Heartbleed Bug: VisualSVN Server is not vulnerable, VisualSVN requires a hotfix

A major security vulnerability referenced as the CVE-2014-0160 and so-called as the Heartbleed Bug has been found recently in the OpenSSL cryptographic library. Fortunately, all VisualSVN Server installations are not affected by this vulnerability. However, the hotfix is required for VisualSVN (the plug-in for Microsoft Visual Studio).

As it said above, VisualSVN Server is not affected by the Heartbleed Bug. Up-to-date VisualSVN Server installations are built against OpenSSL 0.9.8y that does not contain this vulnerability because the Heartbleed Bug was introduced in OpenSSL release 1.0.1.

Since the client side is also vulnerable by the Heartbleed Bug, upgrade to VisualSVN 4.0.6 is highly recommended for all VisualSVN users starting from version 3.5.2. Note that exploiting the client side vulnerability requires the user to connect to a compromised server, so the actual risks are relatively low.

You can get the latest version of VisualSVN at the official download page.