VisualSVN Server patch release 2.1.10 is available. This is a security and bug fix release that addresses critical vulnerability recently identified in Apache HTTP Server.
Comparing to the previous release, there are the following changes in the VisualSVN Server 2.1.10:
- Updated to Apache HTTP Server 2.2.20 with fix for the critical vulnerability: CVE-2011-3192.
- Negotiate authentication method is disabled for Subversion clients built against Neon (reverting the corresponding change from the version 2.1.9).
Up-to-date VisualSVN Server installations are partially affected by CVE-2011-3192 vulnerability that allows remote attackers to cause a denial of service (also known as "Apache Killer" problem). Upgrade to VisualSVN Server 2.1.10 is strongly recommended for all users. You can get the latest version of VisualSVN Server on the official download page.
Note that VisualSVN Server 2.0.17 maintenance release is also available to download and install. For further details please consider the changelog record for VisualSVN Server 2.0.17.