We are glad to announce the update to Apache HTTP Server 2.4.51 and OpenSSL 1.1.1l for relevant VisualSVN products. This update fixes several security vulnerabilities.
VisualSVN Server is not affected by the critical CVE-2021-41773 and CVE-2021-42013 vulnerabilities that were recently found in the Apache HTTP Server. Default VisualSVN Server installations also are not affected by the other vulnerabilities found in the Apache HTTP Server. However, both VisualSVN and VisualSVN Server may be affected by the CVE-2021-3711 and CVE-2021-3712 vulnerabilities found in OpenSSL, so updating to the new builds is highly recommended for all users.
Update for VisualSVN Server
Choose an appropriate patch build if you do not want to perform a significant upgrade right now:
- VisualSVN Server 4.2.7 if you have version 4.2.x installed.
Other version families of VisualSVN Server are not supported, and maintenance updates are not available for them. It is strongly recommended to upgrade to VisualSVN Server 4.3.5 if you are using any version family older than 4.2.x. Please read the KB167: Upgrading to VisualSVN Server 4.3 article before upgrading.
Update for VisualSVN (a plug-in for Visual Studio)
Select an appropriate VisualSVN plug-in version with respect to your Visual Studio version:
- If you use Visual Studio 2019, update to VisualSVN 7.3.4.
- If you use Visual Studio 2017, update to VisualSVN 6.7.3.
- If you use Visual Studio 2015 or older, update to VisualSVN 5.6.3.
Get the latest version of VisualSVN on the official download page.