/ Update to Apache HTTP Server 2.2.25

We are delighted to announce VisualSVN Server patch releases based on Apache HTTP Server 2.2.25. These releases address the following vulnerabilities: CVE-2013-1896, CVE-2013-1862 and CVE-2013-4131. Upgrade to newer VisualSVN Server builds is recommended for all users.

Up-to-date VisualSVN Server installations are partially affected by the CVE-2013-1896 security vulnerability that allows remote attackers to cause a denial of service (segmentation fault). Exploiting this vulnerability does require write access to the repository, so the risks are relatively low. Please choose appropriate patch build that corresponds to your current version.

If you are using VisualSVN Server 2.5, please update to VisualSVN Server 2.5.12 that is available for download at the version 2.5 download page.

If you are using VisualSVN Server 2.1, please update to VisualSVN Server 2.1.15 that is available for download at the version 2.1 download page.

If you have already upgraded to VisualSVN Server 2.6, please update to VisualSVN Server 2.6.2 that is available for download at the main download page.

Comparing to the previous version, there are the following changes in the VisualSVN Server 2.6.2:

Nevertheless that VisualSVN Server 2.6 based on the recently released Subversion 1.8 is already available for download, it is still not officially announced in our RSS channel and mailing lists. We recommend upgrading to the version 2.5.12 if you currently use VisualSVN Server 2.5. Please upgrade to version 2.6.2 only if you have already upgraded your production servers to VisualSVN Server 2.6.