We are glad to announce the release of VisualSVN and VisualSVN Server updates linked with OpenSSL 1.0.2r that contain a fix for the CVE-2019-1559 vulnerability. Up-to-date VisualSVN Server installations are potentially affected by this vulnerability and we recommend all users update to the new builds.
There are a number of security vulnerabilities addressed in this patch release, but up-to-date VisualSVN Server installations are potentially affected only by the CVE-2019-1559 vulnerability. Despite this vulnerability having medium severity, we strongly recommend that VisualSVN Server users update to the new builds.
It is also recommended to upgrade to version 3.9.4 if you are using an earlier version family of VisualSVN Server. Please, read VisualSVN Server 3.9 Release Notes to find out what's new in the latest release. For detailed upgrade instructions please consider the KB138: Upgrading to VisualSVN Server 3.9 knowledge base article.
Choose an appropriate patch build if you do not want to perform a significant upgrade right now:
- VisualSVN Server 3.8.6 if you have version 3.8.x installed.
Other version families of VisualSVN Server are not supported and maintenance updates are not available for them. It is strongly recommended to upgrade to VisualSVN Server 3.9.4 if you are using any version family older than 3.8.x. Read the KB138: Upgrading to VisualSVN Server 3.9 article before upgrading.
Update for VisualSVN (a plug-in for Visual Studio)
You can download the latest VisualSVN 6.3.1 (for Visual Studio 2017) and 5.3.1 (Visual Studio 2015 and older) from the official download page.
Please note that you may be required to purchase an upgrade to VisualSVN 6.3.x or 5.3.x in case you are using VisualSVN 4.0.x or older versions. The upgrade is free if you are using VisualSVN under the Community License. For further details, please check the VisualSVN plug-in Licensing page.