We are glad to announce the availability of patch releases for VisualSVN products based on Apache Subversion 1.9.4. Besides important client side and server side improvements, the Subversion 1.9.4 patch release addresses CVE-2016-2167 and CVE-2016-2168 security vulnerabilities.
Up-to-date VisualSVN Server installations are potentially affected only by the CVE-2016-2168 vulnerability that could lead to a DoS attack on the server. Exploiting this vulnerability requires the attacker to be authenticated on the target server, but does not require read access to any of the repositories. Therefore, this is a medium risk vulnerability. Upgrade to the latest VisualSVN Server builds is highly recommended for all users.
There is also an update to OpenSSL 1.0.2h that provides fixes for five CVEs. The CVE-2016-2107 vulnerability has high level of severity and potentially affects up-to-date VisualSVN Server installations. For further details, please see the OpenSSL 1.0.2 Series Release Notes.
VisualSVN Server maintenance builds based on Subversion 1.8.16 and OpenSSL 1.0.1t are available too.
Update for VisualSVN Server
Users of VisualSVN Server should upgrade to VisualSVN Server 3.5.3.
It is also recommended to upgrade to version 3.5.3 if you are using an earlier release of VisualSVN Server. Please read VisualSVN Server 3.5 Release Notes to find out what's new in the latest release. For detailed upgrade instructions please consider the KB95: Upgrading to VisualSVN Server 3.5 knowledge base article.
Choose the appropriate patch build if you do not want to perform a significant upgrade right now:
- VisualSVN Server 3.4.5 if you have version 3.4.x installed.
- VisualSVN Server 3.3.5 if you have version 3.3.x installed.
Other version families of VisualSVN Server are not supported and maintenance updates are not available for them. It is strongly recommended to upgrade to VisualSVN Server 3.5.3 if you are using a 3.2.x or any of the older versions.
Update for VisualSVN (a plug-in for Visual Studio)
You can download the latest VisualSVN 5.1.4 build based on Apache Subversion 1.9.4 at the official download page.
Please note that you may be required to purchase an upgrade to VisualSVN 5.0.x in case you are using VisualSVN 4.0.x or older versions. The upgrade is free if you are using VisualSVN under the Community License. However, commercial licenses issued before June 3rd, 2014 have to be upgraded. For further details please check our online upgrade form.