Update to OpenSSL 1.1.1k
We are glad to announce the release of VisualSVN and VisualSVN Server builds linked with OpenSSL 1.1.1k that contain fixes for two high severity vulnerabilities: CVE-2021-3450 and CVE-2021-3449.
Up-to-date VisualSVN Server installations are affected only by the CVE-2021-3449 vulnerability that allows a remote attacker to cause a denial of service. Exploiting this vulnerability does not require an attacker to be authenticated on a target server, so upgrading to VisualSVN Server 4.3.3 is highly recommended for all users.
Up-to-date VisualSVN installations are not affected by any of the aforementioned vulnerabilities. Nevertheless, upgrading to the new builds is recommended for all users.
Upgrade for VisualSVN Server
Get the latest version of VisualSVN Server on the official download page. For the list of changes, see the VisualSVN Server 4.3.3 changelog.
Choose an appropriate patch build if you do not want to perform a significant upgrade right now:
- VisualSVN Server 4.2.5 if you have version 4.2.x installed.
Other version families of VisualSVN Server are not supported and maintenance updates are not available for them. It is strongly recommended to upgrade to VisualSVN Server 4.3.3 if you are using any version family older than 4.2.x. Please read the KB167: Upgrading to VisualSVN Server 4.3 article before upgrading.
Upgrade for VisualSVN (a plug-in for Visual Studio)
Select an appropriate VisualSVN plug-in version with respect to your Visual Studio version:
- If you use Visual Studio 2019, upgrade to VisualSVN 7.3.3.
- If you use Visual Studio 2017, upgrade to VisualSVN 6.7.2.
- If you use Visual Studio 2015 or older, upgrade to VisualSVN 5.6.2.
Get the latest version of VisualSVN on the official download page.