a35da56833
Subversion 1.14.1. This is a stable bugfix and security release of the Apache Subversion open source version control system. THIS RELEASE CONTAINS AN IMPORTANT SECURITY FIX: CVE-2020-17525 "Remote unauthenticated denial-of-service in Subversion mod_authz_svn" The full security advisory for CVE-2020-17525 is available at: https://subversion.apache.org/security/CVE-2020-17525-advisory.txt A brief summary of this advisory follows: Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. We recommend all users to upgrade to the 1.10.7 or 1.14.1 release of the Subversion mod_dav_svn server. As a workaround, the use of in-repository authz rules files with the AuthzSVNReposRelativeAccessFile can be avoided by switching to an alternative configuration which fetches an authz rules file from the server's filesystem, rather than from an SVN repository. |
||
|---|---|---|
| .. | ||
| DESCR | ||
| Makefile | ||
| PLIST | ||