I noticed that some linux distros ship with an older version of git. For example, my CentOS7 setup is using 1.8.3.1. As of now, the latest is 2.19. My question is more specific towards the precautions of running older versions of Git that may come preinstalled on a system.<p>Are there any precautions or issues with running older versions?<p>What are they and can they pose as a significant threat in your development?<p>I noticed there are a wide set of tools for git like gitk, git-lfs, etc... Are there older versions of git that may not include these tool sets and therefore require the user to install them manually?<p>Where do I find release notes per each release of Git?
Make sure your distro provides security updates for git. For instance, CVE-2018-17456 (another RCE via submodules bug) was recently disclosed and patched in Debian Jessie (oldstable), even though jessie has git 2.1.x which may not be getting updates from git core developers.<p>Otherwise, old and new git interact really quite well. You'll miss out on new features, naturally. Because of reasons, I still make daily use of 1.8.2.2 and it's fine! (but only when interacting with trusted peers within my organization, that thing hasn't seen a security patch in a decade or so)<p>As for release notes, every release gets its own file here: <a href="https://github.com/git/git/tree/master/Documentation/RelNotes" rel="nofollow">https://github.com/git/git/tree/master/Documentation/RelNote...</a> -- you'll get the highlights of major features by reading the x.y.0 release notes.<p>Git is not a hard build from source as such things go, but it leaves you to track security fixes on your own.