[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Found read-only security hole in svnserve

From: Greg Stein <gstein_at_lyra.org>
Date: 2003-12-01 11:30:56 CET

On Mon, Dec 01, 2003 at 02:27:11AM -0500, Greg Hudson wrote:
> svnserve's compatibility code for old clients was allowing clients to
> read a repository even if anon-access was set to "none". I've fixed
> this in r7888. This probably warrants an 0.33.2 if at all possible.

I'd say port the fix over to 0.34 and recommend an upgrade to that
instead. If we have to make a release, then I'd say stick to just 0.34.


Greg Stein, http://www.lyra.org/
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Dec 1 11:33:43 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.