We are glad to announce that VisualSVN products have been updated to Apache HTTP Server 2.4.55 and OpenSSL 1.1.1t. Besides this, relevant VisualSVN products are now updated to the Expat XML parser 2.5.0.
This update fixes a number of security vulnerabilities, some of which may affect both the VisualSVN plug-in and VisualSVN Server. Therefore, updating to the new builds is recommended for all users.
Versions of VisualSVN Server prior to this update are affected by the moderate-severity CVE-2006-20001 vulnerability. It allows an authenticated attacker to perform a denial-of-service attack using a specially crafted request to the server. The underlying issue has been fixed in Apache HTTP Server 2.4.55.
As for the vulnerabilities fixed in OpenSSL 1.1.1t, the VisualSVN plug-in and default installations of VisualSVN Server are not affected by the high-severity CVE-2023-0286 vulnerability. However, versions of the VisualSVN plug-in and VisualSVN Server prior to this update can potentially be affected by the moderate-severity CVE-2022-4450 vulnerability.
Update for VisualSVN Server
Alternatively, choose an appropriate patch build if you do not want to perform a significant upgrade right now:
- VisualSVN Server 5.0.4 if you have version 5.0.x installed.
- VisualSVN Server 4.3.11 if you have version 4.3.x installed.
Other version families of VisualSVN Server are not supported, and maintenance updates are not available for them. It is strongly recommended to upgrade to VisualSVN Server 5.1.3 if you are using any version family older than 4.3.x. Please read the KB204: Upgrading to VisualSVN Server 5.1 article before upgrading.
Update for VisualSVN (a plug-in for Visual Studio)
Select an appropriate VisualSVN plug-in version with respect to your Visual Studio version:
- If you use Visual Studio 2022, update to VisualSVN 8.1.1.
- If you use Visual Studio 2019, update to VisualSVN 7.3.8.
- If you use Visual Studio 2017, update to VisualSVN 6.7.7.
- If you use Visual Studio 2015 or older, update to VisualSVN 5.6.7. Note that VisualSVN 5.6.7 is still using the Expat XML parser 2.2.10.
Get the latest patch version of VisualSVN, appropriate for your Visual Studio release, from the official download page.