Subversion 1.0.6 released. *SECURITY FIX*
From: Ben Reser <ben_at_reser.org>
Date: 2004-07-20 01:23:04 CEST
Subversion 1.0.6 is ready. Grab it from:
http://subversion.tigris.org/tarballs/subversion-1.0.6.tar.gz
The MD5 checksums are:
160c655194dff55f9fdd856110801d01 subversion-1.0.6.tar.gz
PGP Signatures are available at:
PGP Signatures will be made by the following person(s) for this release:
This is likely the last bugfix release in the 1.0.x line.
Subversion versions up to and including 1.0.5 have a bug in
Details:
mod_authz_svn would allow a user to copy portions of a repo to which
Severity:
This is a low risk issue. Only sites running mod_authz_svn (an
Most installations will not fall into this category.
This vulnerability does not affect users running svnserve.
Workarounds:
* Disable DAV and use svnserve.
* Separate content into different repos.
* Disable the COPY method via Apache configuration. Note this will
Recommendations:
We recommend all users upgrade to 1.0.6 or 1.1.0-rc1.
Questions, comments, and bug reports to users_at_subversion.tigris.org.
Thanks,
--------------------8-<-------cut-here---------8-<-----------------------
User-visible-changes:
Developer-visible changes:
---------------------------------------------------------------------
|
This is an archived mail posted to the Subversion Dev mailing list.
This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.