Update to OpenSSL 1.0.2n
We are glad to announce the release of VisualSVN Server updates built with OpenSSL 1.0.2n. These updates contain cumulative fixes for four OpenSSL CVEs: CVE-2017-3735, CVE-2017-3736, CVE-2017-3737, CVE-2017-3738. Up-to-date VisualSVN Server installations are potentially affected by the CVE-2017-3737 and the CVE-2017-3738. The severity and actual risks are considered to be low. Nevertheless, we recommend that VisualSVN Server users update to the new builds.
You can get the latest VisualSVN Server 3.7.1 version at the main download page.
Note that the VisualSVN Server 3.7.1 update was silently available for download at the time of the official announcement of the latest VisualSVN Server 3.7 version family. Please, read the VisualSVN Server 3.7 Release Notes to find out what's new in the latest release.
We recommend upgrading to the latest version 3.7.1 if you are using an earlier version family of VisualSVN Server because older version families 3.6.x and 3.5.x will soon reach End of Support (the announcement is coming). For upgrade instructions, please consider the KB116: Upgrading to VisualSVN Server 3.7 knowledge base article.
However, if you do not want to perform a significant upgrade right now, you can choose an appropriate maintenance build below:
- VisualSVN Server 3.6.5 if you have version 3.6.x installed.
- VisualSVN Server 3.5.13 if you have version 3.5.x installed.