We are glad to announce the availability of VisualSVN Server patch releases which include updates to Apache HTTP Server 2.4.46 and OpenSSL 1.1.1h.
For the complete list of changes, see the VisualSVN Server 4.3.1 changelog.
The Apache HTTP Server 2.4.46 release fixes the CVE-2020-9490, CVE-2020-11993 and CVE-2020-11984 vulnerabilities, but none of them affect up-to-date VisualSVN Server installations. The vulnerabilities were found in the mod_http2 and mod_proxy_uwsgi Apache modules which are not used in VisualSVN Server. Nevertheless, the upgrade to newer VisualSVN Server builds is recommended for all users.
You can get the latest VisualSVN Server version on the official download page.
Choose an appropriate maintenance patch update if you do not want to perform a significant upgrade right now:
- VisualSVN Server 4.2.3 if you have version 4.2.x installed.
- VisualSVN Server 4.1.5 if you have version 4.1.x installed.
Other version families of VisualSVN Server are not supported and maintenance updates are not available for them. It is strongly recommended to upgrade to VisualSVN Server 4.3.x if you are using any version family older than 4.1.x. Read the KB167: Upgrading to VisualSVN Server 4.3 article before upgrading.