VisualSVN Server patch release 2.1.9 is available. This is a security and bug
fix release that addresses several critical vulnerabilities recently identified
in Apache Subversion.
Comparing to the previous release, there are the following changes in the
VisualSVN Server 2.1.9:
* Updated to Subversion 1.6.17 with fixes for the following vulnerabilities:
http://subversion.apache.org/security/CVE-2011-1752-advisory.txt
http://subversion.apache.org/security/CVE-2011-1783-advisory.txt
http://subversion.apache.org/security/CVE-2011-1921-advisory.txt
* Updated to Apache HTTP Server 2.1.17.
* Updated to Neon 0.29.6.
* Negotiate authentication method is enabled for Subversion clients built
against Neon 0.29.5 (and newer).
* Fixed: an attempt to change repository root settings fails with the "The
remote procedure call failed. (0x800706be)" error message.
* Fixed: upgrade fails with the "Custom action CreateInitialAuthFilesExecute
failed" error message when repositories are stored on network share.
Up-to-date VisualSVN Server installations are affected by CVE-2011-1752 and
CVE-2011-1921 vulnerabilities that could lead to DoS attacks and data leakage.
That's why upgrade to VisualSVN Server 2.1.9 is strongly recommended for all
users. You can get the latest version of VisualSVN Server on the official
download page at:
http://www.visualsvn.com/server/download/
Note that VisualSVN Server 2.0.16 maintenance release is also available
to download and install. For further details please consider the changelog
record for VisualSVN Server 2.0.16 at:
http://www.visualsvn.com/server/changes/#v2.0.16
--
With best regards,
Danil Shopyrin
VisualSVN Team
--
You received this message because you are subscribed to the Google Groups
"VisualSVN" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/visualsvn?hl=en.
