mirrors/neovim
1
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2026-06-15 16:23:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
f83e0dcaf8cf18de94828341b0a1a61a86c75baf
neovim/runtime
History
Justin M. Keyes f83e0dcaf8 fix(vim.secure): read() command injection vulnerability #39918 
Problem:
Malicious filename can execute code because of ":" cmdline expansion.

Solution:
Use `fnameescape()`.

fix https://github.com/neovim/neovim/issues/39914

(cherry picked from commit 799cbfff85)
2026-05-20 20:00:45 +00:00
..
autoload
vim-patch:9.2.0299: runtime(zip): may write using absolute paths (#38810)
2026-04-06 02:39:21 +00:00
colors
vim-patch:c99aaf4: runtime(colors): improve catppuccin colorscheme
2026-02-01 08:22:07 +08:00
compiler
vim-patch:9.2.0225: runtime(compiler): No compiler plugin for just (#38424)
2026-03-22 23:14:49 +00:00
doc
backport: opts.scope in vim.ui.input (#39906)
2026-05-20 08:44:03 +00:00
ftplugin
fix(health): set 'tags' for help filetype #39742
2026-05-11 19:37:36 +00:00
indent
vim-patch:99ea2b5: runtime(handlebars): adds handlebars template syntax & indent support
2026-03-06 07:59:15 +08:00
keymap
vim-patch:5c855ce: runtime: convert *_utf-8.vim files to actual UTF-8 encoding
2026-01-26 06:53:53 +08:00
lua
fix(vim.secure): read() command injection vulnerability #39918
2026-05-20 20:00:45 +00:00
pack/dist/opt
fix(difftool): handle filenames containing spaces #39740
2026-05-15 01:04:43 +00:00
plugin
fix(net): :edit <uri> should set buftype=nofile #39915
2026-05-20 17:25:32 +00:00
queries
build(deps): bump tree-sitter-lua to v0.5.0
2026-02-26 19:26:35 +01:00
scripts
backport feat(tui): restore 'ttyfast' to control tty requests (#39667)
2026-05-08 06:49:34 +00:00
spell
syntax
vim-patch:bfebd12: runtime(javacc): Check for existence of javaFuncDef syn group before clearing it (#39731)
2026-05-11 10:02:23 +00:00
tutor
docs: misc (#37280)
2026-01-07 08:11:42 +08:00
CMakeLists.txt
fix(cmake): linker flags, doc generation for cross-compilation #38215
2026-03-11 19:05:46 +00:00
delmenu.vim
embedded_data.zig
build: ship "_core/*" as bytecode (built-into Nvim binary)
2025-12-30 01:44:24 -05:00
example_init.lua
docs: api, plugins, ui2
2026-03-24 00:14:55 +01:00
filetype.lua
docs: use "ev" convention in event-handlers
2026-03-12 11:12:56 +01:00
ftoff.vim
ftplugin.vim
ftplugof.vim
gen_runtime.zig
fix(build): workaround errors in zig build due to stale cache
2025-08-22 19:10:43 +02:00
indent.vim
indoff.vim
makemenu.vim
vim-patch:9.1.1647: filetype: Cangjie files are not recognized
2025-08-20 07:23:49 +08:00
menu.vim
vim-patch:d5f173c: runtime(menu): fix space before Tab and trailing space
2026-01-20 07:56:50 +08:00
neovim.ico
nvim.appdata.xml
NVIM v0.12.2
2026-04-22 16:05:55 +02:00
nvim.desktop
build(desktop): declare "Development" category #37794
2026-02-09 16:55:37 -05:00
nvim.png
synmenu.vim
vim-patch:9.1.1647: filetype: Cangjie files are not recognized
2025-08-20 07:23:49 +08:00
windows_icon.rc
feat(win32): embed executable icon
2024-07-02 13:05:16 +02:00