Critical security vulnerabilities were announced for both Git and Mercurial on December 18, 2014 affecting Git and Hg clients on the Mac and Windows platforms. You can read about these vulnerabilities in detail at the following links:
Our servers are not vulnerable to this exploit. However our servers *can* serve this bug to clients if a malicious user has write access to some repository AND you pull and checkout that malicious repository. This release patches our Client Tools and fixes the server side so that we can no longer serve this vulnerability.
All users on the Mac and Windows platforms are encouraged to upgrade their Git and Hg clients to a patched version. Alternatively, you can re-download and re-install the Kiln Client Tools from your Kiln site after the this version is released to your account.
Each account will be upgraded at its local midnight (that is, midnight based on the account's site settings). There is no downtime expected. Release notes for version 3.0.156 can be found on our customer service portal.
Please contact us if you have any questions.