Update to Apache HTTP Server 2.4.58 and OpenSSL 3.0.12

We are glad to announce that all VisualSVN products have been updated to OpenSSL 3.0.12. Additionally, VisualSVN Server has been updated to Apache HTTP Server 2.4.58.

This update fixes a number of security vulnerabilities, out of which only the CVE-2023-4807 vulnerability discovered in OpenSSL may potentially affect up-to-date versions of VisualSVN Server. This vulnerability is currently rated as high-severity, according to its base score on the Common Vulnerability Scoring System scale. Although no specific ways have been currently found in which exploiting this vulnerability can adversely affect VisualSVN Server, installing this maintenance update for VisualSVN Server is strongly recommended.

Despite the fact that up-to-date versions of the VisualSVN plug-in for Visual Studio are not affected by the vulnerabilities fixed in this maintenance update, updating your VisualSVN plug-in to an appropriate newest version is also recommended.

Update for VisualSVN Server

You can get the latest VisualSVN Server 5.3.1 version from the official download page.

Among other changes in this maintenance update, it also fixes an issue that caused an upgrade to VisualSVN Server 5.3.x to fail if you had a TLS/SSL certificate with a SHA1-based signature installed on your VisualSVN Server. For the full list of changes, see the VisualSVN Server 5.3.1 changelog.

Version families older than VisualSVN Server 5.3.x are no longer supported, and patch-level updates are not available for them. If you are upgrading from VisualSVN Server 5.2.x or older, please read the article KB222: Upgrading to VisualSVN Server 5.3 before upgrading.

Update for VisualSVN (a plug-in for Visual Studio)

On the official download page, please select an appropriate VisualSVN plug-in version with respect to your Visual Studio version:

For the full list of changes, see the corresponding changelog entries for these plug-in versions: VisualSVN 8.3.1, VisualSVN 7.4.1, VisualSVN 6.8.1 and VisualSVN 5.7.1.