Several weeks ago, the Git community announced a new 2.2.1 release which fixed a serious security vulnerability. You can read more here and here. The Eclipse JGit project had their fix available the day that the vulnerability was announced. However, since the vast majority of Eclipse users get their Eclipse via the packages, the decision was made to make new versions of those available as well. I am happy to announce that as of 10:00am Eastern this morning, those new packages are now available for download from Eclipse.
This is the first time the Eclipse community has done a re-spin of our current release for a security issue. Congratulations and thank yous are due to many people, but in particular the JGit project, the webmaster team, and to David Williams and Markus Knauer for all the hard work necessary to make this happen.
Eclipse users who use Git or GitHub through their Eclipse Workbench should either download the new package, or use “Help > Check for Updates” to update their existing installation.
