Re: Found read-only security hole in svnserve

From: Greg Hudson <ghudson_at_MIT.EDU>
Date: 2003-12-01 17:36:53 CET

On Mon, 2003-12-01 at 05:30, Greg Stein wrote:
> On Mon, Dec 01, 2003 at 02:27:11AM -0500, Greg Hudson wrote:
> > svnserve's compatibility code for old clients was allowing clients to
> > read a repository even if anon-access was set to "none". I've fixed
> > this in r7888. This probably warrants an 0.33.2 if at all possible.
>
> I'd say port the fix over to 0.34 and recommend an upgrade to that
> instead. If we have to make a release, then I'd say stick to just 0.34.

Okay. I guess if people don't want to immediately deal with dumping and
loading their repositories to upgrade to 0.34, they can apply a source
patch to 0.33.1.

(The number of users affected by the problem is probably miniscule
anyway.)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Dec 1 17:38:20 2003

This message: [ Message body ]
Next message: Jostein Chr. Andersen: "Revision number madness"
Previous message: Philip Martin: "Re: svn commit: rev 7857 - in trunk/subversion: libsvn_client libsvn_ra_svn libsvn_subr mod_dav_svn svnserve"
In reply to: Greg Stein: "Re: Found read-only security hole in svnserve"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]