We are glad to announce that all VisualSVN products have been updated to OpenSSL 1.1.1u and to Apache Serf 1.3.10. This maintenance update also includes several other changes.
The update to OpenSSL 1.1.1u fixes a number of security vulnerabilities. However, none of these vulnerabilities affect up-to-date versions of either the VisualSVN plug-in or VisualSVN Server.
Additionally, we have finished updating the VisualSVN plug-in to APR Util 1.6.3, by now also including this change into the plug-in versions intended for earlier versions of Microsoft Visual Studio. The update to APR Util 1.6.3 fixes the CVE-2022-25147 vulnerability, which is currently rated as medium severity. However, this vulnerability also does not affect up-to-date versions of VisualSVN products.
Despite the fact that the vulnerabilities fixed in this maintenance update do not affect up-to-date versions of the VisualSVN plug-in or VisualSVN Server, updating to the new builds is recommended for all users.
Update for VisualSVN Server
VisualSVN Server version families earlier than 5.1.x are no longer supported, and maintenance updates are not available for them. If you are using VisualSVN Server version family 5.0.x or earlier, it is strongly recommended that you upgrade to VisualSVN Server 5.1.5. If upgrading from VisualSVN Server version family 5.0.x or earlier, please read the KB204: Upgrading to VisualSVN Server 5.1 article before the upgrade.
Update for VisualSVN (a plug-in for Visual Studio)
Select an appropriate VisualSVN plug-in version with respect to your Visual Studio version:
- If you use Visual Studio 2022, update to VisualSVN 8.2.1.
- If you use Visual Studio 2019, update to VisualSVN 7.3.9.
- If you use Visual Studio 2017, update to VisualSVN 6.7.8.
- If you use Visual Studio 2015 or older, update to VisualSVN 5.6.8.
You can get the latest version of the VisualSVN plug-in, appropriate for your Visual Studio release, from the official download page.
Upcoming update to OpenSSL 3.0
The OpenSSL 1.1.1 version family, which is currently used by VisualSVN products, will reach End of Life in September of 2023. We are currently actively working on updating VisualSVN products to OpenSSL 3.0. Releases of VisualSVN products with an update to OpenSSL 3.0 are expected by the end of summer of 2023.