Skip to main content
Enterprise Agile Planning Image

This post is from the CollabNet VersionOne blog and has not been updated since the original publish date.

Last Updated Apr 05, 2013 — Enterprise Agile Planning expert

New Subversion Release Includes Several Security Fixes

Enterprise Agile Planning

Apache Subversion 1.7.9 and 1.6.21 have been released. Among the normal set of bug fixes in the release are several fixes for security vulnerabilities. A list of all of the vulnerabilities and their details are available on the Subversion security page:

http://subversion.apache.org/security/

I would encourage you to read the details of each vulnerability so that you can assess the risk for your environment.  My take on these items is that they are all on the Low/Medium end of the spectrum. There are not any of the higher risk vulnerabilities such as arbitrary code execution or privilege escalation included. Generally speaking, all of the fixes are for exploits where an attacker could send a request to your Apache Subversion server that causes the worker process to crash. If enough of these requests are being sent to a server it can create a Denial of Service situation. Fortunately, most of the exploits require authenticated access (and typically also commit access) so in general most servers which require login or are not exposed to the Internet are relatively safe. Of course it is still a good idea to update your server to the latest version as these are not the only fixes in the release.  A complete list of all changes are in the CHANGES file.

If you are using Subversion Edge on your server, you are in luck. We have posted the Subversion Edge 3.3.0 release which includes Apache Subversion 1.7.9 along with many other new features and improvements. You can see a full list of what is in this release here. Subversion Edge users can update directly from within the web console by clicking on the Software Updates section.  It has been several months since our last release of Subversion Edge so there are a lot of nice improvements that users have requested.  I would encourage all users to update to this version as soon as convenient.

Client and server binaries for Subversion 1.7.9 are also available for download.  We will be posting our binaries for Subversion 1.6.21 as they complete our qualification process.

 

* Apache, Apache Subversion and the Subversion logo are trademarks of the Apache Software Foundation. Subversion® is a registered trademark of the Apache Software Foundation.

More from the Blog

View more
Jul 27, 2021

Digital.ai Becomes First to Achieve FedRAMP Moderate “In Process” Status for Enterprise Agile Planning Solution

Enterprise Agile Planning
Digital.ai, the leading AI-driven DevOps value stream delivery, and ma ...
Read More
Jun 21, 2021

How Agile can be implemented effectively across the organization

Enterprise Agile Planning
Just a few decades ago, a “disruption” was seen as an undesirable thin ...
Read More
May 31, 2021

Agile change management processes are key to delivering software faster

Enterprise Agile Planning
With its emphasis on delivery value faster, agile product management s ...
Read More
May 03, 2021

Bringing the agile planning approach to your whole business

Enterprise Agile Planning
The events of the last 12 months have demonstrated that the only sure ...
Read More
Contact Us