New versions of the Git project have been released to address a security vulnerability in the credential helper mechanism affecting versions 2.26 and older, which allows arbitrary data injection into the credential helper protocol stream via a malformed remote URL. Users are advised to upgrade to version 2.26.1 to mitigate the risk, and if unable to update immediately, to avoid running git clone with untrusted repositories and using the credential helper. GitHub has also implemented measures to protect against these attacks, including changes to prevent malicious .gitmodules files and a scheduled GitHub Desktop release, as well as patching GitHub Enterprise to address the vulnerability. The vulnerability was discovered by Felix Wilhelm of Google Project Zero, and the fixes are being incorporated into supported release series with further updates planned.