We are glad to announce the availability of patch releases for VisualSVN products that are now based on the most up-to-date Apache Subversion 1.14.1. These patch releases also include a cumulative update to OpenSSL 1.1.1j and some other changes.
Update to Apache Subversion 1.14.1 contains a fix for CVE-2020-17525 which is rated as a high severity server-side vulnerability. However, up-to-date VisualSVN Server installations are not affected as the mod_authz_visualsvn module used in the server is not vulnerable to this issue. Update to OpenSSL 1.1.1j contains cumulative fixes for three CVEs, but none of them affects up-to-date VisualSVN or VisualSVN Server installations.
Nevertheless, upgrading to the new builds is recommended for all users.
Upgrade for VisualSVN Server
Choose an appropriate maintenance build if you do not want to perform a significant upgrade right now:
- VisualSVN Server 4.2.4 if you have version 4.2.x installed.
Other version families of VisualSVN Server are not supported and maintenance updates are not available for them. It is strongly recommended to upgrade to VisualSVN Server 4.3.x if you are using any version family older than 4.2.x. Read the KB167: Upgrading to VisualSVN Server 4.3 article before upgrading.
Upgrade for VisualSVN (a plug-in for Visual Studio)
Select an appropriate VisualSVN plug-in version with respect to your Visual Studio version:
- If you use Visual Studio 2019, upgrade to VisualSVN 7.3.1.
- If you use Visual Studio 2017, upgrade to VisualSVN 6.7.1.
- If you use Visual Studio 2015 or older, upgrade to VisualSVN 5.6.1.
Get the latest version of VisualSVN on the official download page.