We are glad to announce the availability of VisualSVN Server 2.7.8 and VisualSVN 4.0.9 patch releases incorporating the recent fixes of common vulnerabilities and exposures in Subversion and OpenSSL.
There are two client-side CVEs fixed in the latest Subversion releases 1.8.10 and 1.7.18. These issues are described in CVE-2014-3522 and CVE-2014-3528 advisories. The latest series of OpenSSL releases, specifically 1.0.1i and 0.9.8zb, contain fixes to nine CVEs detailed in the corresponding advisory.
Some of the fixed CVEs may potentially affect VisualSVN products. The severity level of these vulnerabilities is medium to low. Users of VisualSVN and VisualSVN Server are advised to apply the updates.
VisualSVN users should update to VisualSVN 4.0.9 available at the download page.
VisualSVN Server users should choose the appropriate patch build that corresponds to their currently installed version: