We are glad to announce the availability of patch releases for VisualSVN products. VisualSVN Server and VisualSVN (a plug-in for Visual Studio) are now based on the Apache Subversion 1.10.3. Besides of this, relevant products are updated to Apache HTTP Server 2.4.35, OpenSSL 1.0.2p and Expat XML parser 2.2.6.
Updating to OpenSSL 1.0.2p and Expat XML parser 2.2.6 fixes several vulnerabilities. The most notable of them are CVE-2018-0732, CVE-2018-0737, CVE-2017-9233, CVE-2016-9063. These CVEs are of low severity in context of the VisualSVN products. However, we still recommend that all VisualSVN users update to the new builds.
Update for VisualSVN Server
It is also recommended to upgrade to version 3.9.2 if you are using an earlier version family of VisualSVN Server. Please, read VisualSVN Server 3.9 Release Notes to find out what's new in the latest release. For detailed upgrade instructions, please consider the KB138: Upgrading to VisualSVN Server 3.9 knowledge base article.
Choose an appropriate patch build if you do not want to perform a significant upgrade right now:
- VisualSVN Server 3.8.4 if you have version 3.8.x installed.
Other version families of VisualSVN Server are not supported, and maintenance updates are not available for them. It is strongly recommended to upgrade to VisualSVN Server 3.9.2 if you are using any version family older than 3.8.x. Read the KB138: Upgrading to VisualSVN Server 3.9 article before upgrading.
Update for VisualSVN (a plug-in for Visual Studio)
You can download the latest VisualSVN 6.2.2 (for Visual Studio 2017), and 5.2.2 (Visual Studio 2015 and older) builds based on Apache Subversion 1.10.3 at the official download page.
Please note that you may be required to purchase an upgrade to VisualSVN 6.2.x or 5.2.x in case you are using VisualSVN 4.0.x or older versions. The upgrade is free if you are using VisualSVN under the Community License. For further details, please check the VisualSVN plug-in Licensing page.