We are glad to announce the availability of VisualSVN Server patch release which includes updates to Apache HTTP Server 2.4.52, OpenSSL 1.1.1m and Expat XML parser 2.4.3.
For the complete list of changes, see the VisualSVN Server 4.3.6 changelog.
This update fixes several security vulnerabilities:
- The update to Apache HTTP Server 2.4.52 fixes two vulnerabilities: CVE-2021-44224 and CVE-2021-44790. Default VisualSVN Server installations are not affected by these vulnerabilities.
- The update to Expat XML parser 2.4.3 cumulatively fixes nine vulnerabilities: CVE-2013-0340, CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, and CVE-2022-22827. Up-to-date VisualSVN Server installations are potentially affected by some of these vulnerabilities, so updating to the new builds is recommended for all users.
You can get the latest VisualSVN Server version on the official download page.
Choose an appropriate patch build if you do not want to perform a significant upgrade right now:
- VisualSVN Server 4.2.8 if you have version 4.2.x installed.
Other version families of VisualSVN Server are not supported and maintenance updates are not available for them.
It is strongly recommended to upgrade to VisualSVN Server 4.3.x if you are using any version family older than 4.2.x. Read the KB167: Upgrading to VisualSVN Server 4.3 article before upgrading.