VisualSVN Server patch release 2.1.9 is available. This is a security and bug fix release that addresses several critical vulnerabilities recently identified in Apache Subversion.
Comparing to the previous release, there are the following changes in the VisualSVN Server 2.1.9:
- Updated to Subversion 1.6.17 with fixes for the following vulnerabilities: CVE-2011-1752, CVE-2011-1783, CVE-2011-1921.
- Updated to Apache HTTP Server 2.2.19.
- Updated to Neon 0.29.6.
- Negotiate authentication method is enabled for Subversion clients built against Neon 0.29.5 (and newer).
- Fixed: an attempt to change repository root settings fails with the "The remote procedure call failed. (0x800706be)" error message.
- Fixed: upgrade fails with the "Custom action CreateInitialAuthFilesExecute failed" error message when repositories are stored on network share.
Up-to-date VisualSVN Server installations are affected by CVE-2011-1752 and CVE-2011-1921 vulnerabilities that could lead to DoS attacks and data leakage. That's why upgrade to VisualSVN Server 2.1.9 is strongly recommended for all users. You can get the latest version of VisualSVN Server on the official download page.
Note that VisualSVN Server 2.0.16 maintenance release is also available to download and install. For further details please consider the changelog record for VisualSVN Server 2.0.16.