/ VisualSVN Server 2.5.15 and VisualSVN Server 2.6.5 released

We are delighted to announce that VisualSVN Server 2.5.15 and VisualSVN Server 2.6.5 patch releases are available. These releases are based on Apache Subversion versions 1.7.13 and 1.8.3 respectively and address the following vulnerabilities:

Upgrade to newer VisualSVN Server builds is recommended for all users.

If you are using VisualSVN Server 2.5, please update to VisualSVN Server 2.5.15 that is available for download at the version 2.5 download page.

If you are using VisualSVN Server 2.6, please update to VisualSVN Server 2.6.5 that is available for download at the main download page.

Changes in VisualSVN Server 2.5.15

Up-to-date VisualSVN Server 2.5 installations are not affected by CVE-2013-4277. However, it’s recommended to upgrade to VisualSVN Server 2.5.15 because it provides hotfixes for other significant issues. The changelog for VisualSVN Server 2.5.15 is the following:

Changes in VisualSVN Server 2.6.5

Up-to-date VisualSVN Server 2.6 installations are partially affected by CVE-2013-4246 vulnerability that allows remote attackers to corrupt a repository by editing packed revision properties. The risk is relatively low for VisualSVN Server users because of the following facts:

  • revision properties packing is currently disabled by default;
  • exploiting this vulnerability requires write access to the repository.

VisualSVN Server 2.6.5 also provides the following fixes and improvements:

Should I upgrade my production server to VisualSVN Server 2.6?

VisualSVN Server 2.6 that is based on the recently released Subversion 1.8 is already available for download. However, it is still not officially announced in our RSS channel and mailing lists. The current version of VisualSVN Server 2.6 works fine for the new customers, but we are currently working to solve technical issues that affect customers who upgrade from VisualSVN Server 2.5 and older versions.

We recommend upgrading to the version 2.5.15 if you currently use VisualSVN Server 2.5. Please upgrade to version 2.6.5 only if you have already upgraded your production servers to VisualSVN Server 2.6.