I'm happy to announce the release of Apache Subversion 1.7.21.
Please choose the mirror closest to you by visiting:
http://subversion.apache.org/download/
This release fixes two security issues:
CVE-2015-3184:
Subversion's mod_authz_svn does not properly restrict anonymous
access in some mixed anonymous/authenticated environments when
using Apache httpd 2.4.
http://subversion.apache.org/security/CVE-2015-3184-advisory.txt
CVE-2015-3187:
Subversion servers, both httpd and svnserve, will reveal some
paths that should be hidden by path-based authz.
http://subversion.apache.org/security/CVE-2015-3187-advisory.txt
The SHA1 checksums are:
fabbfa599eb409ba1fc852c83626fc7733802b99 subversion-1.7.21.tar.bz2
1797ef96d0d6d3dc13491598a649f21640877fd8 subversion-1.7.21.tar.gz
4c1417b4425cea98ceb998c2ec803ebf7a5398a4 subversion-1.7.21.zip
PGP Signatures are available at:
http://www.apache.org/dist/subversion/subversion-1.7.21.tar.bz2.asc
http://www.apache.org/dist/subversion/subversion-1.7.21.tar.gz.asc
http://www.apache.org/dist/subversion/subversion-1.7.21.zip.asc
For this release, the following people have provided PGP signatures:
Bert Huijben [4096R/CCC8E1DF] with fingerprint:
3D1D C66D 6D2E 0B90 3952 8138 C4A6 C625 CCC8 E1DF
Branko Čibej [4096R/A347943F] with fingerprint:
BA3C 15B1 337C F0FB 222B D41A 1BCA 6586 A347 943F
Ivan Zhakov [4096R/F6AD8147] with fingerprint:
4829 8F0F E47F 4B8A 43FD 6525 919F 6F61 F6AD 8147
Johan Corveleyn [4096R/010C8AAD] with fingerprint:
8AA2 C10E EAAD 44F9 6972 7AEA B59C E6D6 010C 8AAD
Julian Foad [4096R/4EECC493] with fingerprint:
6011 63CF 9D49 9FD7 18CF 582D 1FB0 64B8 4EEC C493
Stefan Fuhrmann [4096R/57921ACC] with fingerprint:
056F 8016 D9B8 7B1B DE41 7467 99EC 741B 5792 1ACC
Stefan Sperling [2048R/9A59B973] with fingerprint:
8BC4 DAE0 C5A4 D65F 4044 0107 4F7D BAA9 9A59 B973
Release notes for the 1.7.x release series may be found at:
http://subversion.apache.org/docs/release-notes/1.7.html
You can find the list of changes between 1.7.21 and earlier versions at:
http://svn.apache.org/repos/asf/subversion/tags/1.7.21/CHANGES
Known issues in this release:
The test suite ("make check") is broken in this release. Most tests log
an error about an unknown "--httpd-version" option in the tests.log file.
The following patch can be applied to fix this problem and run the test
suite properly. This problem will be fixed in the upcoming 1.7.22 release.
[[[
Index: subversion/tests/cmdline/svntest/main.py
===================================================================
--- subversion/tests/cmdline/svntest/main.py (revision 1694010)
+++ subversion/tests/cmdline/svntest/main.py (working copy)
@@ -1582,6 +1582,8 @@ def _create_parser():
'useful during test development!')
parser.add_option('--srcdir', action='store', dest='srcdir',
help='Source directory.')
+ parser.add_option('--httpd-version', action='store',
+ help='Assume HTTPD is this version.')
# most of the defaults are None, but some are other values, set them here
parser.set_defaults(
]]]
Questions, comments, and bug reports to users_at_subversion.apache.org.
Thanks,
- The Subversion Team
Received on 2015-08-05 22:36:18 CEST