Update to Apache HTTP Server 2.4.66 and OpenSSL 3.0.19

We are glad to announce the new VisualSVN Server 5.4.6 patch release that contains an update to Apache HTTP Server 2.4.66 and to OpenSSL 3.0.19.

This update fixes a number of security vulnerabilities, including CVE-2025-15467, which is assigned a critical base CVSS score. However, none of these vulnerabilities affect standard, up-to-date installations of VisualSVN Server, and they may be relevant only to deployments with manually customized configuration files. Nevertheless, updating to VisualSVN Server 5.4.6 is recommended for all users.

Update for VisualSVN Server

You can get the latest VisualSVN Server 5.4.6 version from the official download page. For the complete list of changes, see the VisualSVN Server 5.4.6 changelog.

Version families older than VisualSVN Server 5.4.x are no longer supported, and maintenance updates are not available for them. It is strongly recommended that you upgrade to VisualSVN Server 5.4.6 if you are using any version family older than 5.4.x. If upgrading from VisualSVN Server 5.3.x or earlier, please read the article KB233: Upgrading to VisualSVN Server 5.4 before beginning the upgrade.

Update for VisualSVN (a plug-in for Visual Studio)

The VisualSVN plug-in for Visual Studio is not affected by any of the vulnerabilities fixed in OpenSSL 3.0.19. For this reason, an update for the VisualSVN plug-in is not provided at this time.