Update to Apache HTTP Server 2.4.68 and OpenSSL 3.0.21

We are glad to announce that VisualSVN products have been updated to Apache HTTP Server 2.4.68, OpenSSL 3.0.21 and Expat XML parser 2.8.1. The update for the VisualSVN plug-in also includes several other fixes.

This update fixes multiple security vulnerabilities, some of which affect both VisualSVN Server and the VisualSVN plug-in. Therefore, updating to the new builds is strongly recommended for all users.

The update to Apache HTTP Server 2.4.68 and OpenSSL 3.0.21 cumulatively fixes a number of security vulnerabilities. Most notable among them are CVE-2026-44631, CVE-2026-42535, CVE-2026-29167, CVE-2026-28780 and CVE-2026-34182, which have critical CVSS scores. However, none of these vulnerabilities affect standard, up-to-date installations of VisualSVN Server, and they may be relevant only to deployments with manually customized configuration files.

The update to Expat XML parser 2.8.1 also cumulatively fixes a number of security vulnerabilities. They include high-severity CVE-2026-45186 and CVE-2026-41080, both of which can potentially lead to a denial of service. In the context of VisualSVN Server, only CVE-2026-45186 has a known exploitation vector, which requires the attacker to be authenticated and have read access to a repository.

Update for VisualSVN Server

You can get the latest VisualSVN Server 5.4.8 version from the official download page. For the complete list of changes, see the VisualSVN Server 5.4.8 changelog.

Version families older than VisualSVN Server 5.4.x are no longer supported, and maintenance updates are not available for them. It is strongly recommended that you upgrade to VisualSVN Server 5.4.8 if you are using any version family older than 5.4.x. If upgrading from VisualSVN Server 5.3.x or earlier, please read the article KB233: Upgrading to VisualSVN Server 5.4 before beginning the upgrade.

Update for VisualSVN (a plug-in for Visual Studio)

Select an appropriate VisualSVN plug-in version with respect to your Visual Studio version:

For the complete list of changes in these maintenance builds, see the corresponding changelog entries for these plug-in versions: VisualSVN 8.5.1, VisualSVN 7.5.2, VisualSVN 6.9.2 and VisualSVN 5.8.2.