We are glad to announce the availability of patch releases for VisualSVN products based on the Apache Subversion 1.9.7. The Subversion 1.9.7 patch release addresses the critical CVE-2017-9800 client remote code execution vulnerability.
Up-to-date VisualSVN Server installations are not affected by CVE-2017-9800, as it is a client-side vulnerability. However, the Apache Subversion command-line client tools packaged with the VisualSVN Server ('svn.exe', 'svnsync.exe', 'svnrdump.exe') are vulnerable. Therefore, we highly recommend to update to the newest VisualSVN Server builds.
Up-to-date VisualSVN 6.0.x and 5.1.x (plug-in for Visual Studio) builds are affected by CVE-2017-9800 vulnerability. We highly recommend updating to the newest VisualSVN 6.0.3 or 5.1.8 builds. Please note that TortoiseSVN versions prior to 1.9.7 are also affected by this security vulnerability, and we highly recommend upgrading to the most recent TortoiseSVN 1.9.7 that is not vulnerable to CVE-2017-9800.
Update for VisualSVN Server
Users of VisualSVN Server should update to VisualSVN Server 3.6.4.
It is also recommended to upgrade to version 3.6.4 if you are using an earlier version family of VisualSVN Server. Please read VisualSVN Server 3.6 Release Notes to find out what's new in the latest release. For detailed upgrade instructions please consider the KB103: Upgrading to VisualSVN Server 3.6 knowledge base article.
If you are using VisualSVN Server 3.5.x and do not want to perform a significant upgrade right now, you should update to VisualSVN Server 3.5.12.
VisualSVN Server 3.3.x and 3.4.x version have reached End of Support on December 31, 2016. Therefore, there are no updates available for these version families. It is strongly recommended to upgrade to VisualSVN Server 3.6.4 if you are using a 3.4.x or any of the older versions.
Update for VisualSVN (a plug-in for Visual Studio)
You can download the latest VisualSVN 6.0.3 (for Visual Studio 2017) and 5.1.8 (Visual Studio 2015 and older) builds based on Apache Subversion 1.9.7 at the official download page.
Please note that you may be required to purchase an upgrade to VisualSVN 6.0.x or 5.1.x in case you are using VisualSVN 4.0.x or older versions. The upgrade is free if you are using VisualSVN under the Community License. For further details, please check the VisualSVN plug-in Licensing page.