Re: Found read-only security hole in svnserve

From: Greg Stein <gstein_at_lyra.org>
Date: 2003-12-01 11:30:56 CET

On Mon, Dec 01, 2003 at 02:27:11AM -0500, Greg Hudson wrote:
> svnserve's compatibility code for old clients was allowing clients to
> read a repository even if anon-access was set to "none". I've fixed
> this in r7888. This probably warrants an 0.33.2 if at all possible.

I'd say port the fix over to 0.34 and recommend an upgrade to that
instead. If we have to make a release, then I'd say stick to just 0.34.

Cheers,
-g

-- 
Greg Stein, http://www.lyra.org/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Mon Dec 1 11:33:43 2003

This message: [ Message body ]
Next message: Greg Stein: "Re: svn commit: rev 7857 - in trunk/subversion: libsvn_client libsvn_ra_svn libsvn_subr mod_dav_svn svnserve"
Previous message: Greg Stein: "[OT] Re: svn commit: rev 7879 - trunk/doc/book/book"
In reply to: Greg Hudson: "Found read-only security hole in svnserve"
Next in thread: Erik Huelsmann: "Re: Found read-only security hole in svnserve"
Reply: Erik Huelsmann: "Re: Found read-only security hole in svnserve"
Reply: Greg Hudson: "Re: Found read-only security hole in svnserve"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]