MITM vulnerability in OpenSSL: VisualSVN and VisualSVN Server updates are available
Several new vulnerabilities have recently been identified and fixed in the OpenSSL library. The most critical among them is CVE-2014-0224 which can be exploited by a Man-in-the-Middle (MITM) attack.
Fortunately, VisualSVN Server is not affected by any of these vulnerabilities, including the MITM vulnerability CVE-2014-0224. However, VisualSVN (the Visual Studio plug-in) is affected by CVE-2014-0224 and requires to be updated.
Note that exploiting the CVE-2014-0224 vulnerability requires both client and server to be vulnerable, so the risk for VisualSVN customers is relatively low. Nevertheless, we strongly recommend that users of our products update to the new builds.
VisualSVN users should update to VisualSVN 4.0.8 available at the download page.
VisualSVN Server users should choose the appropriate patch build that corresponds to their currently installed version:
- If you are using VisualSVN Server 2.7, please upgrade to VisualSVN Server 2.7.7 available from the main download page.
- If you are using VisualSVN Server 2.5, please upgrade to VisualSVN Server 2.5.20 available from the version 2.5 download page.