We are glad to announce the availability of patch releases for VisualSVN products linked with OpenSSL 1.1.1o with a fix for the CVE-2022-1292 vulnerability.
The CVE-2022-1292 vulnerability does not affect up-to-date versions of VisualSVN products. Although the vulnerability does not affect up-to-date VisualSVN products, it is recommended that all users upgrade to the latest builds.
Update for VisualSVN Server
Choose an appropriate maintenance build if you do not want to perform a significant upgrade right now:
- VisualSVN Server 4.3.9 if you have version 4.3.x installed.
- VisualSVN Server 4.2.12 if you have version 4.2.x installed.
Other version families of VisualSVN Server are not supported, and maintenance updates are not available for them. It is strongly recommended to upgrade to VisualSVN Server 5.0.x if you are using any version family older than 4.2.x. Read the article KB174: Upgrading to VisualSVN Server 5.0 before upgrading.
Update for VisualSVN (a plug-in for Visual Studio)
Select an appropriate VisualSVN plug-in version with respect to your Visual Studio version:
- If you use Visual Studio 2022, update to VisualSVN 8.0.4.
- If you use Visual Studio 2019, update to VisualSVN 7.3.7.
- If you use Visual Studio 2017, update to VisualSVN 6.7.6.
- If you use Visual Studio 2015 or older, update to VisualSVN 5.6.6.
Get the latest version of VisualSVN from the official download page.