VisualSVN Server 2.5

• Updated to Apache Subversion 1.7.21 with fixes for the following vulnerabilities: CVE-2015-3184, CVE-2015-3187.
  For further details please see http://svn.apache.org/repos/asf/subversion/tags/1.7.21/CHANGES

• Updated to Apache Subversion 1.7.20 with fixes for the following vulnerabilities: CVE-2015-0202, CVE-2015-0248, CVE-2015-0251.
  For further details please see http://svn.apache.org/repos/asf/subversion/tags/1.7.20/CHANGES
• Updated to OpenSSL 0.9.8zf with fixes for the following vulnerabilities: CVE-2015-0286, CVE-2015-0287, CVE-2015-0289, CVE-2015-0293. CVE-2015-0209. CVE-2015-0288.
  For further details please see the corresponding OpenSSL Security Advisory.

• Updated to Apache Subversion 1.7.19 with fixes for the following vulnerabilities: CVE-2014-3580, CVE-2014-8108.
  For further details please see http://svn.apache.org/repos/asf/subversion/tags/1.7.19/CHANGES

• Updated to OpenSSL 0.9.8zc with fixes for the following vulnerabilities: CVE-2014-3566, CVE-2014-3567, CVE-2014-3568.
• Disable SSL 3.0 on the server side to mitigate the POODLE attack.

• Updated to Apache HTTP Server 2.2.29 with fixes for the following vulnerabilities: CVE-2014-0118, CVE-2014-0231, CVE-2014-0226, CVE-2013-5704.
• Disable SNI (Server Name Indication) extension to workaround non-compliant Subversion clients that incorrectly handle SSL handshake alerts.

• Updated to Apache Subversion 1.7.18 with fixes for the following vulnerabilities: CVE-2014-3522, CVE-2014-3528.
  For further details please see http://svn.apache.org/repos/asf/subversion/tags/1.7.18/CHANGES
• Updated to OpenSSL 0.9.8zb with fixes for the following vulnerability: CVE-2014-3508.

• Updated to OpenSSL 0.9.8za with fixes for the following vulnerabilities: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470, CVE-2014-0076.

• Updated to Apache Subversion 1.7.17. For further details please see
  http://svn.apache.org/repos/asf/subversion/tags/1.7.17/CHANGES
• Hotfix: Subversion 1.6 and older client fails to commit changes to paths with whitespaces or non-ASCII characters (the problem reappeared after the update to Apache HTTP Server 2.2.27).

• Updated to Apache HTTP Server 2.2.27 with fixes for the following vulnerabilities: CVE-2014-0098, CVE-2013-6438.

• Updated to Apache Subversion 1.7.16 with a fix for the following vulnerability: CVE-2014-0032.
  For further details please see http://svn.apache.org/repos/asf/subversion/tags/1.7.16/CHANGES

• Updated to Apache Subversion 1.7.14 with fixes for the following vulnerabilities: CVE-2013-4505, CVE-2013-4558.
  For further details please see http://svn.apache.org/repos/asf/subversion/tags/1.7.14/CHANGES

• Updated to Apache Subversion 1.7.13 with a fix for the following vulnerability: CVE-2013-4277.
  For further details please see http://svn.apache.org/repos/asf/subversion/tags/1.7.13/CHANGES
• Updated to zlib 1.2.8.
• Hotfix: 'svn copy' operation fails if the copied subtree contains locked files.

• Hotfix: Subversion 1.6 and older clients are unable to commit changes if a repository path contains whitespaces or non-ASCII characters.

• Updated to Apache HTTP Server 2.2.25 with fixes for the following vulnerabilities: CVE-2013-1896, CVE-2013-1862.
• Updated to Apache Subversion 1.7.11 with fix for CVE-2013-4131 vulnerability.
  For further details please see http://svn.apache.org/repos/asf/subversion/tags/1.7.11/CHANGES

• Updated to Apache Subversion 1.7.10 with fixes for the following vulnerabilities: CVE-2013-1968, CVE-2013-2088, CVE-2013-2112.
  For further details please see http://svn.apache.org/repos/asf/subversion/tags/1.7.10/CHANGES

• Updated to Apache Subversion 1.7.9 with fixes for the following vulnerabilities: CVE-2013-1845, CVE-2013-1846, CVE-2013-1847, CVE-2013-1849, CVE-2013-1884.
  For further details please see http://svn.apache.org/repos/asf/subversion/tags/1.7.9/CHANGES
• Updated to OpenSSL 0.9.8y with fixes for the following vulnerabilities: CVE-2013-0169, CVE-2012-2686, CVE-2013-0166.
• Fixed: mod_log_visualsvn module may crash if Access Logging is enabled.

• Updated to Apache Subversion 1.7.8. For further details please see
  http://svn.apache.org/repos/asf/subversion/tags/1.7.8/CHANGES

• Updated to Apache Subversion 1.7.7. For further details please see
  http://svn.apache.org/repos/asf/subversion/tags/1.7.7/CHANGES
• Updated to Serf 1.1.1.
• Fixed: unbounded server side memory usage is possible under some circumstances.
• Fixed: WMI provider may crash when server is managed by multiple clients.

• Updated to Apache Subversion 1.7.6. For further details please see
  http://svn.apache.org/repos/asf/subversion/tags/1.7.6/CHANGES

• Updated to Apache Subversion 1.7.5. For further details please see
  http://svn.apache.org/repos/asf/subversion/tags/1.7.5/CHANGES
• Updated to OpenSSL 0.9.8x.

• Updated to Apache Subversion 1.7.4. For further details please see
  http://svn.apache.org/repos/asf/subversion/tags/1.7.4/CHANGES
• Properly restart Apache HTTP Server child process if it gets aborted.
• Log appropriate error messages when Apache HTTP Server child process gets aborted.
• Remove inode from ETag HTTP header (to prevent false positive detection by security screening tools).

• Updated to Apache Subversion 1.7.3. For further details please see
  http://svn.apache.org/repos/asf/subversion/tags/1.7.3/CHANGES
• Updated to Apache HTTP Server 2.2.22
• Updated to OpenSSL 0.9.8t.
• Add CreateGnuTLSCompatibleCertificate registry option to create GnuTLS compatible self-signed certificates. See the KB56 article for details.

• Updated to Apache Subversion 1.7.2. For further details please see
  http://svn.apache.org/repos/asf/subversion/tags/1.7.2/CHANGES

• Updated to Apache Subversion 1.7.1. For further details please see
  http://svn.apache.org/repos/asf/subversion/tags/1.7.1/CHANGES

Major changes

• Updated to Apache Subversion 1.7.0 For further details please see Apache Subversion 1.7 Release Notes.
• Enable SVNPathAuthz short_circuit option to improve performance on authorization intensive operations (e.g. svn log).
• Add support for IPv6 protocol: VisualSVN Server now may be configured to listen on IPv6 interfaces.
• VisualSVN Server Manager now attempts to use delegation impersonation level when connecting to a remote server.
• Being installed for the first time, VisualSVN Server makes the pre-configured self-signed server certificate trusted on a local machine.
• Never trigger Subversion hooks when managing repositories in VisualSVN Server Manager.
• Adjust Apache HTTP Server settings for better compatibility with Subversion 1.7 clients.

VisualSVN Server Manager improvements

• Restart VisualSVN Server service gracefully when applying new configurations settings.
• Allow to configure repository access permissions for accounts from trusted Active Directory domains.
• New self-signed server certificates are generated to be valid for 10 years.
• New self-signed server certificates are generated to be valid for server authentication only.
• Add option to view current server certificate details.
• Several performance and usability improvements.
• Fixed: unable to import certificate with expiration date later than 2049 year.

Other changes

• Rename authentication realm to "VisualSVN Server".
• Move server.pid file to a local temporary directory.
• Set default maximum size of VisualSVN Server log to 20mb.
• Fixed: unable to create or remove folder in VisualSVN Server Manager if commit log message contains line breaks.
• Fixed: web browsers do not invalidate cache and manual page refresh is required to view recent repository changes.
• Fixed: VisualSVN Server service doesn't gracefully handle system shutdown/reboot events.