Skip to main content

This post is from the CollabNet VersionOne blog and has not been updated since the original publish date.

Last Updated Apr 05, 2013 — Enterprise Agile Planning expert

New Subversion Release Includes Several Security Fixes

Enterprise Agile Planning

Apache Subversion 1.7.9 and 1.6.21 have been released. Among the normal set of bug fixes in the release are several fixes for security vulnerabilities. A list of all of the vulnerabilities and their details are available on the Subversion security page:

http://subversion.apache.org/security/

I would encourage you to read the details of each vulnerability so that you can assess the risk for your environment.  My take on these items is that they are all on the Low/Medium end of the spectrum. There are not any of the higher risk vulnerabilities such as arbitrary code execution or privilege escalation included. Generally speaking, all of the fixes are for exploits where an attacker could send a request to your Apache Subversion server that causes the worker process to crash. If enough of these requests are being sent to a server it can create a Denial of Service situation. Fortunately, most of the exploits require authenticated access (and typically also commit access) so in general most servers which require login or are not exposed to the Internet are relatively safe. Of course it is still a good idea to update your server to the latest version as these are not the only fixes in the release.  A complete list of all changes are in the CHANGES file.

If you are using Subversion Edge on your server, you are in luck. We have posted the Subversion Edge 3.3.0 release which includes Apache Subversion 1.7.9 along with many other new features and improvements. You can see a full list of what is in this release here. Subversion Edge users can update directly from within the web console by clicking on the Software Updates section.  It has been several months since our last release of Subversion Edge so there are a lot of nice improvements that users have requested.  I would encourage all users to update to this version as soon as convenient.

Client and server binaries for Subversion 1.7.9 are also available for download.  We will be posting our binaries for Subversion 1.6.21 as they complete our qualification process.

 

* Apache, Apache Subversion and the Subversion logo are trademarks of the Apache Software Foundation. Subversion® is a registered trademark of the Apache Software Foundation.

More from the Blog

View more
Feb 14, 2021

Reflecting on the 20th anniversary of the Agile Manifesto

Enterprise Agile Planning
Over the past 20 years, it’s been amazing to watch an idea from ...
Read More
Feb 08, 2021

How does agile apply to an entire organization?

Enterprise Agile Planning
Before we dive into the main subject of this blog post, it is importan ...
Read More
Feb 03, 2021

It took a pandemic to realize why digital transformation actually matters

Enterprise Agile Planning
Before anyone had ever heard of COVID-19, businesses across the globe ...
Read More
Jan 27, 2021

Improve visibility, reduce costs, and take back control of your scaled out container and cloud deployments with the latest releases of Digital.ai Agility and DevOps solutions

Enterprise Agile Planning
We’re thrilled to announce the latest releases of our Digital.ai Agili ...
Read More
Contact Us