Skip to main content
Enterprise Agile Planning icon with arrows

This post is from the CollabNet VersionOne blog and has not been updated since the original publish date.

Last Updated Apr 05, 2013 — Enterprise Agile Planning expert

New Subversion Release Includes Several Security Fixes

Enterprise Agile Planning

Apache Subversion 1.7.9 and 1.6.21 have been released. Among the normal set of bug fixes in the release are several fixes for security vulnerabilities. A list of all of the vulnerabilities and their details are available on the Subversion security page:

http://subversion.apache.org/security/

I would encourage you to read the details of each vulnerability so that you can assess the risk for your environment.  My take on these items is that they are all on the Low/Medium end of the spectrum. There are not any of the higher risk vulnerabilities such as arbitrary code execution or privilege escalation included. Generally speaking, all of the fixes are for exploits where an attacker could send a request to your Apache Subversion server that causes the worker process to crash. If enough of these requests are being sent to a server it can create a Denial of Service situation. Fortunately, most of the exploits require authenticated access (and typically also commit access) so in general most servers which require login or are not exposed to the Internet are relatively safe. Of course it is still a good idea to update your server to the latest version as these are not the only fixes in the release.  A complete list of all changes are in the CHANGES file.

If you are using Subversion Edge on your server, you are in luck. We have posted the Subversion Edge 3.3.0 release which includes Apache Subversion 1.7.9 along with many other new features and improvements. You can see a full list of what is in this release here. Subversion Edge users can update directly from within the web console by clicking on the Software Updates section.  It has been several months since our last release of Subversion Edge so there are a lot of nice improvements that users have requested.  I would encourage all users to update to this version as soon as convenient.

Client and server binaries for Subversion 1.7.9 are also available for download.  We will be posting our binaries for Subversion 1.6.21 as they complete our qualification process.

 

* Apache, Apache Subversion and the Subversion logo are trademarks of the Apache Software Foundation. Subversion® is a registered trademark of the Apache Software Foundation.

More from the Blog

View more
Digital.ai Government Cloud
Apr 12, 2022

Digital.ai Government Cloud receives FedRAMP Authorization through sponsorship from the United States Department of Veterans Affairs

Enterprise Agile Planning
Flagship Digital.ai Agility solutions can effectively scale agile deve ...
Read More
Nov 22, 2021

What are the qualities of highly effective agile teams?

Enterprise Agile Planning
A team is the core unit of productivity in an agile organization. Wher ...
Read More
Nov 15, 2021

How an open-first attitude revolutionized government tech development

Enterprise Agile Planning
Public perception of government is often that it is slow-moving, reluc ...
Read More
cross functional
Nov 08, 2021

6 best practices for building resilient cross-functional teams

Enterprise Agile Planning
Agile frameworks prize the quality of resilience within every facet of ...
Read More
Contact Us