Subversion 1.6.16 Released
One of the fixes included in this release is for a potential Denial of Service vulnerability – CVE-2011-0715. Note that this vulnerability only applies to Subversion repositories that are accessed anonymously via http(s). If your server requires authentication to read the repository, or if you do not use the Apache server option, then you are not vulnerable.
CollabNet Subversion Edge 1.3.2 is available immediately and includes the updated binaries for Subversion 1.6.16. You can discover and install the updates directly from the Subversion Edge web console. We urge you to install this update as soon as convenient. A full list of what is included in this Subversion Edge release can be found on the project homepage.
CollabNet Subversion client and server binaries for 1.6.16 will be posted as soon as the internal qualification process has completed.
Finally, if you are using Subversion 1.5.x on your server, my recommendation is to upgrade to 1.6.16. Besides picking up all of the fixes and improvements made in the 1.6.x releases, this would also be a good time to take advantage of the additional server configuration and management features provided by Subversion Edge. A patch for Subversion 1.5.x is included in the details of the CVE if you wish to apply the patch to your source code and build your own binaries.
* Apache, Apache Subversion and the Subversion logo are trademarks of the Apache Software Foundation. Subversion® is a registered trademark of the Apache Software Foundation.