We are glad to announce the availability of patch releases for VisualSVN products. Both VisualSVN and VisualSVN Server are now based on the most up-to-date Apache Subversion 1.12.2 and 1.10.6 LTS builds. Besides this, there is also an upgrade to Expat XML parser 2.2.7 and some other important fixes.
Apache Subversion 1.12.2 patch release addresses the CVE-2018-11782 and CVE-2019-0203 DoS vulnerabilities, which do not affect VisualSVN products. However, up-to-date VisualSVN Server installations are affected by the CVE-2018-20843 (remotely triggerable DoS, requires read access to the target server) that was addressed in the Expat XML parser 2.2.7 patch release. We consider the risks to be moderate, because VisualSVN Server does not allow anonymous read access. Therefore, upgrading to the new VisualSVN Server builds is highly recommended for all users.
Update for VisualSVN Server
It is also recommended to upgrade to version 4.0.3 if you are using an earlier version family of VisualSVN Server. Please, read VisualSVN Server 4.0 Release Notes to find out what's new in the latest release. For detailed upgrade instructions please consider the KB149: Upgrading to VisualSVN Server 4.0 knowledge base article.
Choose an appropriate patch build if you do not want to perform a significant upgrade right now:
- VisualSVN Server 3.9.6 if you have version 3.9.x installed.
- VisualSVN Server 3.8.8 if you have version 3.8.x installed.
Other version families of VisualSVN Server are not supported and maintenance updates are not available for them. It is strongly recommended to upgrade to VisualSVN Server 4.0.x if you are using any version family older than 3.8.x. Read the KB149: Upgrading to VisualSVN Server 4.0 article before upgrading.
Update for VisualSVN (a plug-in for Visual Studio)
You can download the latest VisualSVN 7.1.2 (for Visual Studio 2019), 6.4.1 (for Visual Studio 2017) and 5.4.1 (for Visual Studio 2015 and older) from the official download page.
Please note that VisualSVN 6.x or older users who do not have a valid 7.x license may need to upgrade the licenses. The upgrade is free if you are using VisualSVN under the Community License. For further details, please check the VisualSVN plug-in Licensing page.