We are glad to announce the availability of VisualSVN Server 3.9.3. This patch release includes updates to Apache Subversion 1.10.4, Apache HTTP Server 2.4.38 and OpenSSL 1.0.2q.
For the complete list of changes, see the VisualSVN Server 3.9.3 changelog.
This update fixes several security vulnerabilities, but up-to-date VisualSVN Server installations are potentially affected only by CVE-2018-5407 and CVE-2017-12613. The risks are relatively low, because exploiting these vulnerabilities requires write access to repositories or local access to the server computer. Nevertheless, we highly recommend that VisualSVN Server users update to the new builds.
You can get the latest version of VisualSVN Server on the official download page.
We also recommend to upgrade to version 3.9.3 if you are using an earlier version family of VisualSVN Server. Please, read VisualSVN Server 3.9 Release Notes to find out what's new in the latest release. For detailed upgrade instructions, please consider the KB138: Upgrading to VisualSVN Server 3.9 knowledge base article.
Choose an appropriate patch build if you do not want to perform a significant upgrade right now:
- VisualSVN Server 3.8.5 if you have version 3.8.x installed.
Other version families of VisualSVN Server are not supported and maintenance updates are not available for them. It is strongly recommended to upgrade to VisualSVN Server 3.9.3 if you are using any version family older than 3.8.x. Read the KB138: Upgrading to VisualSVN Server 3.9 article before upgrading.