Update to Apache Subversion 1.14.5

We are pleased to announce the release of new patch updates for all VisualSVN products, now based on Apache Subversion 1.14.5. In addition, relevant products have been updated to Expat XML parser 2.6.4.

This update fixes several vulnerabilities, some of which affect VisualSVN products in certain configurations. Updating to the new builds is recommended for all users.

The update to Apache Subversion 1.14.5 fixes a vulnerability CVE-2024-46901 that potentially can lead to a denial of service. This is a low-severity vulnerability, and exploiting it requires an attacker to have write access to the repositories.

The update to Expat XML parser 2.6.4 cumulatively fixes four vulnerabilities, two of which, CVE-2024-45491 and CVE-2024-45492, are high-severity and potentially can affect 32-bit installations of VisualSVN Server.

Update for VisualSVN Server

You can get the latest VisualSVN Server 5.4.3 version from the official download page.

For the full list of changes, see the VisualSVN Server 5.4.3 changelog.

Alternatively, choose an appropriate patch build if you do not want to perform a significant upgrade right now:

Version families older than VisualSVN Server 5.3.x are no longer supported, and patch-level updates are not available for them. It is strongly recommended that you upgrade to VisualSVN Server 5.4.3 if you are using any version family older than 5.3.x. Please read the article KB233: Upgrading to VisualSVN Server 5.4 before beginning the upgrade.

Update for VisualSVN (a plug-in for Visual Studio)

On the official download page, please select an appropriate VisualSVN plug-in version with respect to your Visual Studio version:

For the full list of changes, see the corresponding changelog entries for these plug-in versions: VisualSVN 8.3.5, VisualSVN 7.4.5, VisualSVN 6.8.5 and VisualSVN 5.7.5.