We are glad to announce the availability of patch releases for VisualSVN products. VisualSVN Server and VisualSVN (a plug-in for Visual Studio) are now based on the most up-to-date Apache Subversion 1.10.2. Besides of this, VisualSVN Server has been updated to the most recent Apache HTTP Server 2.4.34.
Apache HTTP Server 2.4.34 patch release addresses the CVE-2018-1333 and CVE-2018-8011 DoS vulnerabilities found in mod_http2 and mod_md modules. Up-to-date VisualSVN Server installations are not affected by CVE-2018-1333 and CVE-2018-8011 because the server does not contain the modules affected by the vulnerabilities. Nevertheless, we recommend that VisualSVN Server users update to the new builds.
Update for VisualSVN Server
It is also recommended to upgrade to version 3.9.1 if you are using an earlier version family of VisualSVN Server. Please, read VisualSVN Server 3.9 Release Notes to find out what's new in the latest release. For detailed upgrade instructions please consider the KB138: Upgrading to VisualSVN Server 3.9 knowledge base article.
Choose an appropriate patch build if you do not want to perform a significant upgrade right now:
- VisualSVN Server 3.8.3 if you have version 3.8.x installed.
- VisualSVN Server 3.7.4 if you have version 3.7.x installed.
Other version families of VisualSVN Server are not supported and maintenance updates are not available for them. It is strongly recommended to upgrade to VisualSVN Server 3.9.1 if you are using any version family older than 3.7.x. Read the KB138: Upgrading to VisualSVN Server 3.9 article before upgrading.
Update for VisualSVN (a plug-in for Visual Studio)
You can download the latest VisualSVN 6.2.1 (for Visual Studio 2017) and 5.2.1 (Visual Studio 2015 and older) builds based on Apache Subversion 1.10.2 at the official download page.
Please note that you may be required to purchase an upgrade to VisualSVN 6.2.x or 5.2.x in case you are using VisualSVN 4.0.x or older versions. The upgrade is free if you are using VisualSVN under the Community License. For further details, please check the VisualSVN plug-in Licensing page.