VisualSVN Server patch release 2.1.10 is available. This is a security and bug
fix release that addresses critical vulnerability recently identified in Apache
HTTP Server.
Comparing to the previous release, there are the following changes in the
VisualSVN Server 2.1.10:
* Updated to Apache HTTP Server 2.2.20 with fix for the critical vulnerability:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
* Negotiate authentication method is disabled for Subversion clients built
against Neon (reverting the corresponding change from the version 2.1.9).
Up-to-date VisualSVN Server installations are partially affected by
CVE-2011-3192 vulnerability that allows remote attackers to cause a denial of
service (also known as "Apache Killer" problem). Upgrade to VisualSVN Server
2.1.10 is strongly recommended for all users. You can get the latest version of
VisualSVN Server on the official download page at:
http://www.visualsvn.com/server/download/
Note that VisualSVN Server 2.0.17 maintenance release is also available
to download and install. For further details please consider the changelog
record for VisualSVN Server 2.0.17 at:
http://www.visualsvn.com/server/changes/#v2.0.17
--
With best regards,
Danil Shopyrin
VisualSVN Team
--
You received this message because you are subscribed to the Google Groups
"VisualSVN" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/visualsvn?hl=en.
