes"], optional = true }
 gix-command = { version = "^0.9.0", path = "../gix-command", optional = true }
 gix-path = { version = "^0.12.0", path = "../gix-path", optional = true }
-gix-fs = { version = "^0.21.0", path = "../gix-fs", optional = true }
+gix-fs = { version = "^0.21.1", path = "../gix-fs", optional = true }
 gix-tempfile = { version = "^23.0.0", path = "../gix-tempfile", optional = true }
 gix-trace = { version = "^0.1.19", path = "../gix-trace", optional = true }
 gix-traverse = { version = "^0.57.0", path = "../gix-traverse", optional = true }
 
@@ -23,7 +23,7 @@ sha1 = ["gix-discover/sha1", "gix-index/sha1", "gix-object/sha1", "gix-worktree/
 gix-trace = { version = "^0.1.19", path = "../gix-trace" }
 gix-index = { version = "^0.51.0", path = "../gix-index" }
 gix-discover = { version = "^0.51.0", path = "../gix-discover" }
-gix-fs = { version = "^0.21.0", path = "../gix-fs" }
+gix-fs = { version = "^0.21.1", path = "../gix-fs" }
 gix-path = { version = "^0.12.0", path = "../gix-path" }
 gix-pathspec = { version = "^0.18.0", path = "../gix-pathspec" }
 gix-worktree = { version = "^0.52.0", path = "../gix-worktree", default-features = false }
 
@@ -22,7 +22,7 @@ sha1 = ["gix-ref/sha1"]
 gix-sec = { version = "^0.14.0", path = "../gix-sec" }
 gix-path = { version = "^0.12.0", path = "../gix-path" }
 gix-ref = { version = "^0.63.0", path = "../gix-ref" }
-gix-fs = { version = "^0.21.0", path = "../gix-fs" }
+gix-fs = { version = "^0.21.1", path = "../gix-fs" }
 
 bstr = { version = "1.12.0", default-features = false, features = ["std", "unicode"] }
 thiserror = "2.0.18"
 
@@ -5,13 +5,39 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## 0.21.1 (2026-04-30)
+
+A security fix for https://github.com/GitoxideLabs/gitoxide/security/advisories/GHSA-f89h-2fjh-2r9q, 
+which could allow attackers to trick `gix clone` into writing outside of the repository.
+
+### Commit Statistics
+
+<csr-read-only-do-not-edit/>
+
+ - 3 commits contributed to the release over the course of 2 calendar days.
+ - 2 days passed between releases.
+ - 0 commits were understood as [conventional](https://www.conventionalcommits.org).
+ - 0 issues like '(#ID)' were seen in commit messages
+
+### Commit Details
+
+<csr-read-only-do-not-edit/>
+
+<details><summary>view details</summary>
+
+ * **Uncategorized**
+    - Update changelog of gix-fs prior to release ([`e26d378`](https://github.com/GitoxideLabs/gitoxide/commit/e26d37819e59556e018700cba9c414648d6939be))
+    - Revalidate cached stack leaves before directory reuse ([`93d0ff6`](https://github.com/GitoxideLabs/gitoxide/commit/93d0ff6342f9fba5e30a6a893ad11347cf6cfcbc))
+    - Merge pull request #2546 from GitoxideLabs/fix-2545 ([`adb8328`](https://github.com/GitoxideLabs/gitoxide/commit/adb8328952478c443ead5f5a8c6851928b377b37))
+</details>
+
 ## 0.21.0 (2026-04-28)
 
 ### Commit Statistics
 
 <csr-read-only-do-not-edit/>
 
- - 1 commit contributed to the release over the course of 2 calendar days.
+ - 2 commits contributed to the release over the course of 2 calendar days.
  - 3 days passed between releases.
  - 0 commits were understood as [conventional](https://www.conventionalcommits.org).
  - 0 issues like '(#ID)' were seen in commit messages
@@ -23,6 +49,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 <details><summary>view details</summary>
 
  * **Uncategorized**
+    - Release gix-error v0.2.3, gix-date v0.15.3, gix-actor v0.41.0, gix-path v0.12.0, gix-features v0.48.0, gix-hash v0.25.0, gix-hashtable v0.15.0, gix-object v0.60.0, gix-glob v0.26.0, gix-attributes v0.33.0, gix-command v0.9.0, gix-filter v0.30.0, gix-fs v0.21.0, gix-commitgraph v0.37.0, gix-revwalk v0.31.0, gix-traverse v0.57.0, gix-worktree-stream v0.32.0, gix-archive v0.32.0, gix-tempfile v23.0.0, gix-lock v23.0.0, gix-index v0.51.0, gix-config-value v0.18.0, gix-pathspec v0.18.0, gix-ignore v0.21.0, gix-worktree v0.52.0, gix-imara-diff v0.2.1, gix-diff v0.63.0, gix-blame v0.13.0, gix-ref v0.63.0, gix-sec v0.14.0, gix-config v0.56.0, gix-prompt v0.15.0, gix-url v0.36.0, gix-credentials v0.38.0, gix-discover v0.51.0, gix-dir v0.25.0, gix-mailmap v0.33.0, gix-revision v0.45.0, gix-merge v0.16.0, gix-negotiate v0.31.0, gix-pack v0.70.0, gix-odb v0.80.0, gix-refspec v0.41.0, gix-shallow v0.12.0, gix-transport v0.57.0, gix-protocol v0.61.0, gix-status v0.30.0, gix-submodule v0.30.0, gix-worktree-state v0.30.0, gix v0.83.0, gix-fsck v0.21.0, gitoxide-core v0.57.0, gitoxide v0.53.0, safety bump 48 crates ([`53f880c`](https://github.com/GitoxideLabs/gitoxide/commit/53f880c7604232c367870088176e42efd8a5b783))
     - Merge pull request #2540 from GitoxideLabs/reporting ([`4d5ba23`](https://github.com/GitoxideLabs/gitoxide/commit/4d5ba231685e8ff36195603c57193aa1cd21fa8e))
 </details>
 
 
@@ -2,7 +2,7 @@ lints.workspace = true
 
 [package]
 name = "gix-fs"
-version = "0.21.0"
+version = "0.21.1"
 repository = "https://github.com/GitoxideLabs/gitoxide"
 license = "MIT OR Apache-2.0"
 description = "A crate providing file system specific utilities to `gitoxide`"
 
@@ -193,27 +193,40 @@ impl Stack {
         self.valid_components = matching_components;
 
         if !self.current_is_directory && components.peek().is_some() {
-            delegate.push_directory(self)?;
+            delegate.push(false, self)?;
+            // Make sure we don't consider this a directory if the `push` above fails.
+            self.current_is_directory = true;
+            if let Err(err) = delegate.push_directory(self) {
+                self.current_is_directory = false;
+                return Err(err);
+            }
         }
 
         while let Some(comp) = components.next() {
             let comp = comp.map_err(std::io::Error::other)?;
             let is_last_component = components.peek().is_none();
+            let parent_is_directory = self.current_is_directory;
             self.current_is_directory = !is_last_component;
             self.current.push(comp);
             self.current_relative.push(comp);
             self.valid_components += 1;
             let res = delegate.push(is_last_component, self);
-            if self.current_is_directory {
-                delegate.push_directory(self)?;
-            }
-
             if let Err(err) = res {
                 self.current.pop();
                 self.current_relative.pop();
                 self.valid_components -= 1;
+                self.current_is_directory = parent_is_directory;
                 return Err(err);
             }
+            if self.current_is_directory {
+                if let Err(err) = delegate.push_directory(self) {
+                    self.current.pop();
+                    self.current_relative.pop();
+                    self.valid_components -= 1;
+                    self.current_is_directory = parent_is_directory;
+                    return Err(err);
+                }
+            }
         }
         Ok(())
     }