We are glad to announce the release of VisualSVN Server 5.4.2. This patch
update addresses a regression introduced in version 5.4.1 that caused an
inability to start the VisualSVN HTTP Service with repositories located on a
network share. This regression was preventing an upgrade to version 5.4.1
for VisualSVN Server installations that are configured to store repositories
on a network share.
You can get the latest VisualSVN Server 5.4.2 version from the official
download page.
Version families older than VisualSVN Server 5.3.x are no longer supported,
and patch-level updates are not available for them. It is strongly
recommended that you upgrade to VisualSVN Server 5.4.2 if you are using any
version family older than 5.3.x. Please read the article
KB233: Upgrading to VisualSVN Server 5.4 before beginning
the upgrade.
We are pleased to announce the release of new patch updates for all
VisualSVN products, now based on Apache Subversion 1.14.4. In
addition, relevant products have been updated to Apache HTTP Server 2.4.62,
OpenSSL 3.0.15 and Expat XML parser 2.6.2. These updates also include
several other fixes.
This update fixes multiple high-severity security vulnerabilities, some of
which affect both the VisualSVN plug-in and VisualSVN Server. Therefore,
updating to the new builds is strongly recommended for all users.
The update to Apache Subversion 1.14.4 fixes a high-severity vulnerability
CVE-2024-45720. This vulnerability
affects Windows-based Subversion command-line tools (e.g., svn.exe) and can
result in remote code execution via command-line argument injection. Command
line tools packaged with VisualSVN Server and with versions 5.x of the
VisualSVN plug-in are affected by this vulnerability.
The update to Apache HTTP Server 2.4.62 and OpenSSL 3.0.15 cumulatively
fixes 15 vulnerabilities. Most notable among them are
CVE-2024-40898,
CVE-2024-38474,
CVE-2024-38475,
CVE-2024-38476
and CVE-2024-5535,
which have critical CVSS scores. Default VisualSVN Server installations are
not affected by any of these vulnerabilities. VisualSVN for Visual Studio is
potentially affected by
CVE-2024-6119 which has a high
severity score and can lead to a denial of service.
The update to Expat XML parser 2.6.2 cumulatively fixes 3 vulnerabilities,
two of which, CVE-2023-52426 and
CVE-2023-52425, affect up-to-date
installations of VisualSVN Server and VisualSVN for Visual Studio and can
potentially lead to a denial of service.
Update for VisualSVN Server
You can get the latest VisualSVN Server 5.4.1 version from the official
download page.
Version families older than VisualSVN Server 5.3.x are no longer supported,
and patch-level updates are not available for them. It is strongly
recommended that you upgrade to VisualSVN Server 5.4.1 if you are using any
version family older than 5.3.x. Please read the article
KB233: Upgrading to VisualSVN Server 5.4 before beginning
the upgrade.
Update for VisualSVN (a plug-in for Visual Studio)
On the official download page, please
select an appropriate VisualSVN plug-in version with respect to your
Visual Studio version:
We are happy to announce the release of VisualSVN Server 5.4, which brings
the following main enhancements:
Improvements in Markdown rendering
Advanced backup creation policies
IP-based restrictions for Basic Windows Authentication
This new release also includes many other improvements. For the complete
list of changes, see the
VisualSVN Server 5.4.0 changelog.
The upgrade to VisualSVN Server 5.4 is recommended for all users. We
strongly advise reading the article
KB233: Upgrading to VisualSVN Server 5.4
before beginning the upgrade.
The rendering of Markdown documents in the Repository Web Interface now
fully supports the widely-adopted CommonMark specification
of Markdown syntax. Additionally, the following improvements have been made
to Markdown rendering in the Web UI:
Added support for anchor links (also known as section links). You can now
link directly to specific section headings in a Markdown file.
Added support for the blockquote-based GFM alert syntax. You can use the
alert syntax to emphasize important information. Currently five types of
alerts are supported: Note, Tip, Important, Warning and Caution, which
will now be rendered with distinctive icons and colors in the Web UI.
Added support for the GFM task list syntax. The Web UI will now render a
task list as a list of items with read-only checkboxes, which can be
useful for to-do lists.
Added support for syntax highlighting in fenced code blocks. To enable
syntax highlighting for a fenced code block, specify the language name
after the triple backticks/tildes (e.g., ```cpp)
that mark the start of the code block.
Added support for HTML tags. This allows you to include parts with
raw HTML markup inside Markdown documents.
Advanced backup creation policies
VisualSVN Server 5.4 offers new policy settings for scheduled repository
backup jobs, when you use the mixed full/incremental backup scheme.
In particular, it now is possible to conditionally make full backups based
on the quantity of accumulated incremental backups. This allows you to
conditionally skip a full backup for a repository when this repository has
not had any commit activity recently.
The new policy settings also allow you to greatly reduce the use of storage
space and time spent on making backups, by having longer chains of
incremental backups that can now span more than one week. This is
especially beneficial when you back up extremely large repositories.
A few other notable improvements in this version are listed below:
IP-based restrictions for Basic Windows Authentication. In the Windows
authentication mode, it is now possible to selectively allow Basic
authentication only to specific IP addresses, by setting up
IP-based restrictions.
Instead of enabling or disabling the Basic Windows Authentication
method for everyone, you can now enable it only for specific users that
require it, while forcing all other users to use the more secure
Integrated Windows Authentication.
New Get-SvnRepositoryBackup
cmdlet for listing all backups created by a particular backup job and for
displaying information about individual backup files.
The upgrade is free for all customers who have an active maintenance
subscription for the Enterprise or Essential licenses. The upgrade is also
free for all customers who use VisualSVN Server under the Community license.
We are glad to announce that all VisualSVN products have been updated to
OpenSSL 3.0.13. Additionally, VisualSVN Server has been updated to
Apache HTTP Server 2.4.59.
This update fixes a number of security vulnerabilities, out of which only
the low-severity vulnerability CVE-2024-0727
discovered in OpenSSL may potentially affect up-to-date versions of the
VisualSVN plug-in for Visual Studio. Although this is a low-severity
vulnerability, we recommend that you update your VisualSVN plug-in to the
latest version.
Despite the fact that up-to-date versions of VisualSVN Server are not
affected by the vulnerabilities fixed in this maintenance update, updating
your VisualSVN Server installation is also recommended.
Update for VisualSVN Server
You can get the latest VisualSVN Server 5.3.3 version from the official
download page.
Among other changes in this maintenance update, it also fixes several issues
that can result in errors when remotely administering 5.1.x versions of
VisualSVN Server. For the full list of changes, see the
VisualSVN Server 5.3.3 changelog.
Version families older than VisualSVN Server 5.3.x are no longer supported,
and patch-level updates are not available for them. If you are upgrading
from VisualSVN Server 5.2.x or older, please read the article
KB222: Upgrading to VisualSVN Server 5.3 before upgrading.
Update for VisualSVN (a plug-in for Visual Studio)
On the official download page, please
select an appropriate VisualSVN plug-in version with respect to your
Visual Studio version:
We are glad to announce that new patch releases that are based on the latest
Apache Subversion 1.14.3 are now available for all VisualSVN products.
This update also contains a minor fix
in the VisualSVN plug-in for Visual Studio 2022.
Version families older than VisualSVN Server 5.3.x are no longer supported,
and patch-level updates are not available for them. If you are upgrading
from VisualSVN Server 5.2.x or older, please read the article
KB222: Upgrading to VisualSVN Server 5.3 before upgrading.
Update for VisualSVN (a plug-in for Visual Studio)
On the official download page, please
select an appropriate VisualSVN plug-in version with respect to your
Visual Studio version:
We are glad to announce that all VisualSVN products have been updated to
OpenSSL 3.0.12. Additionally, VisualSVN Server has been updated to
Apache HTTP Server 2.4.58.
This update fixes a number of security vulnerabilities, out of which only
the CVE-2023-4807 vulnerability
discovered in OpenSSL may potentially affect up-to-date versions of
VisualSVN Server. This vulnerability is currently rated as high-severity,
according to its base score on the Common Vulnerability Scoring System
scale. Although no specific ways have been currently found in which
exploiting this vulnerability can adversely affect VisualSVN Server,
installing this maintenance update for VisualSVN Server is strongly
recommended.
Despite the fact that up-to-date versions of the VisualSVN plug-in for Visual
Studio are not affected by the vulnerabilities fixed in this maintenance
update, updating your VisualSVN plug-in to an appropriate newest version
is also recommended.
Update for VisualSVN Server
You can get the latest VisualSVN Server 5.3.1 version from the official
download page.
Among other changes in this maintenance update, it also fixes an issue
that caused an upgrade to VisualSVN Server 5.3.x to fail if you had a
TLS/SSL certificate with a SHA1-based signature installed on your
VisualSVN Server. For the full list of changes, see the
VisualSVN Server 5.3.1 changelog.
Version families older than VisualSVN Server 5.3.x are no longer supported,
and patch-level updates are not available for them. If you are upgrading
from VisualSVN Server 5.2.x or older, please read the article
KB222: Upgrading to VisualSVN Server 5.3 before upgrading.
Update for VisualSVN (a plug-in for Visual Studio)
On the official download page, please
select an appropriate VisualSVN plug-in version with respect to your
Visual Studio version:
We are happy to announce new releases of VisualSVN Server and VisualSVN
(a plug-in for Visual Studio) with an upgrade to OpenSSL 3.0.
We also announce that VisualSVN Server 5.1.x and 5.2.x versions
will reach their End of Support on September 30th, 2023. We are ending
support for these version families because they use OpenSSL 1.1.1, which
is going to reach its
End of Life on September 11th, 2023.
Upgrading to the latest VisualSVN Server and VisualSVN plug-in is strongly
recommended for all users:
The new VisualSVN Server and VisualSVN plug-in versions are fully
interoperable with each other and are also compatible with previous versions,
so you can upgrade the server and the plug-in in any order. Please see the
Upgrade and compatibility notes sections below for the respective
VisualSVN products.
Transition to OpenSSL 3.0
OpenSSL 3.0 is the latest Long-Term Support (LTS) release of the OpenSSL
library, which is used to secure network communications and implement the
SSL/TLS protocols. The transition to OpenSSL 3.0 is transparent to end users
as it does not alter the core functionality of VisualSVN products.
Previous versions of VisualSVN products have been using OpenSSL 1.1.1.
With OpenSSL 1.1.1 reaching its
End of Life on September 11th, 2023, the upgrade to OpenSSL 3.0 ensures
that VisualSVN products ship with an up-to-date and actively maintained
OpenSSL version. Because OpenSSL 3.0 is a major release, we are releasing
this upgrade in the form of new minor versions of VisualSVN products, rather
than as patch versions.
Upgrading to VisualSVN Server 5.3 is recommended for all users. You can
download VisualSVN Server 5.3 from the main
download page.
Upgrade and compatibility notes for VisualSVN Server
The upgrade to VisualSVN Server 5.3 is easy and straightforward, especially
when upgrading from a 5.2.x version, but we strongly advise reading the
article KB222: Upgrading to VisualSVN Server 5.3 before
beginning the upgrade.
Importantly, VisualSVN Server 5.3 remains fully compatible with
Subversion clients based on OpenSSL 1.1.1.
Upgrade for VisualSVN (a plug-in for Visual Studio)
Select an appropriate VisualSVN plug-in version with respect to your
Visual Studio version:
Users of Visual Studio 2022 should upgrade to
VisualSVN 8.3.
Users of Visual Studio 2019 should upgrade to
VisualSVN 7.4.
Users of Visual Studio 2017 should upgrade to
VisualSVN 6.8.
Users of Visual Studio 2015 or older should upgrade to
VisualSVN 5.7.
The upgrade to OpenSSL 3.0 is the main change introduced in the new plug-in
versions, with only VisualSVN 8.3.0
having several additional changes.
Upgrade and compatibility notes for the VisualSVN plug-in
The new VisualSVN plug-in versions are compatible with any Subversion server
that supports TLS 1.2 or higher. If you have a reasonably up-to-date
Subversion server, it can be expected to support the required version of the
TLS protocol. VisualSVN Server supports TLS 1.2 starting from
version 3.2.0.
Other than that requirement, the new plugin versions are fully compatible
with all up-to-date versions of VisualSVN Server, regardless of the OpenSSL
version used in the server. The new plugin versions are also fully
compatible with any reasonably up-to-date version of TortoiseSVN.
End of Support for VisualSVN Server 5.1.x and 5.2.x
VisualSVN Server 5.1.x and 5.2.x versions will reach their End of Support
on September 30th, 2023. We are ending support for these version
families because they use OpenSSL 1.1.1, which is going to reach its End of
Life on September 11th, 2023.
After September 11th, 2023, the 5.1.x and 5.2.x version families of VisualSVN
Server will not receive any OpenSSL-related maintenance updates, but may
still receive other maintenance updates until September 30th, 2023.
Maintenance updates for VisualSVN Server 5.1.x and 5.2.x
We recommend that you upgrade your VisualSVN Server directly to the latest
VisualSVN Server 5.3.0. However,
if you currently use VisualSVN Server 5.1.x or 5.2.x and cannot upgrade to
VisualSVN Server 5.3.0 at the moment, you can opt for a smaller patch-level
update to VisualSVN Server 5.1.6 or
5.2.1 respectively, depending on your
current version.
The VisualSVN Server 5.1.6 and
VisualSVN Server 5.2.1 versions are
patch-level updates for the respective VisualSVN Server 5.1.x and 5.2.x
version families, and contain a regular maintenance update to OpenSSL
1.1.1v, which fixes the CVE-2023-3817,
CVE-2023-3446 vulnerabilities.
Although these OpenSSL vulnerabilities do not affect up-to-date VisualSVN
products, updating at least to these intermediary versions is
recommended.
We are happy to announce the release of VisualSVN Server 5.2, which brings
the following major enhancements:
Showing effective access permissions
Password guessing attack protection
Scheduled verification of repository backups
Improved repository backup performance
This new release also includes many other improvements. For the complete
list of changes, see the
VisualSVN Server 5.2.0 changelog.
The upgrade to VisualSVN Server 5.2 is recommended for all users. We
strongly advise reading the article
KB214: Upgrading to VisualSVN Server 5.2
before beginning the upgrade.
Effective access permissions are the resultant access permissions that a
specified user has to a specified path, based on the combined effect of all
the applicable access rules set in VisualSVN Server.
VisualSVN Server 5.2 now has a feature called Effective Access that makes
it easier for the administrator to check whether the access rules are
configured correctly and produce the intended result. It can be helpful
for auditing and troubleshooting purposes.
VisualSVN Server 5.2 adds a feature that protects user credentials from
password guessing attacks, such as brute-force or dictionary attacks. It
works by temporarily blocking requests from IP addresses that fail to
authenticate multiple times within a short period of time.
VisualSVN Server administrators can now create 'Verify Backup' jobs for
automatic verification of repository backups. This kind of job verifies
that backups created by backup jobs are readable and restorable.
A few other notable improvements in this version are listed below:
Significantly improved repository backup performance. VisualSVN
Server 5.2 creates backups up to 5 times faster and with lower CPU
usage, although with a slightly reduced compression ratio.
Added an option to specify the size of the private key for the TLS/SSL
server certificate.
Revamped the full/incremental backup job scheme selection in VisualSVN
Server Manager.
New run hook subcommand to launch
arbitrary programs, with the --no-wait option for asynchronous execution.
The upgrade is free for all customers who have an active maintenance
subscription for the Enterprise or Essential licenses. The upgrade is also
free for all customers who use VisualSVN Server under the Community license.
We are glad to announce that all VisualSVN products have been updated to
OpenSSL 1.1.1u and to Apache Serf 1.3.10. This maintenance update
also includes several other changes.
The update to OpenSSL 1.1.1u fixes a number of security vulnerabilities.
However, none of these vulnerabilities affect up-to-date versions of
either the VisualSVN plug-in or VisualSVN Server.
Additionally, we have finished updating the VisualSVN plug-in to
APR Util 1.6.3, by now also including this change into the plug-in versions
intended for earlier versions of Microsoft Visual Studio. The update
to APR Util 1.6.3 fixes the CVE-2022-25147
vulnerability, which is currently rated as medium severity. However, this
vulnerability also does not affect up-to-date versions of VisualSVN products.
Despite the fact that the vulnerabilities fixed in this maintenance update
do not affect up-to-date versions of the VisualSVN plug-in or VisualSVN
Server, updating to the new builds is recommended for all users.
VisualSVN Server version families earlier than 5.1.x are
no longer supported,
and maintenance updates are not available for them. If you are using
VisualSVN Server version family 5.0.x or earlier, it is strongly recommended
that you upgrade to VisualSVN Server 5.1.5. If upgrading from VisualSVN
Server version family 5.0.x or earlier, please read the
KB204: Upgrading to VisualSVN Server 5.1 article before
the upgrade.
Update for VisualSVN (a plug-in for Visual Studio)
Select an appropriate VisualSVN plug-in version with respect to your
Visual Studio version:
If you use Visual Studio 2015 or older, update to
VisualSVN 5.6.8.
You can get the latest version of the VisualSVN plug-in, appropriate for your Visual
Studio release, from the official download
page.
Upcoming update to OpenSSL 3.0
The OpenSSL 1.1.1 version family, which is currently used by VisualSVN
products, will reach End of Life in September of 2023. We are currently
actively working on updating VisualSVN products to OpenSSL 3.0. Releases
of VisualSVN products with an update to OpenSSL 3.0 are expected by the
end of summer of 2023.
We are happy to announce the release of VisualSVN 8.2 for Visual
Studio 2022. This release adds support for Visual Studio 2022 on
ARM64-powered devices and has several other enhancements.
You can download the latest VisualSVN 8.2 build from the official
download page.
Support for Visual Studio on ARM64
VisualSVN 8.2 enables Subversion integration in Visual Studio 2022 in native
ARM64 environments. The new version of the plug-in supports both x64 and
ARM64 versions of Visual Studio with a single universal VSIX installation
package.
To get started with VisualSVN 8.2 on ARM64, please also install TortoiseSVN
for ARM64, which is available from the
download page.
Upgrading existing licenses to VisualSVN 8.2
All VisualSVN 8.x licenses are eligible for a free upgrade to VisualSVN 8.2.
The upgrade to VisualSVN 8.2 is also free if you use VisualSVN under the
Community license.
If you don't qualify for a free upgrade, you can purchase an upgrade to
VisualSVN 8.2 using the
online purchase form.
We are glad to announce the new VisualSVN Server 5.1.4 patch release that
contains an update to Apache HTTP Server 2.4.57 and to APR Util 1.6.3.
The update to Apache HTTP Server 2.4.57 fixes the critical-level
CVE-2023-25690
vulnerability found in the mod_proxy module. Although this module is shipped
with VisualSVN Server, it is not loaded or enabled by default. Therefore,
this vulnerability does not affect VisualSVN Server installations unless
the module was manually enabled by the administrator. Another vulnerability
fixed in this update—CVE-2023-27522—is
related to the mod_proxy_uwsgi module, which is not shipped with
VisualSVN Server.
The update to APR Util 1.6.3 fixes the critical-level
CVE-2022-25147
vulnerability. This vulnerability also does not affect non-customized
installations of VisualSVN Server, because VisualSVN Server does not use
the functions provided by APR Util in a way that would allow this
vulnerability to be exploited.
Although these vulnerabilities do not affect non-customized installations
of VisualSVN Server, it is nevertheless strongly recommended that you
update to the new VisualSVN Server 5.1.4 build.
Update for VisualSVN Server
You can get this latest VisualSVN Server version from the official
download page.
VisualSVN Server version families earlier than 5.1.x are not supported,
and maintenance updates are not available for them. If you are using any
version family earlier than 5.1.x, it is strongly recommended that you
upgrade to VisualSVN Server 5.1.4. When upgrading from a version family
earlier than 5.1.x, please read the
KB204: Upgrading to VisualSVN Server 5.1 article before
the upgrade.
We are announcing that the End of Support for versions 4.3.x and 5.0.x
of VisualSVN Server will occur on March 31, 2023. After that date,
we will no longer provide maintenance and technical assistance for the 4.3.x and 5.0.x
version families of VisualSVN Server. Users who are running VisualSVN Server
5.0.x or older versions should plan an upgrade to the latest VisualSVN
Server 5.1.x builds.
You can download the latest VisualSVN Server builds from the
main download page.
Meanwhile, VisualSVN Server continues to be actively developed. We
continue to provide updates and support for VisualSVN Server 5.1.x, which
is the most recent version family.
What is more, we are working on substantial improvements and exciting new
features that are going to be introduced in the next updates.
Upgrade and compatibility concerns
The upgrade procedure is straightforward and in the majority of cases only
requires downloading and running the installer of the latest version of
VisualSVN Server. However, it is strongly recommended that you read the
article KB204: Upgrading to VisualSVN Server 5.1 before
beginning the upgrade.
We are glad to announce that VisualSVN products have been updated to
Apache HTTP Server 2.4.55 and OpenSSL 1.1.1t. Besides this,
relevant VisualSVN products are now updated to the Expat XML parser 2.5.0.
This update fixes a number of security vulnerabilities, some of which may
affect both the VisualSVN plug-in and VisualSVN Server. Therefore, updating
to the new builds is recommended for all users.
Versions of VisualSVN Server prior to this update are affected by the
moderate-severity
CVE-2006-20001
vulnerability. It allows an authenticated attacker to perform a
denial-of-service attack using a specially crafted request to the server.
The underlying issue has been fixed in Apache HTTP Server 2.4.55.
As for the vulnerabilities fixed in OpenSSL 1.1.1t, the VisualSVN plug-in
and default installations of VisualSVN Server are not affected by the
high-severity
CVE-2023-0286
vulnerability. However, versions of the VisualSVN plug-in and VisualSVN
Server prior to this update can potentially be affected by the
moderate-severity
CVE-2022-4450
vulnerability.
Other version families of VisualSVN Server are not supported, and
maintenance updates are not available for them. It is strongly recommended
to upgrade to VisualSVN Server 5.1.3 if you are using any version family
older than 4.3.x. Please read the
KB204: Upgrading to VisualSVN Server 5.1
article before upgrading.
Update for VisualSVN (a plug-in for Visual Studio)
Select an appropriate VisualSVN plug-in version with respect to your
Visual Studio version:
We are happy to announce the release of VisualSVN 8.1 for Visual
Studio 2022. This release improves support for the Open Folder mode, adds
IPv6 support and has several fixes.
You can download the VisualSVN 8.1.0 build from the official
download page.
Better integration with the Open Folder (Folder View) mode
We improved how VisualSVN integrates with the
Open Folder
mode in Visual Studio. Now all file and folder additions, renames and
deletes are automatically tracked and scheduled for the next commit.
As a separate enhancement, the auxiliary .svn folder is no
longer displayed in this mode and is no longer searched, as this was
cluttering the search results.
IPv6 support
VisualSVN 8.1 adds support for the IPv6 protocol. All the built-in
VisualSVN features such as the Add Solution to Subversion wizard are now
capable of communicating using IPv6. This makes it possible to use the
VisualSVN plug-in on IPv6-only networks and with IPv6-dependent services
such as Microsoft DirectAccess.
Upgrading existing licenses to VisualSVN 8.1
All VisualSVN 8.x licenses are eligible for a free upgrade to VisualSVN 8.1.
The upgrade to VisualSVN 8.1 is also free if you use VisualSVN under the
Community license.
If you don't qualify for a free upgrade, you can purchase an upgrade to
VisualSVN 8.1 using the online purchase form.
We are announcing the End of Support for the VisualSVN Server 4.2.x
version family that will occur on November 30, 2022. Users who are
running VisualSVN Server 4.2.x or older versions should plan an upgrade to
the latest VisualSVN Server 5.1.x builds.
The reason behind the upcoming End of Support for versions 4.2.x of VisualSVN Server is that these versions are linked with the 1.10.x
releases of Apache Subversion. However, the 1.10.x Long-Term Support release line of Apache Subversion has reached its End of Life in
accordance with the Apache Subversion’s release life-cycle.
Meanwhile, the whole product family of VisualSVN Server continues to be actively
developed. We continue to provide updates and support for versions 4.3.x, 5.0.x and 5.1.x
of VisualSVN Server.
What is more, we are working on substantial improvements and exciting new
features that are going to be introduced in the next updates.
Upgrade and compatibility concerns
The upgrade procedure is straightforward and in the majority of cases only requires downloading and running the installer of the latest
version of VisualSVN Server. However, it is strongly recommended that you read the article
KB204: Upgrading to VisualSVN Server 5.1 before beginning the upgrade.
We are glad to announce the VisualSVN 8.0.5 patch update. The update
resolves an issue with a missing context menu in some multi-display
configurations. Please see the
VisualSVN 8.0.5 changelog
for more information.
The update is recommended for all users of VisualSVN for Visual Studio
2022.
You can get the latest version of VisualSVN on the
official download page.
We are happy to announce the release of VisualSVN Server 5.1 with the
following main enhancements:
Uploading files in the web interface
Native HTTP Strict Transport Security (HSTS) support
Generating a new private key for TLS/SSL certificates
Server-wide access rules for Subversion authentication
There are several other improvements in the new release. For the complete
list of changes, see the
VisualSVN Server 5.1.0 changelog
The upgrade to VisualSVN Server 5.1 is recommended for all users. We
strongly advise reading the article
KB204: Upgrading to VisualSVN Server 5.1
before beginning the upgrade.
VisualSVN Server 5.1 adds support for uploading files into Subversion
repositories right from the web interface.
The new feature enables quick and simple file additions and modifications.
New files and modified versions of existing files can be uploaded directly
into a repository without having to use a working copy and a Subversion
client.
Being able to upload and modify files from a web browser introduces new
usage scenarios for VisualSVN Server and should be useful for less
technical users.
Native HTTP Strict Transport Security (HSTS) support
The HTTP Strict Transport Security (HSTS) policy enforces the use of the
secure HTTPS protocol when accessing the server. When the policy is enabled
on a server, all HSTS-capable clients will contact the server only through
a secure connection (HTTPS). Thus, this policy helps to protect against
man-in-the-middle attacks and does not allow users to ignore certificate
warnings.
Although all modern web browsers support HSTS, current Subversion client
versions do not. If you enable this option, it will be recognized by web
browsers but ignored by clients such as svn.exe and TortoiseSVN. However,
enabling HSTS does not have any negative effects on Subversion clients.
A new private key can be generated when creating a new Certificate Signing
Request (CSR). This feature can help users whose Certificate Authority (CA)
requires CSR to be always generated with a new private key.
Generating a new private key is also supported when creating a new
self-signed certificate or obtaining a certificate from Active Directory
Certificate Services (AD CS).
Server-wide access rules for Subversion authentication
VisualSVN Server 5.1 supports server-wide (global) access rules for the
Subversion authentication mode. These access rules can be configured on the
server-wide level and propagate to all repositories hosted on the server,
therefore simplifying administration.
Server-wide access rules for Subversion authentication were removed in
VisualSVN Server 2.6, and are reintroduced in version 5.1. This also
simplifies upgrade procedures for those upgrading from very old server
installations.
More enhancements
Other notable improvements in this version are listed below:
New Get-SvnRepositoryItemLock and Remove-SvnRepositoryItemLock PowerShell cmdlets to list and remove locks from a repository.
New installations now enable 'Implicit list folder permission' in the default repository security settings.
Configure access to the certificate directory using Service SID instead of the Service Logon account.
Configure access to the repositories root directory using Service SID instead of the Service Logon account.
The upgrade is free for all customers who have an active maintenance
subscription for Enterprise or Essential licenses. The upgrade is also free
for all customers who use VisualSVN Server under the Community license.
We are glad to announce VisualSVN Server patch releases that contain an
update to Apache HTTP Server 2.4.54 and OpenSSL 1.1.1q and fix several
issues.
The Apache HTTP Server 2.4.54 patch release addresses the
CVE-2022-31813
and CVE-2022-26377
vulnerabilities found in the mod_proxy and mod_proxy_ajp Apache modules,
respectively. Both affected modules are shipped with VisualSVN Server, but
they are not loaded or enabled by default. Therefore, these vulnerabilities
do not affect VisualSVN Server installations unless the modules were
manually enabled by an administrator.
Other vulnerabilities fixed in Apache HTTP Server 2.4.54 and OpenSSL 1.1.1q
do not affect up-to-date VisualSVN Server installations. Nevertheless,
upgrading to the new builds is recommended for all users.
Other version families of VisualSVN Server are not supported, and
maintenance updates are not available for them. It is
strongly recommended to upgrade to VisualSVN Server 5.0.x if you are
using any version family older than 4.2.x. Read the article
KB174: Upgrading to VisualSVN Server 5.0
before upgrading.
We are glad to announce the availability of patch releases for VisualSVN
products linked with OpenSSL 1.1.1o with a fix for the
CVE-2022-1292
vulnerability.
The
CVE-2022-1292
vulnerability does not affect up-to-date versions of VisualSVN products.
Although the vulnerability does not affect up-to-date VisualSVN products,
it is recommended that all users upgrade to the latest builds.
Other version families of VisualSVN Server are not supported, and
maintenance updates are not available for them. It is
strongly recommended to upgrade to VisualSVN Server 5.0.x if you are
using any version family older than 4.2.x. Read the article
KB174: Upgrading to VisualSVN Server 5.0
before upgrading.
Update for VisualSVN (a plug-in for Visual Studio)
Select an appropriate VisualSVN plug-in version with respect to your Visual
Studio version:
We are glad to announce the availability of patch releases for VisualSVN
products that are now based on the most up-to-date Apache Subversion
1.14.2 and 1.10.8. These patch releases also include an update
to zlib 1.2.12 and several other changes.
The update to Apache Subversion 1.14.2 and zlib 1.2.12 fixes several
vulnerabilities, but none of them affect up-to-date VisualSVN Server
installations or the VisualSVN plug-in. Although the
vulnerabilities do not affect up-to-date VisualSVN products, it is
recommended that all users upgrade to the latest builds.
Other version families of VisualSVN Server are not supported, and
maintenance updates are not available for them. It is
strongly recommended to upgrade to VisualSVN Server 5.0.x if you are
using any version family older than 4.2.x. Read the article
KB174: Upgrading to VisualSVN Server 5.0
before upgrading.
Update for VisualSVN (a plug-in for Visual Studio)
Select an appropriate VisualSVN plug-in version with respect to your Visual
Studio version:
We are happy to announce the release of VisualSVN Server 5.0 with the
following main enhancements:
Full-text search for repository content and history
Email notifications for background jobs
Implicit list folder permission for parents of readable paths
Scheduling incremental backups multiple times a day
Strong password policy for Subversion authentication
There are many other significant improvements related to various VisualSVN
Server features, some of which are listed below. For the complete list of
changes, see the
VisualSVN Server 5.0.0 changelog.
The upgrade to VisualSVN Server 5.0 is recommended for all users. We
strongly advise reading the article
KB174: Upgrading to VisualSVN Server 5.0
before beginning the upgrade.
Full-text search for repository content and history
One of the big changes in version 5.0 is the new full-text search feature.
We've built a custom search engine specifically for Subversion
repositories, considering their distinctive traits such as path-based
authorization, arbitrary repository layouts and file sizes.
The new search engine indexes every revision of the data stored in your
repositories and makes it searchable through the web interface. Users can
search for content, filename and log message matches in any folder they
have access to, and the results are filtered according to the authorization
settings.
Search is not limited to the HEAD revision, but instead every single
revision is searchable — whether it is the most recent revision
or a revision that was committed several years ago.
The search engine supports a wide set of capabilities, including:
VisualSVN Server 5.0 now supports email notifications for background jobs,
allowing for easier monitoring of their status and activity. Background job
notifications are sent after a job has finished running, notifying the
administrator of the job run status.
Imagine that a user has read access to /repos/project/trunk.
Previously, this would mean that:
The user cannot browse to this location starting from the server root.
The user cannot access it unless he knows the repository name and the exact path.
The user cannot see the repository in the repository list.
To remove these limitations, VisualSVN Server 5.0 adds a per-repository
option that automatically grants list folder permission to parents
of paths readable by a user.
This option allows users to browse to any location they have read access
to, starting from the server root. The actual read access levels are not
changed.
We recommend enabling the new option for all existing and new repositories.
For convenience, its state for new repositories can be
changed in the server configuration.
Strong password policy for Subversion authentication
To improve security of the environments that rely on user passwords,
VisualSVN Server 5.0 allows enforcing a strong password policy for the
Subversion authentication mode.
The strong password policy is also enabled by default for new
installations.
An administrator can configure the password policy by specifying the
desired minimum password length and password complexity.
Web interface no longer supports Internet Explorer
Starting from version 5.0, the VisualSVN Server web interface does not
support Internet Explorer. If you use Internet Explorer to access the web
interface, you are required to upgrade to Microsoft Edge or switch to
another supported browser.
Note that the Internet Explorer 11 desktop application will go out of
support (for certain operating systems) starting June 15, 2022. And
Microsoft encourages customers to move to Microsoft Edge with Internet
Explorer (IE) mode.
This change only affects the client repository web interface. It does
not affect any server administration capabilities or the VisualSVN
Server Manager console.
Deprecated TLS 1.0 and TLS 1.1 protocols are now at the Legacy level
During an upgrade of the existing server, the installer will offer an
option to change the TLS/SSL compatibility level setting. If you have
outdated clients that do not support TLS 1.2, please consider switching to
the Legacy level until those clients can be updated. Pay attention to the
following clients:
TortoiseSVN version 1.7.8 or older.
Subversion command line client version 1.8.x or older.
Please consider the list of other compatibility changes in VisualSVN Server 5.0:
Windows Server 2008 R2 and Windows Server 2012 are no longer supported.
The minimum supported operating system is Windows Server 2012 R2.
The outdated SSL 3.0 protocol is no longer supported.
Remote Server Administration of VisualSVN Server 4.1.x and older versions
is no longer supported.
Known issues
Please consider the
list of known issues
before upgrading to VisualSVN Server 5.0.
Upgrading to new version
The upgrade to VisualSVN Server 5.0 is recommended for all users. Please
read the
KB174: Upgrading to VisualSVN Server 5.0
before upgrading. The upgrade is free for all customers who have an active
maintenance subscription for Enterprise or Essential licenses. The upgrade
is also free for all customers who use VisualSVN Server under the Community
license.
We are glad to announce the update to Apache HTTP Server 2.4.53 and
OpenSSL 1.1.1n for relevant VisualSVN products. Besides this,
relevant VisualSVN products are now updated to Expat XML parser 2.4.6.
This update fixes a number of security vulnerabilities, some of which may
affect both VisualSVN and VisualSVN Server in certain configurations. Therefore,
updating to the new builds is recommended for all users.
Other version families of VisualSVN Server are not supported, and
maintenance updates are not available for them. It is strongly recommended
to upgrade to VisualSVN Server 4.3.7 if you are using any version family
older than 4.2.x. Please read the
KB167: Upgrading to VisualSVN Server 4.3 article before
upgrading.
Update for VisualSVN (a plug-in for Visual Studio)
Select an appropriate VisualSVN plug-in version with respect to your Visual
Studio version:
If you use Visual Studio 2015 or older, update to
VisualSVN 5.6.4. Note that
VisualSVN 5.6.4 is still using Expat XML parser 2.2.10. Update to Expat
XML parser 2.4.x is expected in future releases.
Get the latest version of VisualSVN from the official
download page.
We are glad to announce the availability of VisualSVN Server patch release
which includes updates to Apache HTTP Server 2.4.52, OpenSSL 1.1.1m and
Expat XML parser 2.4.3.
This update fixes several security vulnerabilities:
The update to Apache HTTP Server 2.4.52 fixes two vulnerabilities:
CVE-2021-44224
and CVE-2021-44790.
Default VisualSVN Server installations are not affected by these
vulnerabilities.
Other version families of VisualSVN Server are not supported and
maintenance updates are not available for them.
It is strongly recommended to upgrade to VisualSVN Server 4.3.x if
you are using any version family older than 4.2.x. Read the
KB167: Upgrading to VisualSVN Server 4.3 article
before upgrading.
We officially announce that VisualSVN products are NOT AFFECTED by
the recently disclosed
CVE-2021-44228
vulnerability, also known as Log4Shell. Please find the details below.
Vulnerability information
CVE-2021-44228
is a critical remote code execution vulnerability in the Apache Log4j Java
library. Information about the vulnerability has been publicly disclosed on
December 9, 2021. At the time of writing, the vulnerability is known to be
actively exploited in the wild.
VisualSVN Server is not affected
VisualSVN Server is NOT AFFECTED by the CVE-2021-44228 (Log4Shell)
vulnerability.
VisualSVN Server and its components are not based on Java, and they do not
depend on the vulnerable Apache Log4j library.
Although VisualSVN Server itself is not affected, it is recommended to
check if your Subversion repositories have custom or third-party hooks
that use Java and the vulnerable Apache Log4j library. If so, the risks are
still limited because triggering a hook script requires access permissions
to the corresponding repository. However, in this case it is strongly
recommended to follow the official guidelines on mitigating the
vulnerability.
VisualSVN for Visual Studio is not affected
VisualSVN for Visual Studio is NOT AFFECTED by the CVE-2021-44228
(Log4Shell) vulnerability.
VisualSVN for Visual Studio and its components are not based on Java, and
they do not depend on the vulnerable Apache Log4j library.
We are glad to announce the VisualSVN 8.0.1 patch update with fixes related
to the Visual Studio 2022 support.
Compared to the previous versions, Visual Studio 2022 is a 64-bit
application, and the update includes a hotfix for one related error that
could occur with certain project types. Please see the details and the
complete list of changes in the
VisualSVN 8.0.1 changelog.
The update is recommended for all users of VisualSVN for Visual Studio
2022.
You can get the latest version of VisualSVN on the
official download page.
We are happy to announce the release of VisualSVN 8.0 that adds support
for Visual Studio 2022. For the complete list of changes see the
VisualSVN 8.0 changelog.
Upgrading to VisualSVN 8.0 is necessary if you are switching to Visual
Studio 2022. Professional and Site licenses issued before
June 17th, 2021 require purchasing an upgrade for VisualSVN 8.0. The
upgrade to VisualSVN 8.0 is free if you use VisualSVN under the Community
license.
VisualSVN 8.0 can be installed and updated directly in Visual Studio
(Extensions | Manage Extensions). You can also download the latest
VisualSVN 8.0 build from the official
download page.
VisualSVN 8.0 enables full integration with Visual Studio 2022, which is
now a 64-bit application.
Visual Studio 2022 is the first 64-bit version of Visual Studio that allows
you to work with the most complex solutions without considering memory
constraints. To allow for a seamless integration, all internal components
of VisualSVN 8.0 have been migrated to the 64-bit architecture as well.
Personal and Corporate licenses reintroduced
Starting from October 2021, the Professional license that has been
available in recent years is replaced by the reintroduced Personal
and Corporate licenses:
Personal license is intended for use by individuals and is
licensed to a specific named person.
Corporate license is intended for use by companies and
organizations and is licensed per developer.
The Professional license is now obsolete and will be upgraded to one of the
new license types when ordering an upgrade to VisualSVN 8.0. However, all
Professional licenses issued on or after June 17th, 2021 are eligible for a
free upgrade to VisualSVN 8.0 without requiring to change the license key.
There are no changes to the free Community license and to the Site license
for large organizations. Please, see the
VisualSVN Licensing
page for more information.
Upgrading existing licenses to VisualSVN 8.0
All VisualSVN 7.x licenses issued on or after June 17th, 2021 are eligible
for a free upgrade to VisualSVN 8.0 without requiring to change the license
key. The upgrade to VisualSVN 8.0 is also free if you use VisualSVN under
the Community license.
Commercial licenses issued before June 17th, 2021 require an upgrade
purchase for VisualSVN 8.0. In connection with the reintroduced Personal
and Corporate license types, there is a special procedure for upgrading
existing licenses to version 8.0.
Regular upgrade prices are as follows:
Upgrade to Personal license: $29 (for individual use only).
Upgrade to Corporate license: $69 per developer.
Site license upgrade: $1950 per site.
Also, please note that until November 21, an upgrade to Corporate license is
available for $49 per developer.
We are glad to announce the update to Apache HTTP Server 2.4.51 and
OpenSSL 1.1.1l for relevant VisualSVN products. This update fixes
several security vulnerabilities.
VisualSVN Server is not affected by the critical
CVE-2021-41773
and
CVE-2021-42013
vulnerabilities that were recently found in the Apache HTTP Server. Default
VisualSVN Server installations also are not affected by the other
vulnerabilities found in the Apache HTTP Server. However, both VisualSVN
and VisualSVN Server may be affected by the
CVE-2021-3711
and
CVE-2021-3712
vulnerabilities found in OpenSSL, so updating to the new builds is
highly recommended for all users.
Other version families of VisualSVN Server are not supported, and
maintenance updates are not available for them. It is strongly recommended
to upgrade to VisualSVN Server 4.3.5 if you are using any version family
older than 4.2.x. Please read the
KB167: Upgrading to VisualSVN Server 4.3 article before
upgrading.
Update for VisualSVN (a plug-in for Visual Studio)
Select an appropriate VisualSVN plug-in version with respect to your Visual
Studio version:
We are glad to announce the availability of VisualSVN Server patch releases
based on Apache HTTP Server 2.4.48. There are a number of security
vulnerabilities addressed in these patch releases, but none of these
vulnerabilities affect up-to-date VisualSVN Server installations.
Nevertheless, upgrading to the new builds is recommended for all users.
Other version families of VisualSVN Server are not supported, and
maintenance updates are not available for them. It is strongly recommended
to upgrade to VisualSVN Server 4.3.4 if you are using any version family
older than 4.2.x. Please read the
KB167: Upgrading to VisualSVN Server 4.3 article before
upgrading.
We are glad to announce the release of VisualSVN and VisualSVN Server
builds linked with OpenSSL 1.1.1k that contain fixes for two high severity
vulnerabilities:
CVE-2021-3450
and CVE-2021-3449.
Up-to-date VisualSVN Server installations are affected only by the
CVE-2021-3449
vulnerability that allows a remote attacker to cause a denial of service.
Exploiting this vulnerability does not require an attacker to be
authenticated on a target server, so upgrading to VisualSVN Server 4.3.3 is
highly recommended for all users.
Up-to-date VisualSVN installations are not affected by any of the
aforementioned vulnerabilities. Nevertheless, upgrading to the new builds
is recommended for all users.
Other version families of VisualSVN Server are not supported and
maintenance updates are not available for them. It is strongly recommended
to upgrade to VisualSVN Server 4.3.3 if you are using any version family
older than 4.2.x. Please read the
KB167: Upgrading to VisualSVN Server 4.3 article before
upgrading.
Upgrade for VisualSVN (a plug-in for Visual Studio)
Select an appropriate VisualSVN plug-in version with respect to your Visual
Studio version:
We are glad to announce the release of VisualSVN 7.3.2 patch update. This
update fixes a bug with status icons not being correctly displayed in
Visual Studio 2019 version 16.9.0. Please see the
VisualSVN 7.3.2 changelog.
The update is recommended for all users of VisualSVN for Visual Studio 2019.
You can get the latest version of VisualSVN on the
official download page.
We are glad to announce the availability of patch releases for VisualSVN
products that are now based on the most up-to-date
Apache Subversion 1.14.1. These patch releases also include a
cumulative update to OpenSSL 1.1.1j and some other changes.
Update to Apache Subversion 1.14.1 contains a fix for
CVE-2020-17525
which is rated as a high severity server-side vulnerability. However,
up-to-date VisualSVN Server installations are not affected as the
mod_authz_visualsvn module used in the server is not vulnerable to this
issue. Update to OpenSSL 1.1.1j contains cumulative fixes for three CVEs,
but none of them affects up-to-date VisualSVN or VisualSVN Server
installations.
Nevertheless, upgrading to the new builds is recommended for all users.
Other version families of VisualSVN Server are not supported and
maintenance updates are not available for them. It is strongly
recommended to upgrade to VisualSVN Server 4.3.x if you are using any
version family older than 4.2.x. Read the
KB167: Upgrading to VisualSVN Server 4.3 article
before upgrading.
Upgrade for VisualSVN (a plug-in for Visual Studio)
Select an appropriate VisualSVN plug-in version with respect to your Visual
Studio version:
We are announcing End of Support for the VisualSVN Server 4.1.x
version family that will happen on January 15, 2021. Users who are
running VisualSVN Server 4.1.x or older versions should plan an upgrade to
the latest VisualSVN Server 4.3.x builds.
The whole product family of VisualSVN Server continues to be actively
developed. We continue to provide updates and support for VisualSVN Server
4.3.x which is the most recent version family and is linked with up-to-date
OpenSSL 1.1.1, Apache HTTP Server 2.4.x, and Apache Subversion 1.14.x
Long-Term Support release. We also continue to provide maintenance updates
and support for the VisualSVN Server 4.2.x version family which is linked
with Apache Subversion 1.10.x.
What is more, we are working on substantial improvements and exciting new
features that are going to be introduced in the next updates.
Upgrade and compatibility concerns
Upgrade to VisualSVN Server 4.3.x is recommended for all users. The upgrade
process is straightforward, but it is highly recommended to read the
article KB167: Upgrading to VisualSVN Server 4.3 beforehand.
The Apache HTTP Server 2.4.46 release fixes the
CVE-2020-9490,
CVE-2020-11993 and
CVE-2020-11984
vulnerabilities, but none of them affect up-to-date VisualSVN Server
installations. The vulnerabilities were found in the mod_http2 and
mod_proxy_uwsgi Apache modules which are not used in VisualSVN Server.
Nevertheless, the upgrade to newer VisualSVN Server builds is recommended
for all users.
You can get the latest VisualSVN Server version on the official
download page.
Maintenance releases
Choose an appropriate maintenance patch update if you do not want to
perform a significant upgrade right now:
Other version families of VisualSVN Server are not supported and
maintenance updates are not available for them. It is strongly
recommended to upgrade to VisualSVN Server 4.3.x if you are using any
version family older than 4.1.x. Read the
KB167: Upgrading to VisualSVN Server 4.3 article
before upgrading.
We are glad to officially announce VisualSVN Server 4.3 and new versions of
VisualSVN for Visual Studio that bring an update to Apache Subversion 1.14
LTS (Long-Term Support) release.
Upgrade to the latest VisualSVN Server and VisualSVN plug-in is recommended
for all users:
Apache Subversion 1.14 is the latest LTS (Long-Term Support) release that
includes all improvements, features, and bug fixes since the previous 1.10
LTS release. It also includes changes not present in any earlier releases.
For the complete list of changes, please refer to the
Apache Subversion 1.14 Release Notes.
Subversion LTS releases are made available every 2 years and get a 4-year
support period. See the details on the
Apache Subversion Roadmap page.
Upgrade for VisualSVN Server
VisualSVN Server 4.3 brings an update to Apache Subversion 1.14 and
includes several bug fixes. Note that it is backward compatible with all
older Subversion clients. For more details and the VisualSVN Server 4.3
client compatibility matrix, see the
VisualSVN Server 4.3 Release Notes.
Upgrade to VisualSVN Server 4.3 is recommended for all users. The upgrade
is easy and straightforward. For further details, please read the
KB167: Upgrading to VisualSVN Server 4.3 article.
TortoiseSVN 1.13.x users may choose to upgrade VisualSVN now, and
upgrade TortoiseSVN once the version 1.14.1 is released. Both
TortoiseSVN 1.13.x and TortoiseSVN 1.14.x are fully compatible with the
upgraded VisualSVN plug-in and use the same working copy format.
We are announcing End of Support for the VisualSVN Server 4.0.x
version family that will happen on June 1st, 2020. Users who are
running VisualSVN Server 4.0.x or older versions should plan an upgrade to
the latest VisualSVN Server 4.2.x builds.
The whole product family of VisualSVN Server continues to be actively
developed. We continue to provide updates and support for VisualSVN Server
4.2.x which is the most recent version family and is linked with up-to-date
OpenSSL 1.1.1, Apache HTTP Server 2.4.x, and Apache Subversion 1.10.x
Long-Term Support release. We also continue to provide maintenance updates
and support for the VisualSVN Server 4.1.x version family.
What is more, we are working on substantial improvements and exciting new
features that are going to be introduced in the next updates.
Upgrade and compatibility concerns
Upgrade to VisualSVN Server 4.2.x is recommended for all users. The upgrade
process is straightforward, but it is highly recommended to read the
article KB161: Upgrading to VisualSVN Server 4.2 beforehand.
We are glad to announce the release of VisualSVN Server updates linked
with OpenSSL 1.1.1g. The OpenSSL 1.1.1g contains a fix for a high
severity CVE-2020-1967
vulnerability, which potentially affects up-to-date VisualSVN Server
installations. Update to the newest builds is therefore recommended to all
users.
The VisualSVN Server 4.2.2 is available on the official
download page.
For the full list of changes, see the VisualSVN Server 4.2.2
changelog.
Note that the CVE-2020-1967 vulnerability does not affect the VisualSVN
Server 4.0.x family. That is because the previous build of this version
family gets updated from OpenSSL 1.1.1c, which is not vulnerable to the
CVE-2020-1967.
New builds also include the update to Apache HTTP Server 2.4.43 which
fixes two CVEs:
CVE-2020-1934
and
CVE-2020-1927.
Up-to-date VisualSVN Server installations are potentially affected by the
CVE-2020-1927, which is a medium severity vulnerability.
Other version families of VisualSVN Server are not supported and
maintenance updates are not available for them. It is strongly recommended
to upgrade to VisualSVN Server 4.2.x if you are using any version family
older than 4.0.x. Read the
KB161: Upgrading to VisualSVN Server 4.2
article before upgrade.
We are glad to announce the availability of VisualSVN Server 4.2.1 that
includes a fix for a bug that might cause failure when restoring a repository from backup.
The upgrade to the VisualSVN Server 4.2.1 is recommended for all VisualSVN
Server users. You can get the latest version of VisualSVN Server on the
official download page.
Upgrade to VisualSVN Server 4.2 is recommended for all users. Upgrade is
easy and straightforward, but we strongly advise reading the
KB161: Upgrading to VisualSVN Server 4.2 article beforehand
(especially if you are upgrading from VisualSVN Server 3.9 or older
versions).
VisualSVN Server 4.2 introduces finding files and folders in the web
interface. Web interface supports finding files in the entire repository
as well as in subfolders, including branches or tags. Furthermore, there
is an option for finding files at a specific repository revision. A search
query can include the asterisk (*) and question-mark (?) wildcard
characters.
Web interface finds files and folders based on user access rights, keeping
your data secure from unauthorized use. If no access is allowed, files will
not be shown in the search output and cannot be retrieved in any other
way.
VisualSVN Server 4.2 adds Job History to the VisualSVN Server Manager
console that shows a quick summary on a particular job. The detailed
information on each particular job run instance is available with the
Show Details option. For instance, an in-depth information on a
Verify Repository job may help finding out in which of repositories a
corruption has been found.
Job History shows all the runs that are currently present in the VisualSVN
Server Background Jobs event log.
Managing local Subversion users, groups and their permissions with PowerShell
VisualSVN Server 4.2 adds new PowerShell cmdlets for managing local
Subversion user and group accounts and their access rules.
The new capabilities are as follows:
Create, remove and manage local Subversion user accounts.
Create, remove and manage Subversion group accounts and its members.
Manage access rights for Subversion authentication.
VisualSVN Server 4.2 also has several other notable changes:
New Multi-Processing Module (MPM) dynamically adapting to workload.
New module improves performance by using a dynamically-sized thread pool
that scales with the number of connected clients and the available server
resources.
Do not backup rep-cache.db. Recreate the rep-cache file when
restoring a repository from backup instead. As a consequence,
incremental backups for large repositories are indeed small.
Disallow creating user and group accounts with the same names but
with different letter case. Existing users with identical names,
if any, will not be affected.
The upgrade is free for all customers who have active maintenance
subscription for Enterprise or Essential licenses. The upgrade is also
free for all customers who use VisualSVN Server under the Community
license.
We are glad to officially introduce VisualSVN 7.2, 6.6 and
5.5 for Visual Studio which are built on Apache Subversion 1.13.
Upgrade to the latest versions of VisualSVN plug-in is recommended for all
users. Latest VisualSVN builds are available on the official
download page.
What’s new in Apache Subversion 1.13
Apache Subversion 1.13 is the latest regular (non-LTS) release that includes
several improvements and bug fixes. For the complete list of changes, please
refer to the Apache
Subversion 1.13 Release Notes.
Non-LTS releases are made available every 6 months and designated to deliver
new features and enhancements in a timely fashion. See the details on the
Apache
Subversion Roadmap page.
Upgrade for VisualSVN (a plug-in for Visual Studio)
Select the appropriate VisualSVN plug-in version with respect to your Visual
Studio version:
If you use Visual Studio 2019, upgrade to
VisualSVN 7.2.
If you use Visual Studio 2017, upgrade to
VisualSVN 6.6.
If you use Visual Studio 2015 or older, upgrade to
VisualSVN 5.5.
The upgrade procedure is straightforward and does not require upgrading your
working copies. To fully benefit from the improvements made in Apache
Subversion 1.13, consider an upgrade to the latest TortoiseSVN version.
Installation files are available on the
download page.
VisualSVN Server compatibility
Clients based on Subversion 1.13 are fully compatible with VisualSVN Server
4.1 that is built on Subversion 1.10.
We draw your attention that Subversion 1.10 is the latest available
Long-Term Support
release. Given that no significant server-side or protocol-related changes
have been introduced in subsequent regular Subversion 1.11, 1.12, 1.13 releases,
VisualSVN Server 4.1 functionality is entirely consistent with any of those
non-LTS releases.
We are announcing End of Support for the VisualSVN Server 3.9.x version
family that will happen on December 31th, 2019. Users that are running
VisualSVN Server 3.9.x or older versions should plan an upgrade to the latest
VisualSVN Server 4.1.x builds.
The whole product family of VisualSVN Server continues to be actively
developed. We continue to provide updates and support for VisualSVN Server
4.1.x which is the most recent version family and is linked with
up-to-date OpenSSL 1.1.1, Apache HTTP Server 2.4.x, and Apache
Subversion 1.10.x Long-Term Support release. We also continue to provide
maintenance updates and support for the VisualSVN Server 4.0.x version
family.
What is more, we are working on substantial improvements and exciting new
features that are going to be introduced in the next updates.
Starting from version 4.0, Standard and Enterprise Editions are replaced
with new Community, Essential, and Enterprise licenses. During the
upgrade to version 4.1, your server will automatically switch to the new
licensing model. If you are upgrading from Standard Edition, in most
cases, it will be automatically replaced by the free Community license.
However, if you use Windows Authentication or if there are more than 15
Subversion user accounts, you will need to apply a sufficient Essential or
Enterprise license key or start the 45 days evaluation period. Read the
article KB147: How the licensing model changes in VisualSVN Server 4.0 for more information.
Starting from VisualSVN Server 4.0, the repository web interface no
longer supports Internet Explorer 10. You need to upgrade to Internet
Explorer 11 or use another browser that is supported by the repository
web interface. Please read the article
KB151: Browsers supported by VisualSVN Server Web Interface for more
information.
We are happy to announce the release of VisualSVN Server 4.1 with the following
main enhancements:
Pack Repository background job. This new scheduled background job
allows to
pack repositories
on a regular basis. Packing reduces the number of files on disk and
therefore reduces storage and maintenance overhead. For further information
and configuration instructions please consider the article
KB156: Getting started with Pack Repository Jobs.
Side-by-side diff for images in the web interface. New side-by-side
diff for images in the web interface makes it possible to preview image
differences in the web browser.
TLS 1.3 protocol support. TLS 1.3 is the most recent version of the
HTTP encryption protocol that provides enhanced security, performance and
privacy compared to the previous versions. VisualSVN Server now fully
supports this version of the protocol and enables it by default. Note that
TLS 1.3 will be actually used only if it is supported by the client.
New Enterprise Multinode license. The new license type is suitable
for multisite VisualSVN Server deployments. If you use the
Multisite Repository Replication
feature and have several VisualSVN Server instances connected within a
single distributed VDFS cluster, you can now purchase a single Enterprise
Multinode license and use it on all these server instances. This option
is cost-effective, and it also simplifies deployment and licensing-related
maintenance tasks.
Upgrade to VisualSVN Server 4.1 is recommended for all users. Upgrade is
easy and straightforward, but we strongly advise reading the
KB152: Upgrading to VisualSVN Server 4.1 article beforehand
(especially if you are upgrading from VisualSVN Server 3.9 or older
versions).
The new release adds a capability to deploy and manage the
Repository Management Delegation
feature via PowerShell and deprecates two existing cmdlets.
The upgrade is free for all customers who have active maintenance
subscription for Enterprise or Essential licenses. The upgrade is also
free for all customers who use VisualSVN Server under the Community
license.
Up-to-date VisualSVN Server installations are potentially affected by the
CVE-2019-10098
vulnerability. This is a low-risk vulnerability and it has
no security impact in VisualSVN Server. Nevertheless, the upgrade to newer
VisualSVN Server builds is recommended for all users.
Note that the Apache HTTP Server 2.4.41 patch release also addresses the
CVE-2019-10092
and
CVE-2019-10097
vulnerabilities found in the mod_proxy and mod_remoteip Apache modules,
respectively. Both affected modules are shipped with VisualSVN Server, but
they are not loaded or enabled by default. Therefore, these
vulnerabilities do not affect VisualSVN Server installations unless the
modules were manually enabled by an administrator.
Maintenance releases
Choose an appropriate maintenance patch update if you do not want to
perform a significant upgrade right now:
Other version families of VisualSVN Server are not supported and
maintenance updates are not available for them. It is strongly
recommended to upgrade to VisualSVN Server 4.0.x if you are using any
version family older than 3.8.x. Read the
KB149: Upgrading to VisualSVN Server 4.0 article
before upgrading.
We are announcing End of Support for the VisualSVN Server 3.8.x version
family that will happen on September 30th, 2019. Users that are running
VisualSVN Server 3.8.x should plan an upgrade to the latest VisualSVN
Server 4.0.x builds.
The whole product family of VisualSVN Server continues to be actively
developed. We continue to provide maintenance updates and support for
VisualSVN Server 4.0.x which is the most recent version family and is linked
with up-to-date OpenSSL 1.1.1, Apache HTTP Server 2.4.x and Apache Subversion
1.10.x. We also provide support and release updates for VisualSVN Server
3.9.x that is linked with OpenSSL 1.0.2.
What is more, we are working on substantial improvements and exciting new
features that are going to be introduced in the next updates.
Starting from version 4.0, Standard and Enterprise Editions are replaced
with new Community, Essential and Enterprise licenses. During the upgrade
to version 4.0, your server will automatically switch to the new licensing
model. If you are upgrading from Standard Edition, in most cases it will be
automatically replaced by the free Community license. However, if you use
Windows Authentication or if there are more than 15 Subversion user accounts,
you will need to apply a sufficient Essential or Enterprise license key or
start the 45 days evaluation period. Read the article
KB147: How the licensing model changes in VisualSVN Server 4.0 for more information.
Starting from VisualSVN Server 4.0, the repository web interface no longer
supports Internet Explorer 10. You need to upgrade to Internet Explorer 11
or use another supported browser with the repository web interface. Read
the article KB151: Browsers supported by VisualSVN Server Web Interface for more
information.
We are happy to announce the release of VisualSVN 6.5. VisualSVN
6.5 is a maintenance release that adds support for multiple working
copies within a single solution.
Support for multiple working copies within a single solution was first
introduced in VisualSVN 7.1 for
Visual Studio 2019. This new functionality is now also available to Visual
Studio 2017 users. See the changelog
for a complete list of changes.
You can download the latest VisualSVN 6.5 build from the official
download page.
Multiple working copies within a single solution
All working copies in your solution now show up in the Pending Changes
window, where all common operations such as Update and Commit can be
performed on them using the context menu. Most of the global commands in
VisualSVN's main menu and the traffic-light status in Solution Explorer
respect the multiple working copies too.
While it is still generally recommended to follow a single working copy
approach (which is not affected by the new functionality), support for
multiple working copies enhances the VisualSVN plug-in's capabilities for
web development projects and for projects with complex solution layout. It
also comes in useful when migrating from other source control systems.
Upgrading existing licenses to VisualSVN 6.5
All VisualSVN 6.x licenses are eligible for a free upgrade to VisualSVN
6.5. VisualSVN 5.x licenses issued on or after March 30th, 2016 are
eligible for a free upgrade, too. The upgrade to VisualSVN 6.5 is also
free if you use VisualSVN under the Community license.
If you have older VisualSVN license keys you can purchase an upgrade to
VisualSVN 7.x license that is also valid for VisualSVN 6.x versions. You
can purchase an upgrade to VisualSVN 7.x using the
online purchase form.
We are glad to announce the availability of patch releases for VisualSVN
products. Both VisualSVN and VisualSVN Server are now based on the most
up-to-date Apache Subversion 1.12.2 and 1.10.6 LTS builds.
Besides this, there is also an upgrade to Expat XML parser 2.2.7 and some
other important fixes.
Apache Subversion 1.12.2 patch release addresses the
CVE-2018-11782
and
CVE-2019-0203
DoS vulnerabilities, which do not affect VisualSVN products.
However, up-to-date VisualSVN Server installations are affected by the
CVE-2018-20843
(remotely triggerable DoS, requires read access to the
target server) that was addressed in the Expat XML parser 2.2.7 patch
release. We consider the risks to be moderate, because VisualSVN Server
does not allow anonymous read access. Therefore, upgrading to the new
VisualSVN Server builds is highly recommended for all users.
It is also recommended to upgrade to version 4.0.3 if you are using an
earlier version family of VisualSVN Server. Please, read
VisualSVN Server 4.0 Release Notes
to find out what's new in the latest release. For detailed
upgrade instructions please consider the
KB149: Upgrading to VisualSVN Server 4.0 knowledge base
article.
Choose an appropriate patch build if you do not want to perform a
significant upgrade right now:
Other version families of VisualSVN Server are not supported and
maintenance updates are not available for them. It is strongly
recommended to upgrade to VisualSVN Server 4.0.x if you are using any
version family older than 3.8.x. Read the
KB149: Upgrading to VisualSVN Server 4.0 article
before upgrading.
Update for VisualSVN (a plug-in for Visual Studio)
You can download the latest VisualSVN 7.1.2 (for Visual Studio
2019), 6.4.1 (for Visual Studio 2017) and 5.4.1
(for Visual Studio 2015 and older) from the official
download page.
Please note that VisualSVN 6.x or older users who do not have a valid 7.x
license may need to upgrade the licenses. The upgrade is free if you are
using VisualSVN under the Community License. For further details, please
check the VisualSVN plug-in Licensing
page.
We are happy to announce the release of VisualSVN 7.1. VisualSVN 7.1
adds support for multiple working copies within a single solution
and brings an update to the latest regular (non-LTS) Apache Subversion 1.12
release.
See the changelog for the
complete list of changes.
You can download the latest VisualSVN 7.1 build from the official
download page. Please note that
VisualSVN 7.1 supports Visual Studio 2019 only.
Users of Visual Studio 2017 and older versions can upgrade to VisualSVN 6.4
or 5.4 that also received an update to Apache Subversion 1.12.0. You can
download them from the same official download
page. Choose the appropriate download depending on your Visual Studio
version:
If you are using Visual Studio 2017, you should upgrade to VisualSVN 6.4.
See the VisualSVN 6.4.0 changelog
for the complete list of changes.
If you are using Visual Studio 2015 or older, you should upgrade to
VisualSVN 5.4. See the VisualSVN 5.4.0
changelog for the complete list of changes.
Multiple working copies within a single solution
VisualSVN 7.0 and older require the solution file and all the projects to
be located under the same filesystem subtree in a single working copy.
VisualSVN 7.1 introduces support for multiple working copies within a
single solution.
All working copies in your solution now show up in the Pending Changes
window, where all common operations such as Update and Commit can be
performed on them using the context menu. Most of the global commands in
VisualSVN's main menu and the traffic-light status in Solution Explorer
respect the multiple working copies too.
While it is still generally recommended to follow a single working copy
approach (which is not affected by the new functionality), support for
multiple working copies enhances the VisualSVN plug-in's capabilities for
web development projects and for projects with complex solution layout. It
also comes in useful when migrating from other source control systems.
What’s new in Apache Subversion 1.12
The main changes introduced in Apache Subversion 1.12 are:
Improvements to the conflict resolver. The interactive conflict
resolver now may automatically handle scenarios with moved files and
folders when tree conflict reports a "locally missing" item while merging.
Various enhancements and bug fixes.
Updates of the experimental features.
For the complete list of changes, please consider the
Apache
Subversion 1.12 Release Notes. Note that Apache Subversion 1.12
is a non-LTS release, which is the second of the new 6-month regular releases
with an emphasis on introducing new features more quickly and with a shorter
support period. See the details on the
Apache
Subversion Roadmap page.
Upgrading existing licenses to VisualSVN 7.1
All VisualSVN 7.0 licenses are eligible for a free upgrade to VisualSVN
7.1. VisualSVN 6.x licenses issued on or after December 4th, 2018 are
eligible for a free upgrade, too.
The upgrade to VisualSVN 7.1 is free if you use VisualSVN under the
Community license.
Note that upgrading to VisualSVN 6.4 and 5.4 with a valid 6.x or 5.x license
is free and does not require a license upgrade.
We are glad to announce the release of VisualSVN Server 4.0.2 patch update
that resolves a small technical issue with how Windows users are counted
with respect to the
new licensing model.
VisualSVN Server versions 4.0.0 and 4.0.1 have a minor bug that could
affect how Windows users are counted towards the limit of the new
licenses. More specifically, Windows users with no repository access could
have been incorrectly counted as
active after viewing the repositories
list. This issue is resolved in the VisualSVN Server 4.0.2 patch update.
See the changelog for the complete list of
changes.
The update is recommended for all users of VisualSVN Server 4.0.x. You can
get the latest version of VisualSVN from the official
download page.
We are glad to announce the availability of VisualSVN Server 4.0.1 that
incorporates an update to OpenSSL 1.1.1с and includes several minor
refinements.
OpenSSL 1.1.1c patch release addresses the
CVE-2019-1543
vulnerability. Non-customized VisualSVN Server installations are not
affected by this vulnerability, because all predefined
TLS/SSL compatibility levels
do not allow using the affected ChaCha20-Poly1305 cipher. Nevertheless, we
recommend that all VisualSVN Server users update to the new builds.
You can get the latest version of VisualSVN Server on the official
download page.
We are happy to announce the release of VisualSVN Server 4.0 with the following
main enhancements:
Viewing Word, Photoshop and Illustrator files in
the web interface.
Blame/Annotate view in the web interface.
New licensing model with Community, Essential and Enterprise licenses.
A number of new and updated PowerShell cmdlets.
There are many other significant improvements related to various VisualSVN
Server features, some of which are listed below. For the complete list of
changes, see the VisualSVN Server 4.0.0
changelog.
Upgrade to VisualSVN Server 4.0 is recommended for all users. The upgrade
is easy and straightforward, but it is highly recommended to read the
KB149: Upgrading to VisualSVN Server 4.0 article beforehand
(especially if you are upgrading from VisualSVN Server Standard Edition).
Viewing Word, Photoshop and Illustrator files in the web interface
VisualSVN Server 4.0 adds support for .docx,
.psd and .ai
files preview in the web interface. Viewing works
entirely on the client-side (in the browser) and supports all standard kinds
of the specified file formats. It dramatically improves the usability of
VisualSVN Server and Subversion as a Document Management System (DMS).
Try the new feature by clicking one of the documents in the
demo
repository.
Blame/Annotate view in the web interface
VisualSVN Server 4.0 adds the Blame/Annotate view to the web interface.
In the blame view, each line in the file gets annotated with the author,
date and revision number of the most recent change. Blame view also features
the Blame previous revision command that helps to efficiently examine
blame results for earlier revisions.
New licensing model with Community, Essential and Enterprise licenses
The previous licensing model with a flat $950 price for Enterprise license
was introduced back in 2010. A lot of things have changed since then, and
that's why we have decided to make this change.
Starting from version 4.0, VisualSVN Server is available under three different licenses:
Community license (free). This free and fully functional license
enables core VisualSVN Server features such as the VisualSVN Server Manager
MMC console, PowerShell Scripting
and Automation, rich HTML5-
powered web interface and support for secure HTTPS. The free Community
license is available for commercial use and allows creating up to 15
Subversion user accounts.
Essential license (paid). This license allows using all features of
the Community license and adds additional features such as Scheduled
Backup Jobs and Multisite
Repository Replication (VDFS). The cost of the license depends on the
maximum number of active users and the VDFS repositories allowed by the license.
With the new licensing model, the minimal price for the paid Essential and
Enterprise licenses is $55 and $350 respectively, and this makes paid features
available to a wider range of users. At the same time, new licensing model
provides a fundamental basis for further development of advanced enterprise
features required by large customers. We are already actively working on
exciting new features that will become available in the upcoming releases.
To ensure a smooth transition for enterprise customers, all existing Enterprise
licenses with an active maintenance are treated as valid licenses for VisualSVN
Server 4.0 with an unlimited number of users and VDFS repositories. Thus, you
can upgrade to VisualSVN Server 4.0 right now and without any unexpected expenses.
Moreover, all existing customers have an opportunity
to renew their Enterprise licenses for the old $475 price (and for an
unlimited number of users and VDFS repositories, too). This is a one-time
opportunity available only for pre-4.0 licenses with an active maintenance
subscription that were purchased before May 15, 2019. Further renewals
will be processed using the new pricing model.
Are there any discounts for those who are upgrading from the Standard Edition?
We provide a 50% discount for all the existing customers who have more
than 15 Subversion user accounts and are going to upgrade to the Essential
license. Please use the RPCNTZ7TRL coupon code which is valid
until September 1, 2019.
We also are going to provide a significant discount for all the existing
customers who were using Windows Basic Authentication in Standard Edition
and are going to upgrade to the Enterprise license. Please contact us at sales@visualsvn.com to get
your individual coupon code. This opportunity is available until
September 1, 2019 too.
A number of new and updated PowerShell cmdlets
VisualSVN Server 4.0 adds TLS/SSL server certificate management capabilities
to the Get- and Set-SvnServerConfiguration PowerShell cmdlets and also introduces
the following new cmdlets:
VisualSVN Server 4.0 introduces a number of other significant improvements,
such as the following:
Updated look & feel of the web interface. The web interface received
several look and feel tweaks and improvements including a new navbar and
revamped Commit Details view.
Downloading folders in the web interface. Any folder inside a repository
may now be downloaded as a ZIP archive using the `Download` button.
Linking to the specific line of code in the web interface. It is now
possible to share links to specific lines of code at certain revision.
Viewing password-protected PDF files in the web interface. It is now
possible to view password-protected PDF files.
New Export Repository wizard. The new wizard allows for exporting
repositories in the form of hotcopy, dump or compressed dump.
New option to Obtain certificate from Active Directory in the installer.
There is a new option to generate the SSL/TLS certificate from your Active
Directory Certificate Services when you install VisualSVN Server on a domain-
joined computer.
Self-service password changing for Subversion user accounts. VisualSVN
Server 4.0 allows users to change their passwords via the web interface when
your server is configured to use Subversion authentication.
Upgrade and compatibility concerns
Upgrade to VisualSVN Server 4.0 is recommended for all users. Read the
KB149: Upgrading to VisualSVN Server 4.0 article before
upgrading (especially when you upgrade from Standard Edition).
Starting from version 4.0, Standard and Enterprise Editions are replaced
with new Community, Essential and Enterprise licenses. During the upgrade
to version 4.0, your server will automatically switch to the new licensing
model. If you are upgrading from Standard Edition, in most cases it will be
automatically replaced by the free Community license. However, if you use
Windows Authentication or if there are more than 15 Subversion user accounts,
you will need to apply a sufficient Essential or Enterprise license key or
start the 45 days evaluation period. For further details read the article
KB147: How the licensing model changes in VisualSVN Server 4.0 for more information.
Starting from VisualSVN Server 4.0, the repository web interface no longer
supports Internet Explorer 10. You need to upgrade to Internet Explorer
11 or use another supported browser with the repository web interface. Read
the article KB151: Browsers supported by VisualSVN Server Web Interface for more
information.
Word is either registered trademark or trademark of Microsoft Corporation
in the United States and/or other countries.
Illustrator and Photoshop are either registered trademarks or trademarks
of Adobe in the United States and/or other countries.
We are glad to announce the release of VisualSVN 7.0.1 patch update. This
update fixes a bug with the Pending Changes window not being displayed
correctly when Visual Studio 2019
is configured for per-monitor DPI awareness.
There are a number of security vulnerabilities addressed in Apache HTTP
Server 2.4.39 patch release. However none of them affect up-to-date
VisualSVN Server installations. Nevertheless, we recommend that VisualSVN
Server users update to the new builds.
You can get the latest version of VisualSVN Server on the official
download page.
Choose the appropriate maintenance build if you do not want to perform a
significant upgrade right now:
Other version families of VisualSVN Server are not supported and
maintenance updates are not available for them. It is strongly
recommended to upgrade to VisualSVN Server 3.9.5 if you are using any
version family older than 3.9.x. Read the
KB138: Upgrading to VisualSVN Server 3.9 article
before upgrading.
We are happy to announce the release of VisualSVN 7.0 which is now fully
compatible with Visual Studio 2019.
Upgrade to VisualSVN 7.0 is necessary if you are switching to Visual Studio
2019. Professional and Site licenses issued before December 4th, 2018
require an upgrade purchase for VisualSVN 7.0. The upgrade to VisualSVN 7.0
is free if you use VisualSVN under the Community license.
Support for Visual Studio 2019
VisualSVN 7.0 enables full integration with Visual Studio 2019. All
VisualSVN features are now fully compatible with Visual Studio 2019.
Upgrading existing licenses to VisualSVN 7.0
VisualSVN 6.x licenses issued on or after December 4th, 2018 are eligible
for a free upgrade to VisualSVN 7.0. Commercial licenses issued before
December 4th, 2018 require an upgrade purchase for VisualSVN 7.0. The
current upgrade price is $49 for the Professional License and $1950 for
the Site License.
The upgrade to VisualSVN 7.0 is free if you use VisualSVN under the
Community license.
You can download the latest VisualSVN 7.0 build at the official
download page.
You can also purchase an upgrade to VisualSVN 7.0 using the
online purchase form.
We are glad to announce the release of VisualSVN and VisualSVN Server
updates linked with OpenSSL 1.0.2r that contain a fix for the
CVE-2019-1559
vulnerability. Up-to-date VisualSVN Server installations are potentially
affected by this vulnerability and we recommend all users update to the
new builds.
There are a number of security vulnerabilities addressed in this patch
release, but up-to-date VisualSVN Server installations are potentially
affected only by the
CVE-2019-1559
vulnerability. Despite this vulnerability having medium severity, we
strongly recommend that VisualSVN Server users update to the new builds.
It is also recommended to upgrade to version 3.9.4 if you are using an
earlier version family of VisualSVN Server. Please, read
VisualSVN Server 3.9 Release Notes
to find out what's new in the latest release. For detailed
upgrade instructions please consider the
KB138: Upgrading to VisualSVN Server 3.9 knowledge base
article.
Choose an appropriate patch build if you do not want to perform a
significant upgrade right now:
Other version families of VisualSVN Server are not supported and
maintenance updates are not available for them. It is strongly
recommended to upgrade to VisualSVN Server 3.9.4 if you are using any
version family older than 3.8.x. Read the
KB138: Upgrading to VisualSVN Server 3.9 article
before upgrading.
Update for VisualSVN (a plug-in for Visual Studio)
You can download the latest VisualSVN 6.3.1 (for Visual Studio 2017) and 5.3.1
(Visual Studio 2015 and older) from the official
download page.
Please note that you may be required to purchase an upgrade to VisualSVN 6.3.x
or 5.3.x in case you are using VisualSVN 4.0.x or older versions. The upgrade is
free if you are using VisualSVN under the Community License. For further details,
please check the VisualSVN plug-in Licensing page.
We are glad to announce the availability of VisualSVN Server 3.9.3. This
patch release includes updates to Apache Subversion 1.10.4, Apache HTTP
Server 2.4.38 and OpenSSL 1.0.2q.
This update fixes several security vulnerabilities, but up-to-date VisualSVN
Server installations are potentially affected only by
CVE-2018-5407
and CVE-2017-12613.
The risks are relatively low, because exploiting these vulnerabilities
requires write access to repositories or local access to the server computer.
Nevertheless, we highly recommend that VisualSVN Server users update
to the new builds.
You can get the latest version of VisualSVN Server on the official
download page.
We also recommend to upgrade to version 3.9.3 if you are using an earlier
version family of VisualSVN Server. Please, read
VisualSVN Server 3.9 Release Notes to
find out what's new in the latest release. For detailed upgrade instructions,
please consider the KB138: Upgrading to VisualSVN Server 3.9
knowledge base article.
Choose an appropriate patch build if you do not want to perform a significant
upgrade right now:
Other version families of VisualSVN Server are not supported and maintenance
updates are not available for them. It is strongly recommended to upgrade
to VisualSVN Server 3.9.3 if you are using any version family older than 3.8.x.
Read the KB138: Upgrading to VisualSVN Server 3.9 article before
upgrading.
We are glad to announce the release of VisualSVN 6.3 and 5.3
that bring an update to the latest regular (non-LTS) Apache Subversion
1.11 release, which introduces improvements to the conflict resolver and
provides various enhancements and bug fixes. Please
consider the
Apache Subversion 1.11 Release Notes for the complete list of notable
improvements.
If you are using Visual Studio 2017, you should upgrade to
VisualSVN 6.3. See the
VisualSVN 6.3.0 changelog for the complete list of changes.
If you are using Visual Studio 2015 or older, you should upgrade to
VisualSVN 5.3. See the
VisualSVN 5.3.0 changelog for the complete list of changes.
You can download VisualSVN 6.3 and 5.3 on the official
download page.
What’s new in Apache Subversion 1.11
The main changes introduced in Apache Subversion 1.11 are:
Improvements to the conflict resolver. The interactive conflict
resolver now may automatically handle scenarios with moved files and
folders when tree conflict reports a "locally missing" item while merging.
Note that Apache Subversion 1.11 is a non-LTS release, which is the
first of the new 6-month regular releases with an emphasis on introducing
new features more quickly and with a shorter support period. See the details
on the
Apache Subversion Roadmap page.
Upgrade and compatibility concerns
The upgrade procedure is simple, straightforward and does not require
upgrading your working copies. To fully benefit from the improvements made
in Apache Subversion 1.11, please upgrade to the latest TortoiseSVN builds.
You can download the latest TortoiseSVN builds at the dedicated
download page.
Since Apache Subversion 1.11 does not introduce any significant server-side
improvements, VisualSVN 6.3 and 5.3 are fully compatible with servers based
on Apache Subversion 1.10.
Upgrading existing licenses to VisualSVN 6.3 and 5.3
You need to upgrade your license if it was purchased before March 30th, 2016.
The current upgrade price is $49 for the Professional License and $1950 for
the Site License. You can purchase an upgrade using the
online purchase
form.
The upgrade to VisualSVN 6.3 and 5.3 is free if you use VisualSVN
under the Community license. All paid licenses issued on or after
March 30th, 2016 are also eligible for a free upgrade.
We are glad to announce the availability of patch releases for VisualSVN
products. VisualSVN Server and VisualSVN (a plug-in for Visual Studio) are
now based on the Apache Subversion 1.10.3. Besides of this, relevant
products are updated to Apache HTTP Server 2.4.35, OpenSSL 1.0.2p and
Expat XML parser 2.2.6.
Updating to OpenSSL 1.0.2p and Expat XML parser 2.2.6 fixes several
vulnerabilities. The most notable of them are
CVE-2018-0732,
CVE-2018-0737,
CVE-2017-9233,
CVE-2016-9063.
These CVEs are of low severity
in context of the VisualSVN products. However, we still recommend that all
VisualSVN users update to the new builds.
It is also recommended to upgrade to version 3.9.2 if you are using an
earlier version family of VisualSVN Server. Please, read
VisualSVN Server
3.9 Release Notes to find out what's new in the latest release. For
detailed upgrade instructions, please consider the
KB138: Upgrading to VisualSVN Server 3.9 knowledge base
article.
Choose an appropriate patch build if you do not want to perform a
significant upgrade right now:
Other version families of VisualSVN Server are not supported, and
maintenance updates are not available for them. It is
strongly recommended to upgrade to VisualSVN Server 3.9.2 if you
are using any version family older than 3.8.x. Read the
KB138: Upgrading to VisualSVN Server 3.9
article before upgrading.
Update for VisualSVN (a plug-in for Visual Studio)
You can download the latest VisualSVN 6.2.2 (for Visual Studio
2017), and 5.2.2 (Visual Studio 2015 and older) builds based on
Apache Subversion 1.10.3 at the official
download page.
Please note that you may be required to purchase an upgrade to VisualSVN
6.2.x or 5.2.x in case you are using VisualSVN 4.0.x or older versions.
The upgrade is free if you are using VisualSVN under the Community
License. For further details, please check the
VisualSVN plug-in Licensing page.
We are announcing End of Support for the VisualSVN Server 3.7.x version
family that will happen on 31st August 2018. Users that are running
VisualSVN Server 3.7.x or earlier should plan an upgrade to the latest
VisualSVN Server 3.9.x builds.
The whole product family of VisualSVN Server continues to be actively
developed. We continue to provide maintenance updates and support for
VisualSVN Server 3.9.x which is the most recent version family and is
linked with up-to-date Apache HTTP Server 2.4.x and Apache Subversion
1.10.x. We also provide support and release updates for VisualSVN Server
3.8.x that is linked with Apache Subversion 1.9.x.
What is more, we are working on substantial improvements and exciting new
features that are going to be introduced in the next updates.
Upgrade and compatibility concerns
VisualSVN Server 3.9 is linked with the latest Subversion 1.10.x release
while VisualSVN Server 3.7 is linked with Subversion 1.9.x. It is highly
recommended to read the article
KB138: Upgrading to VisualSVN Server 3.9
before upgrading.
The upgrade is free for Standard Edition users and all customers who have
an active maintenance subscription for VisualSVN Server Enterprise Edition
licenses.
We are glad to announce the availability of patch releases for VisualSVN
products. VisualSVN Server and VisualSVN (a plug-in for Visual Studio) are
now based on the most up-to-date Apache Subversion 1.10.2. Besides of
this, VisualSVN Server has been updated to the most recent Apache HTTP
Server 2.4.34.
Apache HTTP Server 2.4.34 patch release addresses the
CVE-2018-1333 and
CVE-2018-8011
DoS vulnerabilities found in mod_http2 and mod_md modules.
Up-to-date VisualSVN Server installations are not affected by
CVE-2018-1333 and
CVE-2018-8011
because the server does not contain the modules affected by the
vulnerabilities. Nevertheless, we recommend that VisualSVN Server users
update to the new builds.
It is also recommended to upgrade to version 3.9.1 if you are using an
earlier version family of VisualSVN Server. Please, read
VisualSVN Server 3.9 Release Notes
to find out what's new in the latest release. For detailed
upgrade instructions please consider the
KB138: Upgrading to VisualSVN Server 3.9 knowledge base
article.
Choose an appropriate patch build if you do not want to perform a
significant upgrade right now:
Other version families of VisualSVN Server are not supported and
maintenance updates are not available for them. It is strongly
recommended to upgrade to VisualSVN Server 3.9.1 if you are using any
version family older than 3.7.x. Read the
KB138: Upgrading to VisualSVN Server 3.9 article
before upgrading.
Update for VisualSVN (a plug-in for Visual Studio)
You can download the latest VisualSVN 6.2.1 (for Visual Studio 2017) and 5.2.1
(Visual Studio 2015 and older) builds based on Apache Subversion 1.10.2 at
the official download page.
Please note that you may be required to purchase an upgrade to VisualSVN 6.2.x
or 5.2.x in case you are using VisualSVN 4.0.x or older versions. The upgrade is
free if you are using VisualSVN under the Community License. For further details,
please check the VisualSVN plug-in Licensing page.
We are glad to officially announce VisualSVN Server 3.9 and new versions
of VisualSVN for Visual Studio that include an upgrade to Apache
Subversion 1.10 and other important enhancements.
Apache Subversion 1.10 is a major Apache Software Foundation release, and
its main new features are LZ4 compression and the new
interactive tree-conflict resolver. These and other new features
are seamlessly integrated into VisualSVN products; you can find more
details about them below.
Upgrade to the latest VisualSVN Server and VisualSVN plug-in is
recommended for all users:
Apache Subversion 1.10 is a major Apache Software Foundation release that
provides the following main improvements:
LZ4 compression. Subversion 1.10 introduces support for LZ4
compression that can provide a noticeable performance boost —
especially when working with large binary files. Subversion
automatically compresses data in repositories and on the wire using
LZ4 algorithm when both server and client use Subversion 1.10. Existing
Subversion repositories require a format upgrade to allow using LZ4
compression.
Interactive tree-conflict resolver. The new conflict resolver
offers a variety of automated tree conflict resolution options which
users can choose from. When tree conflicts cannot be resolved
automatically, Subversion 1.10 offers an interactive resolver and
provides a detailed tree conflict information including revision numbers
and names of authors of conflicting changes. Using the new tree conflict
resolver requires an upgraded Subversion 1.10 client.
VisualSVN Server 3.9 includes the performance improvements implemented in
Subversion 1.10, as well as a number of additional performance-related
enhancements:
Significantly reduced CPU usage for HTTP compression during common
operations.
Improved performance over WAN on Windows Server 2012 and later.
Improved commit performance into slave VDFS repositories.
Reduced amount of I/O operations when working with large files.
Cumulatively with the core SVN 1.10 changes, these changes provide a
50-100% performance boost that is most noticeable for commit operations.
For more detailed information, please read the
VisualSVN Server 3.9 Release Notes.
Upgrade to VisualSVN Server 3.9 is recommended for all users. The upgrade
is easy and straightforward, but existing Subversion repositories
require format upgrade to fully benefit from upgrading to VisualSVN
Server 3.9. For further details, please read the
KB138: Upgrading to VisualSVN Server 3.9 article.
Upgrade for VisualSVN (a plug-in for Visual Studio)
Select the appropriate VisualSVN plug-in version to install depending on
Visual Studio version you have:
If you are using Visual Studio 2017, you should upgrade to
VisualSVN 6.2.
If you are using Visual Studio 2015 or older, you should upgrade
to VisualSVN 5.2.
The upgrade procedure is simple, straightforward and does not require
upgrading your working copies. To fully benefit from the improvements made
in Apache Subversion 1.10, please do not forget to upgrade to the latest
TortoiseSVN builds available on the
download page. For more detailed
information, please read the
VisualSVN 6.2 Release Notes.
We are glad to announce the availability of VisualSVN Server 3.8.1 patch
update that incorporates the upgrade to OpenSSL 1.0.2o and Apache HTTP
Server 2.4.33.
There are a number of security vulnerabilities addressed in the
aforementioned OpenSSL 1.0.2o and Apache HTTP Server 2.4.33 patch
releases, but none of them affect up-to-date VisualSVN Server
installations. Nevertheless, we recommend that VisualSVN Server users
update to the new builds.
You can get the latest version of VisualSVN Server on the official
download page.
Choose the appropriate maintenance build if you do not want to perform a
significant upgrade right now:
Other version families of VisualSVN Server are not supported and
maintenance updates are not available for them. It is strongly
recommended to upgrade to VisualSVN Server 3.8.1 if you are using any
version family older than 3.7.x. Read the
KB130: Upgrading to VisualSVN Server 3.8 article
before upgrading.
We are happy to announce VisualSVN 6.1 that introduces the new Quick
Commit feature. This feature allows you to perform partial commits for
changes such as typo-fixes or code comments without losing focus on the
main task. The new Quick Commit feature delivers a huge usability boost
for your daily workflow with Visual Studio and VisualSVN.
You can partially commit selected changes in a file using the new 'Commit
this Block' and 'Commit Selection' context menu commands in the Visual
Studio editor. The behavior of new commands is synchronized with the
VisualSVN’s Quick Diff markers and the related context menu commands.
VisualSVN 6.1 also includes other changes and a number of bug fixes.
See the changelog for the complete
list of changes.
Download the latest VisualSVN 6.1 build at the official
download page.
Upgrading to VisualSVN 6.1
All professional VisualSVN 6.0 licenses are eligible for a free upgrade to
VisualSVN 6.1. The upgrade is also free if you use VisualSVN under the
Community license.
VisualSVN 5.x licenses issued on or after March 30th, 2016 are eligible
for a free upgrade too. Please note that VisualSVN 6.x supports only
Visual Studio 2017 and is not available for older versions of Visual
Studio.
We are happy to announce the release of VisualSVN Server 3.8 that brings
the following notable enhancements to the
Backup and Restore feature:
Backup encryption. Encryption allows you to protect the backups
and guarantees that only authorized users can decrypt and access the
data. VisualSVN Server uses strong AES-128 or AES-256 backup encryption
algorithms. Read the article KB132: Understanding backup encryption
for more information.
Backup to a network share using custom credentials. It is
possible to use custom credentials when making backups to a remote file
share. Custom credentials are available both for one-time backups and
for background backup jobs.
Upgrade to VisualSVN Server 3.8 is recommended for all users. The upgrade
is easy and straightforward, but we strongly advise you to read the
KB130: Upgrading to VisualSVN Server 3.8
article beforehand (especially if you are upgrading from versions older
than VisualSVN Server 3.0).
There are other significant enhancements in VisualSVN Server 3.8:
Wizard to obtain the SSL certificate from Active Directory
Certificate Services. The new wizard allows requesting and installing an SSL certificate
signed by your Active Directory certificate authority in a Next - Next - Finish manner.
Read the article
KB134: Configuring SSL Certificates for VisualSVN Server
for more information.
Viewing PDF documents in the repository web interface. The web
interface now automatically renders and displays PDF files in your
repositories.
Upgrade to VisualSVN Server 3.8 is recommended for all users. Read the
KB130: Upgrading to VisualSVN Server 3.8 article before
upgrading. The upgrade is free for Standard Edition users and all
customers who have an active maintenance subscription for VisualSVN Server
Enterprise Edition licenses.
We recommend that you make sure that the PowerShell 4.0 or later is
installed on the server computer with VisualSVN Server 3.8. It is
required to create and restore encrypted backups or provide custom
credentials for remote backup destinations when using the
Backup-SvnRepository
and
Restore-SvnRepository
PowerShell cmdlets.
We are announcing End of Support for VisualSVN Server 3.5.x and 3.6.x
version families on 28th February 2018. Users that are running
VisualSVN Server 3.6.x or earlier should plan an upgrade to the latest
VisualSVN Server 3.7.x builds.
VisualSVN Server 3.5.x and 3.6.x version families are linked with Apache
HTTP Server 2.2. With the release of version 2.2.34, Apache HTTP Server
2.2
officially reached End of Life and will not receive security or bug
fix updates anymore. Consequently, VisualSVN Server 3.5.x and 3.6.x release
families reach their End of Support too.
The whole product family of VisualSVN Server continues to be actively
developed. We continue to provide maintenance updates and support for
VisualSVN Server 3.7.x which is the most recent version family and is
linked with up-to-date Apache HTTP Server 2.4.x and Apache Subversion
1.9.x. What is more, we are working on substantial improvements and
exciting new features that are going to be introduced in the next updates.
Upgrade and compatibility concerns
From the Subversion compatibility point of view, no issues are expected
because VisualSVN Server 3.7.x, 3.6.x and 3.5.x version families are all
based based on the Apache Subversion 1.9.
However, VisualSVN Server 3.7 brings an upgrade to Apache HTTP Server
2.4 and makes significant changes to the httpd.conf file. In case your
server's httpd-custom.conf was modified, these customizations may break
after the upgrade or may prevent VisualSVN Server 3.7 services from
starting. It is highly recommended to read the article
KB116: Upgrading to VisualSVN Server 3.7 before upgrading.
The upgrade is free for Standard Edition users and all customers who have
an active maintenance subscription for VisualSVN Server Enterprise Edition
licenses.
We are glad to announce the release of VisualSVN Server updates built
with OpenSSL 1.0.2n. These updates contain cumulative fixes for four
OpenSSL CVEs:
CVE-2017-3735,
CVE-2017-3736,
CVE-2017-3737,
CVE-2017-3738.
Up-to-date VisualSVN Server installations are potentially affected by the
CVE-2017-3737 and the
CVE-2017-3738.
The severity and actual risks are considered to be low. Nevertheless, we
recommend that VisualSVN Server users update to the new builds.
You can get the latest VisualSVN Server 3.7.1 version at the
main download page.
Note that the VisualSVN Server 3.7.1 update was silently available for
download at the time of the official announcement of the latest VisualSVN
Server 3.7 version family. Please, read the
VisualSVN Server 3.7 Release Notes
to find out what's new in the latest release.
We recommend upgrading to the latest version 3.7.1 if you are using an
earlier version family of VisualSVN Server because older version families
3.6.x and 3.5.x will soon reach End of Support (the announcement is
coming). For upgrade instructions, please consider the
KB116: Upgrading to VisualSVN Server 3.7 knowledge base
article.
However, if you do not want to perform a significant upgrade right now,
you can choose an appropriate maintenance build below:
We are happy to announce the release of VisualSVN Server 3.7 that brings
the following major enhancements for the
Multisite Repository
Replication feature which is based on the VisualSVN Distributed File
System (VDFS) technology:
Certificate-based authentication for VDFS replication that allows
you to replicate Subversion repositories in a non-domain environment.
Shared and local authorization profiles for VDFS repositories
that allow you to have separate permission settings for master and slave
repositories.
There are also other significant improvements related to various VisualSVN
Server features, including an upgrade to Apache HTTP Server 2.4.x
and a reworked dynamic HTTP compression. For the complete list of changes
see the VisualSVN Server 3.7.0 changelog.
Upgrade to VisualSVN Server 3.7 is recommended for all users. The upgrade
is easy and straightforward, but we strongly advise you to read the
KB116: Upgrading to VisualSVN Server 3.7 article beforehand
(especially if you are upgrading from versions older than VisualSVN Server
3.0).
Certificate-based authentication for VDFS replication
In the previous versions of VisualSVN Server, you were able to configure
VDFS replication only if both master and slave servers reside in the same
Active Directory domain or if there is a trust between the domains.
VisualSVN Server 3.7 introduces the certificate-based authentication for
the VDFS replication that allows you to configure the repository
replication in a non-domain environment.
The new certificate-based authentication conforms to the high security
standards and supports strong encryption on the wire and mutual
authentication between the master and slave servers.
This new feature dramatically improves the applicability of the VDFS
replication and allows you to use it in virtually any environment. For
example, now you can easily configure cross-organizational replication or
replication to a DMZ server.
Shared and Local authorization profiles for VDFS repositories
In the previous versions of VisualSVN Server, the access permissions used
for the Windows authentication were always replicated from a master
repository to the connected slave repositories. VisualSVN Server 3.7
introduces shared and local authorization profiles for
distributed VDFS repositories that allows you to have separate
(non-replicated) access permissions for master and slave repositories.
Separate authorization profiles for distributed repositories is a must
have feature if you are configuring VDFS replication in a cross-domain
environment.
Upgrade to VisualSVN Server 3.7 is recommended for all users. Read the
KB116: Upgrading to VisualSVN Server 3.7 article before
upgrading. The upgrade is free for Standard Edition users and all
customers who have an active maintenance subscription for VisualSVN Server
Enterprise Edition licenses.
The minimum supported operating systems for VisualSVN Server 3.7 are
Windows Server 2008 R2 and Windows 7. You are required to upgrade
the operating system if you are still using Windows Server 2008 or Windows
Vista on the computer where VisualSVN Server is installed.
We are glad to announce the release of VisualSVN 6.0.4 and 5.1.9 patch
updates. The newest updates fix a potential crash when working with C++
projects. This problem has been resolved in VisualSVN 6.0.4 and 5.1.9.
The update is recommended for all users. Select the appropriate
VisualSVN plug-in version to install:
The users of Visual Studio 2017 should install VisualSVN 6.0.4.
See the changelog for the complete list of changes.
The users of Visual Studio 2015 and older should install VisualSVN 5.1.9.
See the changelog for the complete list of changes.
You can get the latest version of VisualSVN at the official
download page.
We are glad to announce the availability of patch releases for VisualSVN products
based on the Apache Subversion 1.9.7. The Subversion 1.9.7 patch release addresses
the critical CVE-2017-9800
client remote code execution vulnerability.
Up-to-date VisualSVN Server installations are not affected by
CVE-2017-9800,
as it is a client-side vulnerability. However, the Apache Subversion command-line client
tools packaged with the VisualSVN Server ('svn.exe', 'svnsync.exe', 'svnrdump.exe')
are vulnerable. Therefore, we highly recommend to update to the newest VisualSVN
Server builds.
Up-to-date VisualSVN 6.0.x and 5.1.x (plug-in for Visual Studio) builds are affected
by CVE-2017-9800
vulnerability. We highly recommend updating to the newest VisualSVN 6.0.3 or 5.1.8 builds.
Please note that TortoiseSVN versions prior to 1.9.7 are also affected by this security
vulnerability, and we highly recommend upgrading to the most recent
TortoiseSVN 1.9.7 that is not vulnerable to
CVE-2017-9800.
It is also recommended to upgrade to version 3.6.4 if you are using an
earlier version family of VisualSVN Server. Please read
VisualSVN Server 3.6 Release Notes
to find out what's new in the latest release. For detailed
upgrade instructions please consider the
KB103: Upgrading to VisualSVN Server 3.6 knowledge base
article.
If you are using VisualSVN Server 3.5.x and do not want to perform a significant
upgrade right now, you should update to VisualSVN
Server 3.5.12.
VisualSVN Server 3.3.x and 3.4.x version have reached
End
of Support on December 31, 2016. Therefore, there are no updates available
for these version families. It is strongly recommended to upgrade to
VisualSVN Server 3.6.4 if you are using a 3.4.x or any of the older versions.
Update for VisualSVN (a plug-in for Visual Studio)
You can download the latest VisualSVN 6.0.3 (for Visual Studio 2017) and 5.1.8
(Visual Studio 2015 and older) builds based on Apache Subversion 1.9.7 at the
official download page.
Please note that you may be required to purchase an upgrade to VisualSVN 6.0.x
or 5.1.x in case you are using VisualSVN 4.0.x or older versions. The upgrade is
free if you are using VisualSVN under the Community License. For further details,
please check the VisualSVN plug-in Licensing page.
We are glad to announce the availability of VisualSVN Server 3.6.3 patch
release that incorporates the upgrade to Apache HTTP Server 2.2.34 with
fixes for a number of security vulnerabilities.
Comparing to the Apache HTTP Server 2.2.32 that was used in the previous
VisualSVN Server 3.6.x build, the Apache HTTP Server 2.2.34 provides fixes
for five CVEs. Up-to-date VisualSVN Server installations are affected by
the CVE-2017-7668
and CVE-2017-7679 security vulnerabilities that potentially
allow remote attackers to cause remote code execution. Exploiting these
vulnerabilities does not require the attacker to be authenticated on the target
server, so upgrade to VisualSVN Server 3.6.3 is highly recommended for all users.
You can get the latest version of VisualSVN Server on the official
download page.
Choose the appropriate maintenance build if you do not want to perform
a significant upgrade right now:
Other version families of VisualSVN Server are not supported and maintenance
updates are not available for them. It is strongly recommended to upgrade
to VisualSVN Server 3.6.3 if you are using a 3.4.x or any of the older versions.
Read the KB103: Upgrading to VisualSVN Server 3.6 article before
upgrading.
We are glad to announce the release of VisualSVN Server 3.6.1. This patch
update includes important changes that improve how VDFS replication behaves
on intermittent or otherwise unreliable network connections. The update
also resolves an issue that may cause client connection failures when
server hostname contains an underscore ('_') character. See the
changelog for the complete list of
changes in VisualSVN Server 3.6.1.
The upgrade to the VisualSVN Server 3.6.1 is recommended for all
VisualSVN Server users. You can get the latest version of VisualSVN
Server at the official download page.
Today we are announcing the upcoming update of the maintenance renewal
policy for VisualSVN Server Enterprise Edition licenses. Starting from
August 1, 2017, to qualify for the 50% discounted renewal pricing, the
maintenance must be renewed no later than 90 days after its
expiration.
The current renewal policy allows Enterprise Edition users to renew the
maintenance regardless of how long ago it expired. However, since a
maintenance renewal always commences from the end of the previous
maintenance period, this often leads to the following misunderstanding.
The renewed maintenance may expire earlier than expected by the users if
they renew a long time expired license. For more details, please read the
description of the VisualSVN
Server Maintenance.
Beginning on August 1, 2017, to qualify for the 50% discounted renewal
pricing the maintenance must be renewed no later than 90 days after its
expiration. If your maintenance expired more than 90 days ago,
maintenance renewal would not be available and you would be required to
purchase a new license in order to get access to newer versions of
VisualSVN Server.
The updated maintenance renewal policy helps to avoid confusion for users
who do not renew the maintenance on a regular basis. At the same time, the
90 day grace period allows you to renew the maintenance with discounted
price without haste.
What is the VisualSVN Server maintenance?
All VisualSVN Server Enterprise Edition licenses include at least 12
months of software maintenance. Active maintenance gives you free access
to all newer VisualSVN Server versions, including bug fix and security
releases. When the maintenance period ends, all enterprise-grade VisualSVN
Server features continue to work properly but updates to newer versions
become unavailable.
The change in maintenance renewal policy does not affect users who renew
their VisualSVN Server Enterprise Edition licenses on a regular basis.
However, if your maintenance subscription expired more than 60 days ago, we
would advise you to renew it without any further delay.
To renew the maintenance for your VisualSVN Server Enterprise Edition
license, please go to the
VisualSVN Server purchase page.
We are glad to announce the release of VisualSVN 6.0.1 and 5.1.7 patch
updates. The newest updates implement a fix for a problem that may occur
in Visual Studio 2017 and 2015: VisualSVN sometimes writes irrelevant
warnings to the Output window when navigating through the C++ source
code files. This problem has been resolved in VisualSVN 6.0.1 and 5.1.7.
The update is recommended for all users. Select the appropriate
VisualSVN plug-in version to install:
The users of Visual Studio 2017 should install VisualSVN 6.0.1.
See the changelog for the complete list of changes.
The users of Visual Studio 2015 and older should install VisualSVN 5.1.7.
See the changelog for the complete list of changes.
You can get the latest version of VisualSVN at the official
download page.
We are happy to announce VisualSVN Server 3.6 release that brings the following
main new features and enhancements:
Backup and Restore for Subversion repositories.
Background Job Service.
Configurable TLS/SSL encryption levels.
There are many other significant improvements related to various VisualSVN Server
features, some of which are listed below. For the complete list of changes
see the VisualSVN Server 3.6.0 changelog.
Upgrade to VisualSVN Server 3.6 is recommended for all users. Upgrade is easy
and straightforward, but we strongly advise that you read the
KB103: Upgrading to VisualSVN Server 3.6 article beforehand
(especially if you are upgrading from versions older than VisualSVN
Server 3.0).
Backup and Restore for Subversion repositories
VisualSVN Server 3.6 introduces the Backup and Restore feature that supports
scheduled full and incremental backups and provides an easy, fast and straightforward
way to restore them when needed. The feature helps you make daily backups of
the repositories of any size. What is more, the Backup and Restore feature in
VisualSVN Server is very easy to setup and maintain.
The Backup and Restore feature was specifically designed for Subversion
repositories and enables highly effective hot backup capabilities. In
conjunction with scheduled repository verification, the Backup and Restore
feature provides a reliable data protection from human errors and software or
hardware failures.
Setting up the backup for your Subversion repositories from scratch is only a
matter of minutes. For step-by-step instructions, please see the article
KB106: Getting started with Backup and Restore.
Background Job Service
VisualSVN Server 3.6 introduces built-in support for background jobs. This
feature allows you to easily schedule background jobs for routine maintenance
operations such as repository backup and verification. VisualSVN
Server Manager provides a simple but powerful interface that allows you to
configure and maintain multiple background jobs with different schedules.
More background job types are expected to be available in the future releases
of VisualSVN Server.
Configurable TLS/SSL encryption levels
VisualSVN Server 3.6 allows you to harden TLS/SSL security settings as much
as possible with respect to compatibility requirements in your environment. The
TLS/SSL compatibility option is available on a Network tab on VisualSVN Server
Properties dialog and allows you to choose from three compatibility levels that
enable certain protocol versions and cipher suites: Modern, Intermediate and
Legacy. These compatibility levels correspond to the recommendations provided
by
Mozilla's Operations Security group
Upgrade to VisualSVN Server 3.6 is recommended for all users. Read the
KB103: Upgrading to VisualSVN Server 3.6 article before
upgrading. Upgrade is free for Standard Edition users and all customers
who have an active maintenance subscription for VisualSVN Server
Enterprise Edition licenses.
We are pleased to announce the release of VisualSVN 6.0 which is now fully
compatible with Visual Studio 2017. In addition to supporting Visual Studio
2017, VisualSVN 6.0 brings the following new features and improvements:
Integration with the version control status bar.
Package and distribute VisualSVN as a VSIX extension.
VisualSVN 6.0 also includes several bug fixes, improvements and UI
enhancements. See the changelog for the
complete list of changes.
Upgrade to VisualSVN 6.0 is necessary if you are switching to Visual Studio
2017. Professional and Site licenses issued before March 30th, 2016
require an upgrade purchase for VisualSVN 6.0. The upgrade to VisualSVN 6.0
is free if you use VisualSVN under the Community license.
Support for Visual Studio 2017
VisualSVN 6.0 enables full integration with Visual Studio 2017. All the
features of VisualSVN are now compatible with the newest Visual Studio release,
including support for the new .NET Core projects and other enhancements.
VisualSVN 6.0 integrates with version control status bar in the lower
right-hand corner of Visual Studio 2017. The integration adds information
about the number of changed files in the working copy, displays the current
branch name, helps you to add your solution to Subversion and also provides
branch, switch and merge commands.
Package and distribute VisualSVN as a VSIX extension
VisualSVN 6.0 is now shipped as a Visual Studio Extension Package (VSIX).
Compared to MSI-based deployment used in VisualSVN 5.x and earlier versions,
the new VSIX deployment model brings several enhancements such as automatic
updates and installation by non-admin users.
As a result of moving to VSIX package, VisualSVN 6.0 does not include Apache
Subversion command-line tools anymore. You can download standalone command-line
Subversion tools for Windows from our downloads page.
Please also note that VisualSVN 6.0 does not support integration with
Visual Studio 2015 and earlier versions. However, the new VSIX package can
be installed side-by-side with the old MSI-based installation, so you can
continue using VisualSVN 5.1.x for Visual Studio 2015 and older.
Upgrading existing licenses to VisualSVN 6.0
VisualSVN 5.x licenses issued on or after March 30th, 2016 are eligible
for a free upgrade to VisualSVN 6.0. Commercial licenses issued before
March 30th, 2016 require an upgrade purchase for VisualSVN 6.0. The
current upgrade price is $49 for the Professional License and $1950 for
the Site License.
The upgrade to VisualSVN 6.0 is free if you use VisualSVN under the
Community license.
You can download the latest VisualSVN 6.0 build at the official
download page.
You can also purchase an upgrade to VisualSVN 6.0 using the
online purchase form.
The first practical collision of the SHA-1 hash function has been recently
discovered and demonstrated. Researchers were able to construct two SHA-1
colliding files - the files with different content sharing identical hash
value. Committing such two files with identical SHA-1 hash values will
result in Subversion repository corruption caused by auxiliary data deduplication
functionality. Up-to-date VisualSVN Server instances are vulnerable to this
problem.
VisualSVN Server 3.5.10 hotfix patch update implements a workaround for
the problem. The upgrade to the latest VisualSVN Server 3.5.10 version is
highly recommended for all users. You can get the latest
version of VisualSVN Server at the official download page.
How does SHA-1 collision affect VisualSVN Server and Subversion repositories
Beginning with Subversion 1.6, the repositories support representation
sharing (rep-sharing) feature which provides an auxiliary deduplication
for the repository content. Rep-sharing is enabled by default in
repositories created with tools linked with Subversion 1.6 and later.
The current rep-sharing implementation in Subversion uses SHA-1 hash
function in a way that makes collisions result in repository corruption.
This problem can be considered as of medium severity by VisualSVN Server
users. Firstly, the impact of the corruption is limited and isolated - the
corruption makes it impossible to checkout a working copy of a repository
subtree that contains one of the SHA-1 collided files. However, there will
be no problems checking out other repository subtrees. Secondly, only
authenticated users who have write permissions to the repositories can
commit the collided files. Thirdly, there are several ways to repair the affected repository.
Another important point is that VisualSVN Server does not use SHA-1 for
security purposes. All the potential problems caused by SHA-1 collision are
limited to rep-sharing.
Mitigating the problem by upgrading to VisualSVN Server 3.5.10
VisualSVN Server 3.5.10 patch update includes a hotfix for the problem.
VisualSVN Server 3.5.10 automatically disables representation sharing
feature for all repositories and this change eliminates any possibility
of corruption caused by SHA-1 collided files.
Disabling rep-sharing does not make significant performance impact and it
does not affect backward and forward compatibility of the server and the
repositories. It is worth noting that disabling rep-sharing does not affect
any other space saving techniques in Subversion such as
cheap copies
and deltification.
Representation sharing is going to be re-enabled in one of the next VisualSVN
Server updates.
You can get the latest version of VisualSVN Server at the official
download page. If you currently use
VisualSVN Server 3.4.x or earlier version, please read the article
KB95: Upgrading to VisualSVN Server 3.5 for upgrade
instructions.
Mitigating the problem without upgrading VisualSVN Server
If you can not upgrade to VisualSVN Server 3.5.10 right now, you can prevent
the corruption by disabling representation sharing feature for all your
repositories manually. To disable this feature, you should edit the
configuration file db\fsfs.conf (or db\data\fsfs.conf for
VDFS repositories) of every repository and set the option enable-rep-sharing
to false:
[rep-sharing]
enable-rep-sharing = false
How does SHA-1 collision affect Subversion working copies
Beginning with Subversion 1.7, SVN clients use SHA-1 hash function to recognize
files with identical content and deduplicate them in a working copy's
pristine storage. If you use an up-to-date SVN client to checkout a working
copy with SHA-1 collided files, all these files will have identical content.
This problem can be considered as of low importance. The discovered collision
enables generating SHA-1 collided file pairs, but the generating a file with
a specific hash value is not practically possible. In other words, it is impossible
that the content of a regular file will be silently replaced due to SHA-1 collision.
The problems that affect the working copies are expected to be mitigated
in one of the next Subversion releases.
Other changes in VisualSVN Server 3.5.10
Comparing to the previously announced VisualSVN Server 3.5.7 update, version
3.5.10 incorporates the following changes:
Update to Apache HTTP Server 2.2.32 that provides fixes for two CVEs.
These CVEs do not affect up-to-date and default VisualSVN Server
installations.
Update to OpenSSL 1.0.2k that contains cumulative fixes for three CVEs.
Up-to-date VisualSVN Server installations are potentially affected by
CVE-2017-3732 and CVE-2016-7055. Exploiting these vulnerabilities
requires a significant amount of resources and therefore the actual
risks are considered to be low.
For the complete list of changes in VisualSVN Server 3.5.10 compared to
version 3.5.7, see the VisualSVN Server changelog
for versions 3.5.10, 3.5.9 and 3.5.8.
Up-to-date VisualSVN Server installations are not affected by
CVE-2016-8734 vulnerability. VisualSVN Server does not contain
the mod_dontdothat module that has been found vulnerable. However,
the Apache Subversion command-line client tools packaged with the
VisualSVN Server ('svn.exe', 'svnsync.exe', 'svnrdump.exe') are
vulnerable. Exploiting the client-side vulnerability requires the
client to connect to a compromised server, so the actual risks are
relatively low. Nevertheless, we highly recommend to update to
the newest VisualSVN Server builds.
Up-to-date VisualSVN 5.1.x (plug-in for Visual Studio) builds are
potentially affected by
CVE-2016-8734 vulnerability. Exploiting this vulnerability
requires the client tools to connect to a compromised server, so the
actual risks are relatively low. Nevertheless, we recommend to
update to the newest VisualSVN 5.1.5 build.
It is also recommended to upgrade to version 3.5.7 if you are using an
earlier version family of VisualSVN Server. Please read
VisualSVN Server 3.5 Release Notes
to find out what's new in the latest release. For detailed
upgrade instructions please consider the
KB95: Upgrading to VisualSVN Server 3.5 knowledge base
article.
Choose the appropriate patch build if you do not want to perform a
significant upgrade right now:
VisualSVN Server 3.3.x and 3.4.x version families will reach End of
Support on 31st December 2016. After this date, no updates will be
released for these version families. Users that are running VisualSVN
Server 3.4.x or earlier should plan an upgrade to the latest VisualSVN
Server 3.5.x builds. For further details, please read the
corresponding
End of
Support announcement.
Other version families of VisualSVN Server are not supported and
maintenance updates are not available for them. It is strongly
recommended to upgrade to VisualSVN Server 3.5.7 if you are using a
3.4.x or any of the older versions.
Update for VisualSVN (a plug-in for Visual Studio)
You can download the latest VisualSVN 5.1.5 build based on Apache
Subversion 1.9.5 at the official
download page.
Please note that you may be required to purchase an upgrade to VisualSVN
5.1.x in case you are using VisualSVN 4.0.x or older versions. The upgrade
is free if you are using VisualSVN under the Community License. However,
commercial licenses issued before June 3rd, 2014 have to be upgraded. For
further details please check the
VisualSVN plug-in Licensing page.
VisualSVN Server 3.3.x and 3.4.x version families are linked with OpenSSL
1.0.1. Support for OpenSSL 1.0.1
will be discontinued on 31st December 2016
and it will not receive bug and security fixes anymore.
As a result, we are announcing End of Support for VisualSVN Server 3.3.x
and 3.4.x version families on 31st December 2016. After this date,
no updates will be released for these version families. Users that are
running VisualSVN Server 3.4.x or earlier should plan an upgrade to the
latest VisualSVN Server 3.5.x builds.
The whole product family of VisualSVN Server continues to be actively developed.
We continue to provide maintenance updates and support for VisualSVN
Server 3.5.x which is the most recent version family and is linked with
up-to-date OpenSSL 1.0.2 and Apache Subversion 1.9.x. What is more, we are working on
substantial improvements and exciting new features that are going to be
introduced in the next updates.
Upgrade and compatibility concerns
VisualSVN Server 3.5.x is based on the latest Apache Subversion 1.9.x
release line. The upgrade to VisualSVN Server 3.5.x is highly recommended
for all users.
VisualSVN Server 3.5.x is fully backward compatible with older Subversion
clients. It can read and write to repositories created by earlier versions
as well. There is no need to dump/load or upgrade your repositories.
The upgrade process is simple and straightforward, but it is highly
recommended to read the article KB95: Upgrading to VisualSVN Server 3.5
beforehand. Upgrade is free for Standard Edition users and all customers
who have an active maintenance subscription for VisualSVN Server
Enterprise Edition licenses.
We are glad to announce the availability of VisualSVN Server 3.5.6 patch
release that incorporates the upgrade to OpenSSL 1.0.2j and Apache Serf
1.3.9.
Comparing to the OpenSSL 1.0.2h that was used in the previous VisualSVN
Server 3.5.x build, the OpenSSL 1.0.2j provides fixes for eleven CVEs.
Up-to-date VisualSVN Server installations are affected by the
CVE-2016-6304
security vulnerability that allows remote attackers to cause a denial of
service (unbounded memory usage). Exploiting this vulnerability does not
require the attacker to be authenticated on the target server, so upgrade
to VisualSVN Server 3.5.6 is highly recommended for all users. You
can get the latest version of VisualSVN Server on the official
download page.
Choose the appropriate maintenance build if you do not want to perform a
significant upgrade right now:
Other version families of VisualSVN Server are not supported and
maintenance updates are not available for them. It is strongly
recommended to upgrade to VisualSVN Server 3.5.4 if you are using a
3.2.x or any of the older versions. Read the
KB95: Upgrading to VisualSVN Server 3.5 article before
upgrading.
Several new vulnerabilities have recently been identified and fixed in
the Expat XML parser that is bundled with VisualSVN Server. Some of these
vulnerabilities affect up-to-date VisualSVN Server installations. Among
those, the vulnerability
CVE-2016-0718
with a critical level of severity and that potentially allows
context-dependent attackers to execute arbitrary code via a malformed
input document. Exploiting this vulnerability requires the attacker to be
authenticated on the target server.
The upgrade to the VisualSVN Server 3.5.4 is strongly recommended
for all existing VisualSVN Server users. You can get the latest version
of VisualSVN Server at the official download
page. See the changelog for the
complete list of changes in VisualSVN Server 3.5.4.
Choose the appropriate maintenance build if you do not want to perform a
significant upgrade right now:
Other version families of VisualSVN Server are not supported and
maintenance updates are not available for them. It is strongly
recommended to upgrade to VisualSVN Server 3.5.4 if you are using a
3.2.x or any of the older versions. Read the
KB95: Upgrading to VisualSVN Server 3.5 article before
upgrading.
Up-to-date VisualSVN Server installations are potentially affected
only by the
CVE-2016-2168
vulnerability that could lead to a DoS attack on the server.
Exploiting this vulnerability requires the attacker to be
authenticated on the target server, but does not require read access to
any of the repositories. Therefore, this is a medium risk vulnerability.
Upgrade to the latest VisualSVN Server builds is
highly recommended for all users.
There is also an update to OpenSSL 1.0.2h that provides fixes for
five CVEs. The CVE-2016-2107 vulnerability has high level of severity
and potentially affects up-to-date VisualSVN Server installations. For
further details, please see the
OpenSSL 1.0.2 Series Release Notes.
VisualSVN Server maintenance builds based on Subversion 1.8.16
and OpenSSL 1.0.1t are available too.
It is also recommended to upgrade to version 3.5.3 if you are using an
earlier release of VisualSVN Server. Please read
VisualSVN Server 3.5 Release Notes
to find out what's new in the latest release. For detailed
upgrade instructions please consider the
KB95: Upgrading to VisualSVN Server 3.5 knowledge base
article.
Choose the appropriate patch build if you do not want to perform a
significant upgrade right now:
Other version families of VisualSVN Server are not supported and
maintenance updates are not available for them. It is strongly
recommended to upgrade to VisualSVN Server 3.5.3 if you are using a
3.2.x or any of the older versions.
Update for VisualSVN (a plug-in for Visual Studio)
You can download the latest VisualSVN 5.1.4 build based on Apache
Subversion 1.9.4 at the official
download page.
Please note that you may be required to purchase an upgrade to VisualSVN
5.0.x in case you are using VisualSVN 4.0.x or older versions. The upgrade
is free if you are using VisualSVN under the Community License. However,
commercial licenses issued before June 3rd, 2014 have to be upgraded. For
further details please check our
online upgrade form.
We are glad to announce the availability of VisualSVN Server 3.5.1 patch
release that incorporates the upgrade to OpenSSL 1.0.2g and a number of
other fixes.
Comparing to the OpenSSL 1.0.2e that was used in the previous VisualSVN
Server 3.5.x build, the OpenSSL 1.0.2g provides fixes for eight CVEs.
Most of these vulnerabilities, including CVE-2016-0800
and CVE-2016-0701
that have high level of severity, do not affect VisualSVN Server
installations. The vulnerability CVE-2016-0702
potentially affects up-to-date VisualSVN Server installations, but the
risks are very low. For further details, please see the
OpenSSL 1.0.2 Series Release Notes.
Upgrade to the VisualSVN Server 3.5.1 is recommended for all existing
VisualSVN Server users. You can get the latest version of VisualSVN
Server at the official download page.
Upgrade to the VisualSVN Server 3.5 is recommended for all existing
VisualSVN Server users. Download VisualSVN Server 3.5 at the
main download page.
Faster commits to distributed VDFS repositories
The VisualSVN Distributed File System ensures excellent performance of
all read operations against VDFS repositories. Checking out or updating
working copies and all the other read operations, such as merge, log and
blame are always performed at LAN speeds. VisualSVN Server 3.5 version
further improves performance of write operations against VDFS
repositories. Commits to local VDFS repositories are now completed up
to 10x faster than the corresponding direct commits to remote
repositories. The largest performance improvement is achieved when you
commit a large number of relatively small files.
Customizable repository URLs
Historically, all VisualSVN Server repository URLs included an '/svn'
prefix before the repository name. VisualSVN Server users were forced to
use URLs such as 'https://svn.example.com/svn/MyRepo' to access
the repositories. This is not an issue for most of the new users, but it
could be a significant problem for those who migrate to VisualSVN Server
from other Subversion servers.
This limitation has been resolved in VisualSVN Server 3.5. Starting with
version 3.5 it is possible to remove '/svn' prefix in a repository URL,
specify a custom URL prefix such as '/repos' or keep the default prefix
intact.
New PowerShell Cmdlets
VisualSVN Server 3.5 introduces a number of new PowerShell cmdlets
intended to manage VisualSVN Server settings and repository hooks:
Add-SvnRepositoryHook: adds a new repository hook to Subversion repositories.
Get-SvnRepositoryHook: retrieves a list of the repository hooks configured in VisualSVN Server.
Get-SvnServerConfiguration: returns the configuration settings of a VisualSVN Server instance.
Remove-SvnRepositoryHook: deletes one or more repository hooks.
Set-SvnRepositoryHook: modifies the content of existing repository hooks.
Set-SvnServerConfiguration: modifies the VisualSVN Server configuration settings.
End of Support for VisualSVN Server 2.7.x version family
VisualSVN Server 2.7.x versions are built against OpenSSL 0.9.8 that
is
no longer supported by the OpenSSL Project. So we’re also announcing
End of Support for VisualSVN Server 2.7.x versions. Users
of VisualSVN Server 2.7.x should upgrade to one of the supported
VisualSVN Server versions listed below.
VisualSVN Server 3.5.x
(the most recent release based on Subversion 1.9.x and OpenSSL 1.0.2).
Upgrade and compatibility concerns
Upgrade to VisualSVN Server 3.5 is recommended for all users. Read the
KB95: Upgrading to VisualSVN Server 3.5 article before
upgrading. Upgrade is free for Standard Edition users and all customers
who have an active maintenance subscription for VisualSVN Server
Enterprise Edition licenses.
You should consider a specific upgrade procedure if you are using
VisualSVN Server 3.0 or newer and have distributed repositories based on
VisualSVN Distributed File System. Read the
KB96: Upgrading to VisualSVN Server 3.5 in a multisite environment for further
details.
We are glad to announce the availability of patch releases for VisualSVN
products based on Apache Subversion 1.9.3. Besides
important client side and server side improvements, the Subversion
1.9.3 patch release addresses
CVE-2015-5259 and
CVE-2015-5343
security vulnerabilities. Up-to-date VisualSVN Server installations are
not affected by any of those vulnerabilities. Nevertheless, we highly
recommend to upgrade to the new builds.
There is also an update to OpenSSL 1.0.1q that addresses
CVE-2015-3194 and
CVE-2015-3195.
These vulnerabilities partially affect Apache Subversion client tools
packaged with VisualSVN Server ('svn.exe','svnsync.exe', 'svnrdump.exe').
Exploiting these vulnerabilities requires the client tools to connect to
a malicious server.
VisualSVN Server maintenance builds based on Subversion 1.8.13
and OpenSSL 0.9.8zh with similar fixes are available too. Among
the supported version families of VisualSVN Server, only VisualSVN Server
2.7.x is affected by
CVE-2015-5343.
The vulnerability could lead to a DoS and gives an attacker a way to
execute arbitrary code. At least write access is required to exploit the
mentioned vulnerabilities, so the overall risks for VisualSVN Server
2.7.x users are relatively low. Nevertheless, we highly recommend
upgrading to the new maintenance builds.
It is also recommended to upgrade to version 3.4.3 if you are using an
earlier release of VisualSVN Server. Please read
VisualSVN Server 3.4 Release Notes to
find out what's new in the latest release. For detailed upgrade
instructions please consider the
KB89: Upgrading to VisualSVN Server 3.4
knowledge base article.
Choose the appropriate patch build if you do not want to perform a
significant upgrade right now:
Other version families of VisualSVN Server are not supported and
maintenance updates are not available for them. It is
strongly recommended to upgrade to VisualSVN Server 3.4.3 if you
are using a 3.2.x or any of the older versions.
Update for VisualSVN (a plug-in for Visual Studio)
Up to date VisualSVN 5.1.x builds are partially affected by
CVE-2015-3194 and
CVE-2015-3195
vulnerabilities fixed in OpenSSL 1.0.1q. Exploiting these vulnerabilities
requires the client tools to connect to a malicious server.
In any case, we recommend to upgrade to an up to date VisualSVN 5.1.x build.
You can download the latest VisualSVN 5.1.3 build based on Apache
Subversion 1.9.3 at the official download page.
Please note that you may be required to purchase an upgrade to VisualSVN
5.1.x in case you are using VisualSVN 4.0.x or older versions. The upgrade
is free if you are using VisualSVN under the Community License. However,
Commercial licenses issued before June 3rd, 2014 have to be upgraded. For
further details please check our
online upgrade form.
Upgrade to the VisualSVN Server 3.4 is recommended for all existing
VisualSVN Server users. Download VisualSVN Server 3.4 at the
main download page.
Upgrade to Apache Subversion 1.9
Apache Subversion 1.9 is a major Apache Software Foundation release that
brings a lot of user-visible changes both to the client and server side.
For the complete list of notable improvements please consider
Apache Subversion 1.9 Release Notes.
VisualSVN – a professional grade Subversion integration plug-in for
Microsoft Visual Studio – has been upgraded to Apache Subversion 1.9 as
well. You can download the latest VisualSVN 5.1 at the corresponding
download page.
VisualSVN Server PowerShell Cmdlets
VisualSVN Server 3.4 introduces more than twenty PowerShell cmdlets that
can be used to perform various management tasks related to Subversion
repositories, access rules and VDFS replication. For the brief
description and usage examples of all available cmdlets please consider
the KB88: VisualSVN Server PowerShell Cmdlet Reference article.
PowerShell cmdlets can be used to manage remote VisualSVN Server
instances and are available in all editions of VisualSVN Server,
including the free-of-charge Standard Edition.
Other VisualSVN Server 3.4 changes
VisualSVN Server 3.4 introduces a number of other significant
improvements, such as the following:
Improve disaster recovery capabilities for distributed VDFS
repositories. New PowerShell cmdlets allow changing roles of the
distributed repositories — from master to slave and vice versa, as
well as performing disaster recovery with minimal service
interruption. For further details please consider
KB93: Performing disaster recovery for distributed VDFS repositories article.
Display repository size and other technical details in VisualSVN
Server Manager. This information is available on the new Details
tab in the repository’s Properties dialog.
Improve Markdown support in the Repository Web Interface.
Readme files for the current directory are now displayed
automatically and relative links to other Markdown files or images
are supported. To get a detailed impression please check the
sample
Markdown documentation project hosted on our online demo server.
Preview images in Repository Web Interface. All common image
file formats are supported.
End of Support for VisualSVN Server 2.5.x and 3.2.x version families
Since Subversion 1.7.x version family is no longer supported by the
Apache Software Foundation, we are announcing End of Support for
VisualSVN Server 2.5.x versions. In order to reduce the list of
supported version families, we are also announcing End of Support
for VisualSVN Server 3.2.x version family. Users of
VisualSVN Server 2.5.x and 3.2.x should upgrade to one of the supported
versions listed below.
Upgrading from VisualSVN Server 2.5.x to newer versions may require
additional administrative actions if you have Subversion authentication
enabled on your server. For further details please consider the
KB63 article.
We are going to continue providing maintenance updates for the following
version families:
VisualSVN Server 3.4.x
(the most recent release based on Subversion 1.9.x).
Upgrade and compatibility concerns
VisualSVN Server 3.4 is backward compatible with older Subversion
clients. It can read and write to repositories created by earlier
versions as well, so there is no need to dump/load or upgrade your
repositories.
Upgrade to VisualSVN Server 3.4 is recommended for all users. Read the
KB89: Upgrading to VisualSVN Server 3.4
article before upgrading. Upgrade is free for Standard Edition users and
all customers who have an active maintenance subscription for VisualSVN
Server Enterprise Edition licenses.
We are glad to announce the availability of patch releases for VisualSVN
products based on Apache Subversion 1.8.14. Besides various client
side and server side improvements, the Subversion 1.8.14 patch release
addresses CVE-2015-3184 and
CVE-2015-3187
security vulnerabilities.
Up-to-date VisualSVN Server installations are potentially affected
by CVE-2015-3187
vulnerability only. The vulnerability could reveal hidden repository paths,
but not their contents. Moreover, at least read access is required to
exploit the vulnerability, therefore overall risks for VisualSVN Server
users are low. Nevertheless, we highly recommend to upgrade to the new
builds.
There is also an update to OpenSSL 1.0.1p that addresses
CVE-2015-1793
client side vulnerability that affects Apache Subversion command-line client
tools packaged with VisualSVN Server ('svn.exe', 'svnsync.exe',
'svnrdump.exe').
In addition to the above updates, there is an update to Apache HTTP
Server 2.2.31 with a fix for
CVE-2015-3183
vulnerability that does not affect VisualSVN Server installations.
VisualSVN Server 2.5.26 maintenance build based on Subversion 1.7.21
with similar fixes is availble too.
It is also recommended to upgrade to version 3.3.2 if you are using an
earlier release of VisualSVN Server. Please read
VisualSVN Server 3.3 Release Notes to
find out what's new in the latest release. For detailed upgrade
instructions please consider the
KB85: Upgrading to VisualSVN Server 3.3 knowledge base
article.
Choose the appropriate patch build if you do not want to perform a
significant upgrade right now:
Other version families of VisualSVN Server are not supported and
maintenance updates are not available for them. It is strongly
recommended to upgrade to VisualSVN Server 3.3.2 if you are using a
3.0.x or any of the older versions.
Update for VisualSVN (a plug-in for Visual Studio)
Up to date VisualSVN 5.0.x builds are not affected by any of the security
vulnerabilities mentioned in this announcement. However, VisualSVN 4.0.x or
older builds are potentially affected by
CVE-2015-1793
vulnerability in OpenSSL. Therefore, we recommend to upgrade to an up to
date VisualSVN 5.0.x build.
You can download the latest VisualSVN 5.0.2 build based on Apache
Subversion 1.8.14 at the official download
page.
Please note that you may be required to purchase an upgrade to VisualSVN
5.0.x in case you are using VisualSVN 4.0.x or older versions. The upgrade
is free if you are using VisualSVN under the Community License. However,
Commercial licenses issued before June 3rd, 2014 have to be upgraded. For
further details please check our
online upgrade
form.
We are glad to announce the release of VisualSVN 5.0. The main improvement
of VisualSVN 5.0 is the full support for Visual Studio 2015.
Upgrade to VisualSVN 5.0 is recommended for all existing VisualSVN users.
Note that upgrade purchase is required for commercial VisualSVN licenses
issued before June 3rd, 2014.
Support for Visual Studio 2015
The main improvement of VisualSVN 5.0 is the full support for Visual
Studio 2015. All VisualSVN features are now fully compatible with the
newest Visual Studio release, including support for the new Universal
Windows app projects, cross-platform mobile development and other
enhancements. For further details please consider the
Visual Studio 2015
Release Notes.
Upgrading from VisualSVN 4.x and older versions
VisualSVN 4.x licenses issued on or after June 3rd, 2014 are eligible for a
free upgrade to VisualSVN 5.0. Commercial licenses issued before June 3rd,
2014 require an upgrade purchase for VisualSVN 5.0. The current upgrade
price is $49 for the Professional License and $1950 for the Site
License. The upgrade is free if you are using VisualSVN under the Community
License.
You can download the latest VisualSVN 5.0 build at the official
download page.
We are glad to announce the availability of patch releases for VisualSVN
products based on Apache Subversion 1.8.13. Besides various client
side and server side improvements, the Subversion 1.8.13 patch release
addresses the CVE-2015-0202,
CVE-2015-0248 and
CVE-2015-0251
security vulnerabilities.
Up-to-date VisualSVN Server installations are potentially affected
by the CVE-2015-0202,
CVE-2015-0248 and
CVE-2015-0251
security vulnerabilities. Both
CVE-2015-0202 and
CVE-2015-0248
vulnerabilities could lead to a DoS attack. The
CVE-2015-0251
vulnerability allows spoofing svn:author property values for new
revisions. At least read access is required to exploit the mentioned
vulnerabilities, so the overall risks for VisualSVN Server users are
relatively low. Nevertheless, we highly recommend upgrading to the
new builds.
There is also an update to OpenSSL 1.0.1m that addresses another
bunch of security vulnerabilities
but none of them affects up-to-date VisualSVN Server installations.
VisualSVN Server maintenance builds based on Subversion 1.7.20 and
OpenSSL 0.9.8zf with similar fixes are availble too.
It is also recommended to upgrade to version 3.3.1 if you are using an
earlier release of VisualSVN Server. Please read
VisualSVN Server 3.3 Release Notes to
find out what's new in the latest release. For detailed upgrade
instructions please consider the
KB85: Upgrading to VisualSVN Server 3.3 knowledge base
article.
Choose the appropriate patch build if you do not want to perform a
significant upgrade right now:
Other version families of VisualSVN Server are not supported and
maintenance updates are not available for them. It is strongly
recommended to upgrade to VisualSVN Server 3.3.1 if you are using a
3.0.x or any of the older versions.
Update for VisualSVN (a plug-in for Visual Studio)
Installations of VisualSVN (for Visual Studio) are not affected by any of
the security vulnerabilities mentioned in this announcement. Nevertheless,
we recommend upgrading to the the latest
VisualSVN 4.0.12 build.
This is an updated announcement: the previous version of the announcement could produce the
wrong impression regarding the future of VisualSVN Server. Please be sure that VisualSVN Server
continues to be actively developed and new releases are coming soon.
We are announcing End of Support for VisualSVN Server 2.5.x and
VisualSVN Server 3.0.x version families. Users of VisualSVN Server
2.5.x and VisualSVN Server 3.0.x builds should upgrade to newer versions
that are currently supported. The details are given below.
We are going to continue providing maintenance updates for the following
version families:
VisualSVN Server 2.7.x
VisualSVN Server 3.2.x
VisualSVN Server 3.3.x (the most recent release).
VisualSVN Server 3.3 is considered to be the best version available. The
whole product family of VisualSVN Server continues to be actively developed
and new releases with amazing new features are coming soon.
Upcoming End of Support for VisualSVN Server 2.5.x version family
We are announcing the upcoming End of Support for VisualSVN Server 2.5.x
version family. VisualSVN Server 2.5 is based on Apache Subversion 1.7.
As soon as Subversion 1.9 will be released, the support for Subversion 1.7
will be discontinued by the Subversion community. Since Subversion 1.9 is
already in beta testing stage, we encourage all users of VisualSVN Server
2.5.x to upgrade to the latest builds of VisualSVN Server 3.3.
Upgrading from VisualSVN Server 2.5.x to newer versions may require
additional administrative actions if you have Subversion authentication
enabled on your server. For further details please consider the
KB63 article.
End of Support for VisualSVN Server 3.0.x version family
We are also announcing End of Support for VisualSVN Server 3.0.x version
family. All users of VisualSVN Server 3.0.x should upgrade to the
latest builds of VisualSVN Server 3.3
VisualSVN Server continues to be actively developed product and VisualSVN
Server 3.3 is considered to be the best (and most stable) version available.
We are closing support for VisualSVN Server 3.0.x in order to reduce the
list of supported version families.
We are proud to announce VisualSVN Server 3.3. The main new feature of
VisualSVN Server 3.3 is the full support of Subversion’s locking for
distributed VDFS
repositories. Locking and unlocking can be done through both master
and slave repositories. These operations are guaranteed to be consistent
and the locks themselves are replicated between the repositories in a very
efficient way.
Starting from VisualSVN Server 3.3, distributed VDFS repositories become
functionally equivalent to regular Subversion FSFS repositories.
End-users can perform all possible Subversion operations with master and
slave VDFS repositories — checking out and updating working copies,
committing changes, modifying revision properties, locking and unlocking
files, etc. This makes the migration to distributed VDFS repositories
completely transparent for end-users.
VisualSVN Server 3.3 introduces a few other functional and performance
improvements, such as the following:
Improved performance of commit to slave VDFS repository. Commits
of large files to a local slave VDFS repository are now completed
significantly faster than over-the-WAN commits to a remote Subversion
repository.
Further optimization of VDFS replication over the WAN. With the
latest TCP settings optimizations, VisualSVN Distributed File System is
able to fully utilize 100 Mbps WAN link when data is replicated
between master and slave repositories.
Automatic handling of intermediate certificate authorities (CAs)
required to verify imported SSL certificates.
Upgrade to VisualSVN Server 3.3 is recommended for all users. Upgrade is
easy and straightforward, but it is highly recommended to read the
KB85: Upgrading to VisualSVN Server 3.3 article beforehand
(especially if you are upgrading from versions older than VisualSVN Server
3.0).
We are glad to announce the availability of patch releases for VisualSVN products based on Apache
Subversion 1.8.11. Besides various client side and server side improvements, the Subversion 1.8.11
patch release addresses the CVE-2014-3580
and CVE-2014-8108
security vulnerabilities. Maintenance builds based on Subversion 1.7.19 with similar
fixes are available too.
Up-to-date VisualSVN Server installations are potentially affected by both
CVE-2014-3580 and
CVE-2014-8108
security vulnerabilities that could lead to a DoS attack. In order to exploit these
vulnerabilities an attacker must have read access to a repository so the overall risks for VisualSVN
users are relatively low (because VisualSVN Server in its default configuration does not support
anonymous access to repositories). Nevertheless, we highly recommend upgrading to the new builds.
It is also recommended to upgrade to version 3.2.2 if you are
using an earlier release of VisualSVN Server. Please read
VisualSVN Server 3.2 Release Notes to find
out what's new in the latest release. For detailed upgrade instructions please
consider the KB82: Upgrading to VisualSVN Server 3.2 knowledge
base article.
Choose the appropriate patch build if you do not want to perform a significant
upgrade right now:
Older releases of VisualSVN Server are not supported and maintenance updates
are not available for them. It is strongly recommended to upgrade to
VisualSVN Server 3.2.2 if you are using a version earlier than 2.5.x. Cumulative
upgrade instructions are given in the KB82: Upgrading to VisualSVN Server 3.2
knowledge base article.
Update for VisualSVN
Users of VisualSVN (for Visual Studio) should update to VisualSVN 4.0.11.
We are proud to announce VisualSVN Server 3.2. The main new feature of VisualSVN Server 3.2
is the new web-based browser for Subversion repositories which is powered by HTML5. Being fully
integrated with all other VisualSVN Server features, the new web interface works right out
of the box, provides modern look and feel and ensures easy integration with third-party
issue trackers.
The new web-based repository browser is available in all editions of VisualSVN Server, including
free Standard Edition.
To open the new Subversion web interface, click the Browse context menu command for a repository in
VisualSVN Server Manager or just navigate to a repository URL using Internet Explorer, Firefox,
Safari or Chrome.
VisualSVN Server 3.2 introduces a number of other functional and usability improvements, such as
the following:
Significantly improve performance of VDFS replication over the WAN. Repositories based on
VisualSVN Distributed File System now
replicate 10 times faster compared with replication systems based on Write-Through Proxy.
Import existing repositories from portable dump files. Compressed dump files are
supported as well.
Provide Apache Subversion bindings for Python 2.7. Python is one of the best programming
languages to write Subversion repository hooks.
Upgrade to VisualSVN Server 3.2 is recommended for all users. Upgrade is easy and straightforward,
but it is highly recommended to read the KB82: Upgrading to VisualSVN Server 3.2 article
beforehand (especially if you are upgrading from versions older than VisualSVN Server 3.0).
Four new vulnerabilities have recently been identified
in the OpenSSL library. The most critical among them is CVE-2014-3566
which is a vulnerability in the SSL 3.0 cryptographic protocol. The vulnerability is known
as the "POODLE" and can be exploited by a Man-in-the-Middle (MITM) attack.
VisualSVN Server installations are theoretically affected by the POODLE attack. However
the risk for VisualSVN Server users is quite low, because the known attack scenario requires
an attacker to be able to run JavaScript injection and have MITM access to communication
between the client and the server. Nevertheless, we strongly recommend that users of our
products update to the new builds.
We disabled SSL 3.0 protocol in the new VisualSVN Server and VisualSVN builds in order to
mitigate the vulnerability. Please note that very old Subversion clients that do not
support TLS 1.0 might be unable to connect to VisualSVN Server after the upgrade.
VisualSVN Server users should choose the appropriate patch build that corresponds
to their currently installed version:
If you are using VisualSVN Server 3.0, please upgrade to VisualSVN Server 3.0.1 that is
available from the main download page.
If you are using VisualSVN Server 2.7, please upgrade to VisualSVN Server 2.7.10 that is
available from the version 2.7 download page.
If you are using VisualSVN Server 2.5, please upgrade to VisualSVN Server 2.5.23 that is
available from the version 2.5 download page.
Users of VisualSVN for Visual Studio should update to VisualSVN 4.0.10 that is available on its
main download page.
A major security vulnerability referenced as the
CVE-2014-6271
and so-called as the Shellshock Bug has been found recently in the GNU Bash shell.
Historically, Bash is actively used to create CGI programs and many of the Apache
HTTP Server instances become vulnerable to the Shellshock Bug. VisualSVN Server
uses a highly-isolated Apache HTTP Server instance to provide HTTP(S) access to
Subversion repositories. The great news is that VisualSVN Server does not include
the Bash package, so we confirm that default VisualSVN Server installations are NOT
affected by the Shellshock Bug.
As it said above, VisualSVN Server does not include the Bash package and Bash is not
involved in the normal operation of VisualSVN Server. However, it is recommended to
check if you have Subversion hook scripts executed using a third-party Windows port
of the GNU Bash. It’s highly recommended to install the corresponding hotfix if you
have a third-party Bash package installed.
Note that even if you have Subversion hook scripts executed using third-party Bash package,
the risks are still relatively average because Subversion hooks cannot be triggered if a
user does not have appropriate access permissions to the corresponding repository.
We are proud to announce VisualSVN Server 3.0. This is a major new release
of VisualSVN Server containing significant enterprise-related improvements.
VisualSVN Server 3.0 has the following main enhancements:
New Multisite Repository Replication feature allows bidirectional
replication of the Subversion repository contents between geographically distributed sites.
Native 64-bit support to fully utilize the modern hardware capabilities.
The Multisite Repository Replication feature is based on the VisualSVN
Distributed File System (VDFS) technology and enables geographically
distributed teams to work with the Subversion repositories at LAN speeds.
Replication is transparent for the end users, and VDFS-based repositories
behave as a regular writeable Subversion repositories.
The VisualSVN Distributed File System follows the classic master/slave
replication architecture. Each VDFS repository can be created as either a
master or a slave, not both. All the data modifications are automatically
replicated to all the replication partners.
The Multisite Repository Replication feature is available in VisualSVN
Server Enterprise Edition only. VisualSVN Server is licensed per server
instance, so you are required to have different enterprise license keys on
all the replication partners.
The VisualSVN Distributed File System is designed and implemented to be a
first class citizen in an Active Directory environment. Being tightly
integrated with Windows, it provides the highest level of robustness and
performance.
VisualSVN Server 3.0 brings native Windows 64-bit support. There are two
installation packages for 32-bit and 64-bit operating systems and if you
are using a 64-bit version of Windows on your server, you are required to
choose the 64-bit one. All the components of the VisualSVN Server are
native 64-bit in that case, allowing you to fully leverage all the
capabilities of your hardware.
You are required to upgrade the operating system if you are still using
Windows Server 2003 or Windows XP on the computer where VisualSVN Server
is installed. The minimum supported operating systems for VisualSVN Server
3.0 are Windows Server 2008 and Windows Vista.
We are glad to announce the availability of VisualSVN Server patch releases
based on Apache HTTP Server 2.2.29. These releases address the following vulnerabilities:
CVE-2014-0118,
CVE-2014-0231,
CVE-2014-0226,
CVE-2013-5704.
Up-to-date VisualSVN Server installations are potentially affected by
CVE-2013-5704
security vulnerability that allows remote attackers to replace HTTP headers
using HTTP trailers. Despite the fact that
CVE-2013-5704
is considered as a low-risk vulnerability, the upgrade to newer VisualSVN Server
builds is recommended for all users. Please choose the appropriate
patch build that corresponds to your current version.
If you are using VisualSVN Server 2.7, please upgrade to VisualSVN Server 2.7.9
that is available for download at the main
download page.
If you are using VisualSVN Server 2.5, please upgrade to VisualSVN Server 2.5.22
that is available for download at the
version 2.5 download page.
Comparing to the previous version, there are the following changes in the VisualSVN Server 2.7.9:
We are glad to announce the availability of VisualSVN Server 2.7.8 and VisualSVN 4.0.9
patch releases incorporating the recent fixes of common vulnerabilities and exposures
in Subversion and OpenSSL.
There are two client-side CVEs fixed in the latest Subversion releases 1.8.10 and 1.7.18. These
issues are described in
CVE-2014-3522 and
CVE-2014-3528 advisories. The latest series of OpenSSL releases, specifically 1.0.1i and 0.9.8zb,
contain fixes to nine CVEs detailed in the
corresponding advisory.
Some of the fixed CVEs may potentially affect VisualSVN products. The severity level of these
vulnerabilities is medium to low. Users of VisualSVN and VisualSVN Server are advised to apply
the updates.
VisualSVN users should update to VisualSVN 4.0.9 available at the
download page.
VisualSVN Server users should choose the appropriate patch build that
corresponds to their currently installed version:
If you are using VisualSVN Server 2.7, please upgrade to VisualSVN
Server 2.7.8 available from the main
download page.
If you are using VisualSVN Server 2.5, please upgrade to VisualSVN
Server 2.5.21 available from the version
2.5 download page.
Fortunately, VisualSVN Server is not affected by any of these
vulnerabilities, including the MITM vulnerability CVE-2014-0224. However,
VisualSVN (the Visual Studio plug-in) is affected by CVE-2014-0224 and
requires to be updated.
Note that exploiting the CVE-2014-0224 vulnerability requires both client
and server to be vulnerable, so the risk for VisualSVN customers is
relatively low. Nevertheless, we strongly recommend that users of our
products update to the new builds.
VisualSVN users should update to VisualSVN 4.0.8 available at the
download page.
VisualSVN Server users should choose the appropriate patch build that
corresponds to their currently installed version:
If you are using VisualSVN Server 2.7, please upgrade to VisualSVN
Server 2.7.7 available from the main
download page.
If you are using VisualSVN Server 2.5, please upgrade to VisualSVN
Server 2.5.20 available from the version
2.5 download page.
Hotfix: Subversion 1.6 and older client fails to commit changes to
paths with whitespaces or non-ASCII characters (the problem reappeared
after the update to Apache HTTP Server 2.2.27).
Significant performance improvement when clients connect to the server over
WAN.
VisualSVN Server 2.7.6 fixes the bug when outdated Subversion clients are
unable to commit changes to paths with whitespaces or non-ASCII characters.
So it's highly recommended to upgrade to VisualSVN Server 2.7.6 if you use
Subversion 1.6 or older clients.
You can get the latest version of VisualSVN Server at the official
download page.
VisualSVN Server 2.5.19 maintenance release is also available
to download and install. Upgrading to the maintenance patch release is
recommended for all users of VisualSVN Server 2.5. You can download
the release at the maintenance download
page.
A major security vulnerability referenced as the
CVE-2014-0160
and so-called as the Heartbleed Bug has been found recently in the
OpenSSL cryptographic library. Fortunately, all VisualSVN Server
installations are not affected by this vulnerability. However,
the hotfix is required for VisualSVN (the plug-in for Microsoft Visual Studio).
As it said above, VisualSVN Server is not affected by the Heartbleed Bug.
Up-to-date VisualSVN Server installations are built against OpenSSL 0.9.8y
that does not contain this vulnerability because the Heartbleed Bug
was introduced in OpenSSL release 1.0.1.
Since the client side is also vulnerable by the Heartbleed Bug, upgrade to
VisualSVN 4.0.6 is highly recommended for all VisualSVN users starting from
version 3.5.2. Note that exploiting the client side vulnerability requires
the user to connect to a compromised server, so the actual risks are relatively
low.
You can get the latest version of VisualSVN at the official
download page.
We are glad to announce the availability of VisualSVN Server patch releases
based on Apache HTTP Server 2.2.27. These releases address the following vulnerabilities:
CVE-2013-6438,
CVE-2014-0098.
Upgrade to newer VisualSVN Server builds is recommended for all users.
Up-to-date VisualSVN Server installations are partially affected by the
CVE-2013-6438
security vulnerability that allows remote attackers to cause a denial of
service (daemon crash). Exploiting this vulnerability does require write
access to the repository, so the risks are relatively low. Please choose
appropriate patch build that corresponds to your current version.
If you are using VisualSVN Server 2.5, please update to VisualSVN Server 2.5.18
that is available for download at the
version 2.5 download page.
If you are using VisualSVN Server 2.6 or 2.7, please upgrade to VisualSVN Server 2.7.5
that is available for download at the main
download page.
Note that VisualSVN Server 2.6 product family is no longer supported and
we encourage all VisualSVN Server 2.6 users to upgrade to the version 2.7.
The upgrade process from version 2.6 to version 2.7 is straightforward and
upgrade issues are not expected.
Comparing to the previous version, there are the following changes in the VisualSVN Server 2.7.5:
Updated to Apache HTTP Server 2.2.27 with fixes for the following vulnerabilities:
CVE-2014-0098,
CVE-2013-6438.
Minor performance improvement in VisualSVN Repository Configurator.
Fixed: VisualSVNServerHooks.exe crashes on commits without 'svn:log' or
'svn:author' properties.
VisualSVN Server 2.5.17 maintenance patch release is available. The release
is based on Apache Subversion 1.7.16 which addresses the
CVE-2014-0032
vulnerability.
Comparing to the previous 2.5.16 version, VisualSVN Server 2.5.17 brings the
following change:
Upgrading to the maintenance patch release is recommended for all users of
VisualSVN Server 2.5. You can download the release at the
maintenance download page.
VisualSVN Server 2.7.3 patch release is available. The release is based on
Apache Subversion 1.8.5 which addresses the
CVE-2013-4505 and
CVE-2013-4558
vulnerabilities.
Comparing to the previous version, VisualSVN Server 2.7.3 brings the
following changes:
Fixed: service may crash during startup if service account does not have
appropriate access rights.
Several performance improvements in the management console.
VisualSVN Server instances are not affected by the
CVE-2013-4505
and
CVE-2013-4558
vulnerabilities. However, the upgrade to VisualSVN Server 2.7.3 is strongly
recommended for all users because Subversion 1.8.5 fixes other serious bugs
which can lead to repository corruption and crashes.
You can get the latest version of VisualSVN Server at the official
download page.
VisualSVN Server 2.5.16 and 2.6.7 maintenance releases are also available
to download and install. For further details please consider the
version 2.5.16 and
version 2.6.7 changelog records.
We are proud to announce the release of VisualSVN 4.0 which is fully
compatible with the newest Visual Studio 2013 and brings new features such
as integration with built-in Visual Studio Merge Tool.
Visual Studio 2013 introduces variety of new features that are very useful
to professional developers. We invite you to join
the Visual Studio 2013 Virtual
Launch to learn more about new Visual Studio 2013 features and best
practices. The online event will be held on November 13 at 10 AM ET.
Upgrade to VisualSVN 4.0 is highly recommended for all users. You can
download the latest VisualSVN 4.0 build at the
official download page.
New features and improvements in VisualSVN 4.0
The main new feature of VisualSVN 4.0 is the full support for Visual
Studio 2013. All VisualSVN features are now fully compatible with the
newest Visual Studio 2013.
Here is the list of significant enhancements:
Merge conflicts resolution using Visual Studio Merge Tool. VisualSVN
4.0 integrates with the Visual Studio’s built-in Merge Tool and allows you
to resolve conflicts right within the IDE. This feature is available in
Visual Studio 2012 and Visual Studio 2013 only.
Integration with VisualSVN Repository Configurator. VisualSVN allows
you to open VisualSVN Repository Configurator right from the IDE and
configure granular access permissions if your repository is hosted on
VisualSVN Server. For further details please consider
the Repository Management Delegation
feature which is available in VisualSVN Server since version 2.7.
Simple and fast repository browser which allows branch selection in the
'Switch to Branch' dialog.
Overall performance improvement on huge working copies.
See the changelog for the complete
list of changes in VisualSVN 4.0.
The other notable improvement is that VisualSVN 4.0 fully respects
asynchronous solution load and deferred initialization of document tabs in
Visual Studio 2013. It allows solutions to be reloaded instantly
after working copy update, switch and revert operations. So we encourage all
VisualSVN users to upgrade to Visual Studio 2013 and VisualSVN 4.0.
Upgrading from previous VisualSVN versions
Upgrade to VisualSVN 4.0 is highly recommended for all users. You can
download the latest VisualSVN 4.0 build at the official download page.
Commercial VisualSVN licenses issued on or after December 1st, 2012
are eligible for a free upgrade to VisualSVN 4.0. Licenses issued before
December 1st, 2012 require an upgrade purchase for VisualSVN 4.0.
The current upgrade price is $39 for Professional License and $1250
for Site License. You can purchase upgrade to VisualSVN 4.0 using
the online purchase form.
The upgrade is free for MVPs, open-source developers and for everyone
who use VisualSVN under the Community License:
Microsoft MVPs should request the new VisualSVN 4.0 license for free at
the MVP License page.
Community License permits commercial use of VisualSVN and is available free
of charge for any computer that is not a member of an Active Directory
domain. Upgrade to newer versions is also free for Community License and
does not require any additional actions.
VisualSVN Server patch release 2.7.2 is available. The release does not
contain any critical fixes but is recommended for all existing users of
VisualSVN Server 2.7.
Comparing to the previous version, VisualSVN Server 2.7.2 brings the
following changes:
You can get the latest version of VisualSVN Server at the official
download page.
VisualSVN Server 2.6.6 maintenance release is also available to
download and install. For further details please consider the changelog
entry for
VisualSVN Server 2.6.6.
We are glad to announce VisualSVN Server 2.7 release that brings new
features and an upgrade to the Apache Subversion 1.8.
Note that there was interim VisualSVN Server 2.6 version that was released
but not officially announced. Compared with the latest officially announced
version, upgrade to VisualSVN Server 2.7 brings the following main changes:
New feature: Repository Management Delegation.
Reworked authorization system.
Upgrade to Apache Subversion 1.8.
Several high-impact usability improvements.
Upgrade to the version 2.7 is recommended for all existing VisualSVN Server
users. Download VisualSVN Server 2.7 at the
download page.
New feature: Repository Management Delegation
The main new feature of VisualSVN Server 2.7 is the Repository
Management Delegation. Thanks to this feature, non-administrative users
can be assigned as repository supervisors to specific repositories
and manage them using the VisualSVN Repository Configurator.
Repository supervisors can manage only repositories which they are assigned
to. When a supervisor connects to a repository, he can examine the current
repository access permissions and modify them using the rich user interface
of Repository Configurator.
All permission modifications performed by repository supervisors are
logged to the dedicated VisualSVN Server Management event log which can be
used for auditing.
VisualSVN Repository Configurator is a standalone application which
does not require administrative permissions for installation and execution.
Moreover, Repository Configurator is ready to be deployed automatically
through Active Directory Group Policies.
Note
Repository Management Delegation feature is currently available only if your
VisualSVN Server is configured for Windows authentication.
Reworked authorization system
When upgrading to VisualSVN Server 2.7, you get the following changes in the
authorization system:
Move authorization settings to per-repository files. For enhanced
isolation of security settings and better performance, each repository now
has it's dedicated authorization settings file a '/conf/' folder of a
repository. The repositories root no longer has Read / Write permission set
for "Everyone" group by default.
Migration of server-wide access permissions. As a consequence of the
previous change, you are not able to set server-wide access permissions if
Subversion authentication is enabled on your server. In order to preserve
effective permissions for all users, VisualSVN Server automatically
migrates server-wide rules to the repository level during upgrade.
Hide repositories in the web browser. A repository is no longer
displayed in the list of repositories unless a user has explicit access
permissions on the repository root.
Windows authorization is now case-sensitive. Repository names and
repository filesystem paths are now parsed case-sensitively. The behavior
now conforms to the Subversion authentication which is case-sensitive since
Apache Subversion 1.7.
Upgrade to Apache Subversion 1.8
Upgrade to Apache Subversion 1.8 brings more than 180 user-visible
changes both on the client and server side. It brings a number of new
important features, such as:
Automatic reintegration merge. Merging to-and-fro between two
branches in any order is now possible using the new "automatic merge"
feature. Manual reintegrate merges are not required anymore and the
'--reintegrate' option of 'svn merge' is now deprecated.
Inherited properties. Property inheritance provides a mechanism to
find the versioned properties set on the path-wise parents of a given path.
New properties 'svn:auto-props' and 'svn:global-ignores' make use of the
property inheritance and help to implement repository dictated
configuration for automatic property setting and ignore patterns.
Neon library support removed in favour of the serf. The serf
is an asynchronous HTTP client library that provides significantly better
network performance than the neon library.
At last but not at least, there are several notable functional and usability
improvements implemented in VisualSVN Server 2.6 and 2.7.
Support for PFX and DER-encoded certificates. The improved
certificate management wizard in VisualSVN Server Manager allows you to
import certificates in PFX and DER formats.
Recently connected computers. For your convenience, "Connect to
another computer" dialog now features a recently connected computers list.
It allows you to recall VisualSVN Server instances you've recently managed
and connect to them instantly.
VisualSVN Server Activity log. Access and Operational log events are
now stored in the new separate 'VisualSVN Server Activity' log.
New repository creation wizard. The new and improved repository
creation wizard allows you to pre-define authorization rules for a new
repository as well as specify it's default structure.
Multi-selection of users and groups in Permissions dialog. For
easier and faster authorization management, you can multiselect users and
groups in the Security dialog. So you can simultaneously apply permission
changes to selected users and groups.
Improved VisualSVN Server Manager performance. Expanding
Repositories tree with large number of repositories (500>) is much faster
in VisualSVN Server 2.7.
Automatic check for software updates. To ensure that your VisualSVN
Server version is up to date, the check for VisualSVN Server updates is now
performed automatically. You will get the notification on your VisualSVN
Server Manager dashboard if newer version of VisualSVN Server is available
and recommended for upgrade.
For the more detailed list of improvements please consider the following
release notes:
Since Subversion 1.6.x series is no longer supported by the Apache Software
Foundation, we are announcing End of Life for
VisualSVN Server 2.1.x versions. We continue to provide maintenance
and technical support for 2.5.x and 2.6.x versions of VisualSVN Server.
VisualSVN Server 2.7 built with Apache Subversion 1.8 is backward compatible
with older clients and immediate upgrade of all software is not required.
However, it is recommended to upgrade Subversion clients in order to fully
benefit from Subversion 1.8 enhancements.
Upgrading to VisualSVN Server 2.7 may require an additional administrative
actions if you are upgrading from VisualSVN Server 2.5 or earlier and you
have Subversion authentication enabled on your server. For further details
please consider the KB63 article.
We are delighted to announce that VisualSVN Server 2.5.15 and VisualSVN
Server 2.6.5 patch releases are available. These releases are based on Apache
Subversion versions 1.7.13 and 1.8.3 respectively and address the following
vulnerabilities:
Upgrade to newer VisualSVN Server builds is recommended for all users.
If you are using VisualSVN Server 2.5, please update to VisualSVN Server 2.5.15
that is available for download at the
version 2.5 download page.
If you are using VisualSVN Server 2.6, please update to VisualSVN Server 2.6.5
that is available for download at the
main download page.
Changes in VisualSVN Server 2.5.15
Up-to-date VisualSVN Server 2.5 installations are not affected by
CVE-2013-4277.
However, it’s recommended to upgrade to VisualSVN Server 2.5.15 because it
provides hotfixes for other significant issues. The changelog for VisualSVN
Server 2.5.15 is the following:
Hotfix: 'svn copy' operation fails if the copied subtree contains locked
files.
Changes in VisualSVN Server 2.6.5
Up-to-date VisualSVN Server 2.6 installations are partially affected by
CVE-2013-4246
vulnerability that allows remote attackers to corrupt a repository by
editing packed revision properties. The risk is relatively low for VisualSVN
Server users because of the following facts:
revision properties packing is currently disabled by default;
exploiting this vulnerability requires write access to the repository.
VisualSVN Server 2.6.5 also provides the following fixes and improvements:
Hotfix: 'svn copy' operation fails if the copied subtree contains locked
files.
Fixed: migration of authorization settings fails if there are repositories
without the 'conf' subdirectory.
Should I upgrade my production server to VisualSVN Server 2.6?
VisualSVN Server 2.6 that is based on the recently released Subversion 1.8
is already available for download. However, it is still not officially
announced in our RSS channel and mailing lists. The current version of
VisualSVN Server 2.6 works fine for the new customers, but we are currently
working to solve technical issues that affect customers who upgrade from
VisualSVN Server 2.5 and older versions.
We recommend upgrading to the version 2.5.15 if you currently use VisualSVN
Server 2.5. Please upgrade to version 2.6.5 only if you have already upgraded
your production servers to VisualSVN Server 2.6.
We are delighted to announce VisualSVN Server patch releases based on Apache
HTTP Server 2.2.25. These releases address the following vulnerabilities:
CVE-2013-1896,
CVE-2013-1862
and
CVE-2013-4131.
Upgrade to newer VisualSVN Server builds is recommended
for all users.
Up-to-date VisualSVN Server installations are partially affected by the
CVE-2013-1896
security vulnerability that allows remote attackers to cause a denial of
service (segmentation fault). Exploiting this vulnerability does require write
access to the repository, so the risks are relatively low. Please choose
appropriate patch build that corresponds to your current version.
If you are using VisualSVN Server 2.5, please update to VisualSVN Server 2.5.12
that is available for download at the
version 2.5 download page.
If you are using VisualSVN Server 2.1, please update to VisualSVN Server 2.1.15
that is available for download at the
version 2.1 download page.
If you have already upgraded to VisualSVN Server 2.6, please update to VisualSVN
Server 2.6.2 that is available for download at the
main download page.
Comparing to the previous version, there are the
following changes in the VisualSVN Server 2.6.2:
Updated to Apache HTTP Server 2.2.25 with fixes for the following vulnerabilities:
CVE-2013-1896,
CVE-2013-1862.
Enable SVNAllowBulkUpdates prefer option to force all-inclusive responses to update-style HTTP requests.
'svnmucc' command-line tool is included into the installation package.
Nevertheless that VisualSVN Server 2.6 based on the recently released
Subversion 1.8 is already available for download, it is still not officially
announced in our RSS channel and mailing lists. We recommend upgrading to
the version 2.5.12 if you currently use VisualSVN Server 2.5. Please upgrade
to version 2.6.2 only if you have already upgraded your production servers
to VisualSVN Server 2.6.
VisualSVN Server patch release 2.5.10 is available. This is a security fix
release that addresses several security vulnerabilities
recently identified in Apache Subversion. The version 2.5.10 has the
following change:
Up-to-date VisualSVN Server installations are affected by
CVE-2013-1968
vulnerability that could lead to repository corruption. That's
why the upgrade to VisualSVN Server 2.5.10 is strongly recommended
for all users. You can get the latest version of VisualSVN Server
at the official
download page
VisualSVN Server 2.1.14 maintenance release is also available to
download and install. For further details please consider the changelog
record for
VisualSVN Server 2.1.14.
We are happy to inform you that Apache Subversion 1.8 is in the stage of
release stabilization and is going to be officially released in the next
few weeks. Pre-release versions of VisualSVN Server 2.6 RC1 and VisualSVN
3.5 Beta1 based on Subversion 1.8 RC2 are now available for download:
Note that VisualSVN 3.5 Beta1 and VisualSVN Server 2.6 RC1 are offered for
testing and evaluation only. We consider these pre-release versions almost
stable, however all the usual caveats apply, including the facts that there
are known issues and no upgrade or downgrade path is promised
between the pre-release and officially released versions.
Apache Subversion 1.8 is a major release that brings more than 180
user-visible changes both on the client and server side. It’s worth to note
that Subversion 1.8 significantly increases merge performance, introduces
automatic merging and implements property inheritance mechanism. Moreover,
Subversion 1.8 has finally switched to serf which is a high performance HTTP
library designed to replace the neon library.
VisualSVN Server 2.6 RC1 is built against Subversion 1.8
RC2 and brings reworked authorization system that was adjusted for better
performance and isolation. Apart from that, this release polishes existing
features and makes Subversion server management even easier than before.
Here is the brief list of notable changes in VisualSVN Server 2.6:
Move authorization settings from a single list to per-repository files.
Windows authorization is now case-sensitive.
Support for PFX and DER- encoded certificates.
Multi-selection of users and groups in Permissions dialog.
The current VisualSVN Server 2.6 RC1 is almost stable and we strongly
encourage testing of the pre-release version. However, due to major changes
in VisualSVN Server 2.6, downgrading from 2.6 to previous versions can be
complicated. So we strongly recommend to install and evaluate
VisualSVN Server 2.6 RC1 in the testing environment!
As always, we greatly appreciate feedback and suggestions on the upcoming
VisualSVN Server 2.6 and VisualSVN 3.5. Please provide the feedback on your
experience with pre-release versions using our
feedback form.
VisualSVN Server patch release 2.5.9 is available. This is a security and bug
fix release that addresses several security vulnerabilities recently
identified in Apache Subversion. The version 2.5.9 has the following changes:
Fixed: mod_log_visualsvn module may crash if Access Logging is enabled.
Up-to-date VisualSVN Server installations are affected by vulnerabilities
that could lead to a DoS attack. That's why the upgrade to VisualSVN Server
2.5.9 is strongly recommended for all users. You can get the latest version
of VisualSVN Server at the official
download page
VisualSVN Server 2.1.13 maintenance release is also available to
download and install. For further details please consider the changelog
record for
VisualSVN Server 2.1.13.
Fixed: unbounded server side memory usage is possible under some
circumstances.
Fixed: WMI provider may crash when server is managed by multiple
clients.
Since there are important server side bug fixes in Subversion 1.7.7, upgrade
is highly recommended for all users. You can get the latest version of
VisualSVN Server from the official download
page.
VisualSVN patch release 3.0.3 is available. This patch release brings an
update to the Apache Subversion 1.7.7, several important bug fixes and
performance improvements.
Comparing to the previous release, there are the following changes
in the VisualSVN 3.0.3:
Improve loading time of solutions with large projects.
Fixed: minor delays when editing large files.
Fixed: VisualSVN always attempts to add a project to Subversion on
'Reload Project' context menu command.
Fixed: 'Revert Whole File' command is displayed incorrectly in undo/redo stacks.
Fixed: VisualSVN does not add files to Subversion after drag & drop
from Windows Explorer to Solution Explorer.
Fixed: text positioning sometimes goes awry when cycling through
modified files with F4 / F8 hotkeys.
Fixed: VisualSVN context menu is not shown when selected items in
Solution Explorer are from different projects.
Fixed: 'Add Solution to Subversion' wizard displays unnecessary warning
message for MFC Application projects in Visual Studio 2012.
Workaround for the Visual Studio issue #765880
(crash on Find in Files in large Web Site projects).
Registry option 'DisableQuickDiffOverviewMargin' added to disable
Quick Diff Overview margin.
We encourage all VisualSVN 3.0 users to upgrade to the VisualSVN 3.0.3 as
soon as reasonable. You can get the new version from the official
download page.
We are delighted to announce VisualSVN 3.0, the newest and greatly
improved version of the professional Apache Subversion integration package
for Microsoft Visual Studio. This release brings significant usability
improvements and full compatibility with Microsoft Visual Studio 2012.
The exciting news is that VisualSVN 3.0 introduces the Community License
that is available for free! The Community License permits commercial use
of VisualSVN and is available free of charge for any computer that is not a
member of an Active Directory domain.
We encourage all users to upgrade to VisualSVN 3.0. Download the latest version
of VisualSVN for Visual Studio at the download page.
Support for Visual Studio 2012
All VisualSVN features are now fully compatible with Visual Studio 2012.
Moreover, VisualSVN 3.0 is integrated with the built-in Diff window.
Now you can review the changes made to the files directly in the IDE with
syntax highlighting, IntelliSense and third-party refactoring tools available.
New Features
There are significant usability improvements made in VisualSVN 3.0. Such
new features as the Pending Changes window, Quick Diff Overview margin
and improved keyboard shortcuts were
implemented to provide developers with the best Subversion experience
available.
The new Pending Changes window shows all the current changes made in the
working copy. Pending Changes provides you with a fast and convenient
way to review your changes, commit and revert them selectively without
leaving the IDE.
Quick Diff Overview Margin
The Quick Diff Overview margin complements Quick Diff markers and appears
next to the code editor's scroll bar. The Quick Diff Overview margin
allows you to assess where there changes were made to the file and quickly
navigate between them. This makes it an indispensable feature for the code
review.
Free Community License
The other exciting news is that VisualSVN 3.0 introduces the Community License
that is available for free! This is a fully functional license that allows to use
VisualSVN on any computer that is not a member of an Active Directory
domain. Community License permits commercial use and is ideal for
freelancers, students and hobbyists.
Other Licensing Changes
VisualSVN 3.0 also introduces two new license types intended for professional
users. Professional License is intended both for organizations and
individuals and is licensed per developer. Site License simplifies
licensing for large organizations and permits to use VisualSVN on all
computers in one physical site.
Upgrading from VisualSVN 1.x and 2.x
VisualSVN 2.x licenses issued on or after September 16th, 2011 are
eligible for a free upgrade to VisualSVN 3.0. Licenses issued before
September 16th, 2011 require an upgrade purchase for VisualSVN 3.0. The
current upgrade price from a previous version to VisualSVN 3.0 is
just $39 per license.
You can download the latest VisualSVN 3.0 build at the official
download page.
Important: Apache Subversion 1.7.5 resolves non-fatal FSFS
repository corruption. Such repository corruption is a very rare case and
most likely your instance is not affected. Nevertheless, it's recommended
to verify all your repositories using the svnadmin verify command
after upgrade to the VisualSVN Server 2.5.5. For further details please
consider the Subversion's issue 4129.
Since Apache Subversion 1.7.5 resolves possible repository corruption,
upgrade to the VisualSVN Server 2.5.5 is strongly recommended for
all users. You can get the latest version of VisualSVN Server from the
official download page.
Fixed: 'vsvnvswrk.exe' process may sometimes crash with the 'incomplete read' error message.
Fixed: VisualSVN does not load if Microsoft Visual C++ 2008 runtime is not installed.
We encourage all VisualSVN 2.5 users to upgrade to the VisualSVN 2.5.5 as
soon as possible. You can get the new version from the official
download page.
Properly restart Apache HTTP Server child process if it gets aborted.
Log appropriate error messages when Apache HTTP Server child process
gets aborted.
Remove inode from ETag HTTP header (to prevent false positive detection
by security screening tools).
We recommend all VisualSVN Server 2.5 users to upgrade to the VisualSVN
Server 2.5.4. You can get the latest version of VisualSVN Server from the
official download page.
Fixed: Visual Studio window could be irreversible locked after
execution of TortoiseSVN command.
We encourage all VisualSVN 2.5 users to upgrade to the VisualSVN 2.5.4 as
soon as reasonable. You can get the new version on the official
download page.
Add CreateGnuTLSCompatibleCertificate registry option to create
GnuTLS compatible self-signed certificates. See the KB56 article for details.
Apache Subversion 1.7.3 fixes some important issues related to the server
side, so we recommend all VisualSVN Server 2.5 users to upgrade to the
VisualSVN Server 2.5.3. You can get the latest version of VisualSVN
Server from the official download page.
Apache Subversion 1.7.3 addresses a number of important issues found since
the recent Subversion 1.7.2 release. We encourage all VisualSVN 2.5 users
to upgrade to the VisualSVN 2.5.3 as soon as reasonable. You can get the
new version on the official download page.
VisualSVN patch release 2.5.2 is available. This patch release
brings an update to the Apache Subversion 1.7.2 and provides
significant performance improvement.
Comparing to the previous release, there are the following changes
in the VisualSVN 2.5.2:
Use pool of 'vsvnvswrk.exe' worker processes. This improves the
overall performance and prevents VisualSVN to hang if certain antivirus
software installed.
Apache Subversion 1.7.2 addresses a number of important issues found since
the recent Subversion 1.7.1 release. We encourage all VisualSVN 2.5 users
to upgrade to the VisualSVN 2.5.2 as soon as reasonable. You can get the
new version on the official download page.
Apache Subversion 1.7.1 fixes some important issues related to the server
side, so we recommend all VisualSVN Server 2.5 users to upgrade to the
VisualSVN Server 2.5.1. You can get the latest version of VisualSVN
Server from the official download page.
Log Subversion internal assertion failures to the Windows Event Log.
Fixed: VisualSVN does not work if the Event Log service is disabled
or corrupted.
Apache Subversion 1.7.1 addresses a number of important issues found since
the recent Subversion 1.7.0 release. We encourage all VisualSVN 2.5 users
to upgrade to the VisualSVN 2.5.1 as soon as reasonable. You can get the
new version on the official download page.
We are delighted to announce VisualSVN 2.5 and VisualSVN Server
2.5. Both products incorporate the newest Apache Subversion 1.7
that brings a major infrastructure upgrade, including a completely
redesigned working copy storage model.
Subversion 1.7 is the first major Subversion release under the Apache
Software Foundation umbrella. It provides significant performance-related
improvements such as a centralized working copy metadata storage (known as
WC-NG) and an improved HTTP protocol usage (known as HTTPv2).
Also, Subversion 1.7 brings more than 130 of other user-visible changes both
on the client and server side. For further details please consider the Apache
Subversion 1.7 Release Notes.
VisualSVN 2.5
VisualSVN is a professional grade Subversion integration plug-in for
Microsoft Visual Studio. The released VisualSVN version 2.5 incorporates
the most significant Subversion 1.7 improvements such as WC-NG and
HTTPv2.
VisualSVN Server is the most favored way to setup and maintain an enterprise
level Apache Subversion server on the Microsoft Windows platform. The
released VisualSVN Server version 2.5 provides an upgrade to Subversion 1.7
and implements the HTTPv2 protocol. Also, VisualSVN Server 2.5
delivers a lot of other significant improvements such as IPv6 support
and access rights management across trusted Active Directory domains.
VisualSVN Server patch release 2.1.11 is available. This version is
principally a security release that resolves
CVE-2011-3348
and provides further bug fixes to the resolution of
CVE-2011-3192
(also known as "Apache Killer" problem). For the current status
of the "Apache Killer" problem please consider the official
CVE-2011-3192
security advisory.
Comparing to the previous release, there are the following changes in
the VisualSVN Server 2.1.11:
Updated to Apache HTTP Server 2.2.21 with fix for
CVE-2011-3348
critical vulnerability and further fixes for
CVE-2011-3192.
Upgrade to VisualSVN Server 2.1.11 is strongly recommended for all
users. You can get the latest version of VisualSVN Server on the official
download page.
Note that VisualSVN Server 2.0.18 maintenance release is also available to
download and install. For further details please consider the changelog
record for VisualSVN Server 2.0.18.
VisualSVN Server patch release 2.1.10 is available. This is a security and
bug fix release that addresses critical vulnerability recently
identified in Apache HTTP Server.
Comparing to the previous release, there are the following changes in
the VisualSVN Server 2.1.10:
Updated to Apache HTTP Server 2.2.20 with fix for the critical
vulnerability:
CVE-2011-3192.
Negotiate authentication method is disabled for Subversion clients built
against Neon (reverting the corresponding change from the version 2.1.9).
Up-to-date VisualSVN Server installations are partially affected by
CVE-2011-3192
vulnerability that allows remote attackers to cause a denial of service (also
known as "Apache Killer" problem). Upgrade to VisualSVN Server
2.1.10 is strongly recommended for all users. You can get the latest
version of VisualSVN Server on the official download page.
Note that VisualSVN Server 2.0.17 maintenance release is also available to
download and install. For further details please consider the changelog
record for VisualSVN Server 2.0.17.
We are glad to announce beta versions of VisualSVN 2.5 and VisualSVN Server
2.5. The major change in both products will be the transition to Apache
Subversion 1.7. The current beta versions are almost stable and give you
an opportunity to evaluate upcoming Subversion 1.7.
Subversion 1.7 will be the first major Subversion release under the Apache
Software Foundation umbrella. It brings significant performance-related
improvements such as centralized working copy metadata storage (known as
WC-NG) and improved HTTP protocol usage (known as HTTPv2). According to
our measurements, the overall performance of Subversion operations has
increased by 2x-10x times.
Also, Subversion 1.7 brings more than 130 user-visible changes both on the
client and server sides. For further details please consider the draft of
the
Apache Subversion 1.7 Release Notes.
VisualSVN is a professional-level tool that transparently integrates
Subversion into Microsoft Visual Studio. The beta version of VisualSVN 2.5
is built against Subversion 1.7-beta3 and incorporates the most significant
Subversion 1.7 improvements such as WC-NG and HTTPv2. Note that upgrade to
VisualSVN 2.5 will be free for all registered VisualSVN 2.0 users. Download
the pre-release version of
VisualSVN 2.5 now.
VisualSVN Server is most favored way to setup and maintain an Apache
Subversion server on the Microsoft Windows platform. The beta version of
VisualSVN 2.5 is built against Subversion 1.7-beta3 and implements the fast
HTTPv2 protocol. Also there are a lot of other improvements such as IPv6
support. Download the pre-release
version of VisualSVN Server 2.5 now.
Note that beta versions of VisualSVN 2.5 and VisualSVN Server 2.5 are
offered for pre-release testing only. The usual caveats apply, including
the facts that there are known issues and no upgrade path is promised
for working copies and repositories between the pre-releases and the
final release.
VisualSVN Server patch release 2.1.9 is available. This is a security and bug fix
release that addresses several critical vulnerabilities recently identified
in Apache Subversion.
Comparing to the previous release, there are the following changes in the VisualSVN Server 2.1.9:
Negotiate authentication method is enabled for Subversion clients built against
Neon 0.29.5 (and newer).
Fixed: an attempt to change repository root settings fails with the
"The remote procedure call failed. (0x800706be)" error message.
Fixed: upgrade fails with the "Custom action CreateInitialAuthFilesExecute
failed" error message when repositories are stored on network share.
Up-to-date VisualSVN Server installations are affected by
CVE-2011-1752
and CVE-2011-1921
vulnerabilities that could lead to DoS attacks and data leakage. That's why upgrade to
VisualSVN Server 2.1.9 is strongly recommended for all users. You can get the latest
version of VisualSVN Server on the official download page.
Note that VisualSVN Server 2.0.16 maintenance release is also available to
download and install. For further details please consider the changelog
record for VisualSVN Server 2.0.16.
VisualSVN patch release 2.0.6 is available. This patch release
brings an update to the latest build of Subversion and provides
a number of important bug fixes.
Comparing to the previous release, there are the following changes
in the VisualSVN 2.0.6:
Fixed: event log is filled with error messages and Quick Diff markers
are not displayed in some environments.
Fixed: Visual Studio crashes on attempt to add a resource file if
'svn:needs-lock' property is applied for the project.
Fixed: non-fatal error occurs when starting to debug a Web Application project.
Fixed: the whole working copy status indicator may disappear under some circumstances.
Fixed: VisualSVN context menu commands are not available in the SQL editor.
We consider this release to be the best version of VisualSVN available, and encourage
users of all prior versions to upgrade. You can get the new version on the official
download page.
Note that VisualSVN 1.7.12 maintenance release is also available to
download and install. For further details please consider the changelog
record for
VisualSVN 1.7.12.
Vulnerabilities addressed in this security release are not very critical for VisualSVN
Server customers. Nonetheless, upgrade is recommended for all users. You can get the latest
version of VisualSVN Server from the official download page.
Note that VisualSVN Server 2.0.15 maintenance release is also available to
download and install. For further details please consider the changelog
record for VisualSVN Server 2.0.15.
VisualSVN Server patch release 2.1.6 is available. This is a security release
that addresses critical vulnerability in Subversion.
Comparing to the previous release, there is the single change in the VisualSVN Server 2.1.6:
Updated to Subversion 1.6.16 with fix for critical vulnerability:
CVE-2011-0715.
Upgrade is strongly recommended for all users. You can get the latest version of
VisualSVN Server from the official download page.
Note that VisualSVN Server 2.0.14 maintenance release is also available to
download and install. For further details please consider the changelog
record for VisualSVN Server 2.0.14.
mod_headers Apache module is included into the installation package.
Upgrade is recommended for all users due to several important fixes in Subversion
and Apache HTTPD.
You can get the latest version of VisualSVN Server from the official
download page.
Note that VisualSVN Server 2.0.13 maintenance release is also available to
download and install. For further details please consider the changelog
record for VisualSVN Server 2.0.13.
Workaround for third-party extensions that use Visual Studio 2010
editor incorrectly.
Upgrade is recommended for all users. You can get the new version from the official
download page.
Note that VisualSVN 1.7.11 maintenance release is also available to
download and install. For further details please consider the changelog
record for
VisualSVN 1.7.11.
Fixed: unable to register VisualSVN when "Use FIPS compliant algorithms for
encryption, hashing, and signing" policy is enabled.
Fixed: VisualSVN does not integrate with Visual Studio 2010 when "Always install with
elevated privileges" policy is enabled.
Fixed: status icons may be not shown when absolute path to working copy starts from
a lowercase letter.
Upgrade is recommended for all users. You can get the new version from the official
download page.
Note that VisualSVN 1.7.10 maintenance release is also available to
download and install. For further details please consider the changelog
record for
VisualSVN 1.7.10.
Upgrade is recommended for all users due to several important fixes that are available
in the Subversion 1.6.13 release. However, thanks to the fact that short_circuit
option is disabled in the VisualSVN Server, up-to-date VisualSVN Server installations are
not affected by CVE-2010-3315
vulnerability that is also fixed in this Subversion release.
You can get the latest version of VisualSVN Server from the official
download page.
Note that VisualSVN Server 2.0.12 maintenance release is also available to
download and install. For further details please consider the changelog
record for VisualSVN Server 2.0.12.
Allow to grant access rights for a domain computer account.
Prohibit to grant access rights for a domain distribution group (since Active Directory
distribution groups are not intended to manage permissions).
Fixed: installation package behaves incorrectly when AlwaysInstallElevated policy is enabled.
Fixed: VisualSVNServerHooks.exe does not work if VisualSVN Server service account doesn't have
access permissions to all parents of the repositories folder.
Fixed: non-ASCII characters are incorrectly logged to Access and Operational logs.
Fixed: unable to install if computer name contains underscore characters.
mod_deflate Apache module is not loaded anymore.
Upgrade is recommended for all users. You can get the latest version of
VisualSVN Server from the official download page.
Note that VisualSVN Server 2.0.11 maintenance release is also available to
download and install. For further details please consider the changelog
record for VisualSVN Server 2.0.11.
Statically link with OpenSSL libraries to prevent possible DLL hell.
Temporary Visual Studio 2010 IntelliSense files are ignored by default (*.sdf,
*.opensdf and ipch)
Fixed: working copy root settings may be not loaded correctly.
Upgrade is recommended for all users. You can get the new version from the official
download page.
Note that VisualSVN 1.7.9 maintenance release is also available to
download and install. For further details please consider the changelog
record for
VisualSVN 1.7.9.
Modeling projects are supported in Visual Studio 2010.
Upgrade is recommended for all users. You can get the new version from the official
download page.
Note that VisualSVN 1.7.8 maintenance release is also available to
download and install. For further details please consider the changelog
record for
VisualSVN 1.7.8.
Disallow installation on servers with non-ASCII hostnames.
Generate Apache config in the UTF-8 encoding.
Upgrade is optional since there is no critical fixes. You can get the latest
version of VisualSVN Server from the official
download page.
Note that VisualSVN Server 2.0.10 maintenance release is also available to
download and install. For further details please consider the changelog
record for
VisualSVN Server 2.0.10.
We are delighted to announce the new and improved version of the professional
Subversion integration for Microsoft Visual Studio - VisualSVN 2.0.
This release brings improved performance and full compatibility with Microsoft
Visual Studio 2010. Our focus on rock-solid stability and polished
usability continues in VisualSVN 2.0.
Support for Visual Studio 2010
All VisualSVN features such as real-time QuickDiff markers and traffic-lights
visual status indicators are now fully compatible with Visual Studio 2010.
Improved performance
Performance is one of VisualSVN strengths, but we work hard to make it even faster.
In VisualSVN 2.0 initial memory footprint is reduced, support for legacy Visual
Studio 2003 is dropped and performance is boosted.
Upgrading from VisualSVN 1.x
VisualSVN licenses issued on or after 15 October 2009 qualify for a free upgrade to
VisualSVN 2.0. Licenses issued before 15 October 2009 require an upgrade purchase
for VisualSVN 2.0. For a limited time, you can upgrade to VisualSVN 2.0 with a 50%
discount. Upgrade online today.
If you are switching to Visual Studio 2010 you will need to upgrade to VisualSVN 2.0. The
upgrade is also recommended for all customers who want to benefit from the enhanced performance.
We continue to provide maintenance updates for VisualSVN 1.7.x.
Being installed for the first time, VisualSVN Server pre-generates 2048 bits
long private key for SSL certificates.
Upgrade is recommended for all users due to fix of possible segmentation fault
in Subversion 1.6.9. You can get the latest version of VisualSVN Server from the
official download page.
Note that VisualSVN Server 2.0.9 maintenance release is also available to
download and install. For further details please consider the changelog record
for VisualSVN Server 2.0.9.
We're delighted to announce VisualSVN Server 2.1. This release
contains the sole new feature: Integrated Windows Authentication.
With Integrated Windows Authentication users gain access to VisualSVN Server
without being prompted for username and password. The current Windows
credentials on the client computer are supplied through a cryptographic
exchange involving hashing with the VisualSVN Server. Either NTLM
or Kerberos V5 authentication protocols can be used.
All of this made VisualSVN Server into a first class citizen on the Windows
platform. Integrated Windows Authentication brings clear benefits:
Optimal security. Authentication is always performed in a secure
manner and credentials are never cached on disk.
Single sign-on. Users' Windows credentials are automatically used
to access VisualSVN Server, saving them the hassle of additional
authentication steps.
Two-factor authentication. Compatibility with two-factor
authentication systems (e.g. smart cards) ensures that VisualSVN Server
can be easily integrated to a secure enterprise environment.
Integrated Windows Authentication is available in VisualSVN Server
Enterprise Edition only. But nevertheless, VisualSVN Server 2.1 brings some
significant fixes for Standard Edition too.
See the full list of changes.
The upgrade to version 2.1 is recommended for all users. The upgrade
is free not only to Standard Edition users, but also to all existing
Enterprise Edition customers. Upgrading is very quick and easy: simply run
the installer for VisualSVN Server 2.1 and follow the installation wizard.
It is not necessary or recommended to uninstall older versions
of VisualSVN Server.
NetworkService account receives explicit access permission
to the installation folder (as a workaround for the situations when
it does not have such permissions implicitly)
Fixed: WMI provider may be not reloaded after the server upgrade.
Fixed: VisualSVN Server may crash if Windows permissions settings
file contains invalid data.
Upgrade is recommended for all users. You can get the new version from our
download page.
We're delighted to announce VisualSVN Server 2.0. This release
contains many significant improvements to the VisualSVN Server product line,
including enhanced security.
VisualSVN Server is now available in Enterprise and Standard
editions.
VisualSVN Server Enterprise Edition 2.0
VisualSVN Server Enterprise Edition offers enhanced features that
make VisualSVN Server a reliable, standards-compliant, secure server
solution for businesses and development groups that use Subversion.
New features for the Enterprise Edition:
Remote Server Administration
Detailed Access and Operational Logging
Remote Server Administration
Based on Windows Management Instrumentation (WMI) technology, the new
Remote Server Administration functionality provides a standards-based,
secure, stable and high-performance remote management interface
to VisualSVN Server.
Access and Operational Logging
Access and Operational Logging records all server activity in terms
of raw HTTP transactions or logical Subversion requests. Windows System
Administrators will appreciate the stability, security and administrative
features of VisualSVN Server Enterprise Edition.
VisualSVN Server Standard Edition is the free version of our
powerful software. Building on previous successes, the Standard Edition
includes all of the functionality of VisualSVN Server 1.7.3 but with added
security features and a host of enhancements
(read the full of list of changes).
VisualSVN Server Standard Edition will continue to be developed
and maintained for users, in tandem with Enterprise Edition.
Enhanced Security in Enterprise and Standard Editions
Both VisualSVN Server Enterprise Edition and Standard Edition include
significant security enhancements.
See the full list of changes.
Recommended: Upgrade Now
We recommend that all users of VisualSVN Server upgrade to 2.0. Upgrading
is very quick and easy: simply run the installer for VisualSVN Server 2.0
and follow the installation wizard. It is not necessary or recommended
to uninstall older versions of VisualSVN Server.
We are glad to announce the new and improved version of the popular
all-in-one Subversion server package for Windows platform -
VisualSVN Server 1.7. This release brings new Subversion 1.6 with a bunch
of great features and bug fixes. More details are available in
Subversion 1.6 Release Notes..
Upgrading from VisualSVN Server 1.6.x
As usual upgrading from older versions of VisualSVN Server is very easy.
Run installation of the new version and click "Next" several times.
Uninstalling of the older version is not recommended - customization
of server parameters (port number etc.) will be lost.
We are glad to announce new version of the professional Subversion
integration for Microsoft Visual Studio - VisualSVN 1.7. This release
brings to you the new release of Subversion 1.6 with a bunch of great
features and bug fixes. More details are available in
Subversion 1.6 Release Notes..
Upgrading from VisualSVN 1.6.x
The upgrade to VisualSVN 1.7 is free for all licensed users of VisualSVN.
No need to uninstall previous version - simply install new one on top of it.
Important: your working copies will be automatically converted
to Subversion 1.6 format. This operation is irreversible. In case you want
to switch back to VisualSVN 1.6.x and Subversion 1.5.x later you will
have to do a fresh checkout.
Download
Follow to the download page
to get VisualSVN 1.7 and enjoy new Subversion 1.6 features!
We are glad to announce the new and improved version of the professional
Subversion integration for Microsoft Visual Studio - VisualSVN 1.6. This
release brings significant usability improvements such as Quick Revert
and editor-aware status features.
Quick Revert
With the well known VisualSVN's Quick Diff feature you see all changed
parts of your files in the real-time. The new Revert Selection command
allows you to quickly revert selected changes. You can choose Revert
Selection command from context menu or just run it by Ctrl+Alt+Z
shortcut. Revert Selection command is integrated with the standard
Undo/Redo stack so you will find this new VisualSVN's feature very useful!
Editor-aware status
The famous traffic-lights status becomes more precise. Now it considers
even unsaved changes made in the editor.
Hot switch
Now you are able to switch between branches using combo-box at VisualSVN's
toolbar. This is very handy when your are actively working on several
branches. The UI is clean and user friendly.
Free upgrade from VisualSVN 1.5.x
The upgrade to VisualSVN 1.6 is free for all licensed users of VisualSVN.
There is no need to uninstall previous version - just install the new one
on top of it.
Download
Follow to the
download page
to get VisualSVN 1.6 and enjoy new level of productivity!