Apache Subversion 1.7.21 released

From: Stefan Sperling <stsp_at_apache.org>
Date: Wed, 5 Aug 2015 22:36:02 +0200

I'm happy to announce the release of Apache Subversion 1.7.21.
Please choose the mirror closest to you by visiting:

http://subversion.apache.org/download/

This release fixes two security issues:

    CVE-2015-3184:
    Subversion's mod_authz_svn does not properly restrict anonymous
    access in some mixed anonymous/authenticated environments when
    using Apache httpd 2.4.
    http://subversion.apache.org/security/CVE-2015-3184-advisory.txt

    CVE-2015-3187:
    Subversion servers, both httpd and svnserve, will reveal some
    paths that should be hidden by path-based authz.
    http://subversion.apache.org/security/CVE-2015-3187-advisory.txt

The SHA1 checksums are:

    fabbfa599eb409ba1fc852c83626fc7733802b99 subversion-1.7.21.tar.bz2
    1797ef96d0d6d3dc13491598a649f21640877fd8 subversion-1.7.21.tar.gz
    4c1417b4425cea98ceb998c2ec803ebf7a5398a4 subversion-1.7.21.zip

PGP Signatures are available at:

    http://www.apache.org/dist/subversion/subversion-1.7.21.tar.bz2.asc
    http://www.apache.org/dist/subversion/subversion-1.7.21.tar.gz.asc
    http://www.apache.org/dist/subversion/subversion-1.7.21.zip.asc

For this release, the following people have provided PGP signatures:

   Bert Huijben [4096R/CCC8E1DF] with fingerprint:
    3D1D C66D 6D2E 0B90 3952 8138 C4A6 C625 CCC8 E1DF
   Branko Čibej [4096R/A347943F] with fingerprint:
    BA3C 15B1 337C F0FB 222B D41A 1BCA 6586 A347 943F
   Ivan Zhakov [4096R/F6AD8147] with fingerprint:
    4829 8F0F E47F 4B8A 43FD 6525 919F 6F61 F6AD 8147
   Johan Corveleyn [4096R/010C8AAD] with fingerprint:
    8AA2 C10E EAAD 44F9 6972 7AEA B59C E6D6 010C 8AAD
   Julian Foad [4096R/4EECC493] with fingerprint:
    6011 63CF 9D49 9FD7 18CF 582D 1FB0 64B8 4EEC C493
   Stefan Fuhrmann [4096R/57921ACC] with fingerprint:
    056F 8016 D9B8 7B1B DE41 7467 99EC 741B 5792 1ACC
   Stefan Sperling [2048R/9A59B973] with fingerprint:
    8BC4 DAE0 C5A4 D65F 4044 0107 4F7D BAA9 9A59 B973

Release notes for the 1.7.x release series may be found at:

http://subversion.apache.org/docs/release-notes/1.7.html

You can find the list of changes between 1.7.21 and earlier versions at:

http://svn.apache.org/repos/asf/subversion/tags/1.7.21/CHANGES

Known issues in this release:

    The test suite ("make check") is broken in this release. Most tests log
    an error about an unknown "--httpd-version" option in the tests.log file.
    The following patch can be applied to fix this problem and run the test
    suite properly. This problem will be fixed in the upcoming 1.7.22 release.

[[[
Index: subversion/tests/cmdline/svntest/main.py
===================================================================
--- subversion/tests/cmdline/svntest/main.py (revision 1694010)
+++ subversion/tests/cmdline/svntest/main.py (working copy)
@@ -1582,6 +1582,8 @@ def _create_parser():
                          'useful during test development!')
   parser.add_option('--srcdir', action='store', dest='srcdir',
                     help='Source directory.')
+ parser.add_option('--httpd-version', action='store',
+ help='Assume HTTPD is this version.')

   # most of the defaults are None, but some are other values, set them here
   parser.set_defaults(
]]]

Questions, comments, and bug reports to users_at_subversion.apache.org.

Thanks,
- The Subversion Team
Received on 2015-08-05 22:36:18 CEST

This message: [ Message body ]
Next message: Stefan Sperling: "Apache Subversion 1.9.0 released"
Previous message: Stefan Sperling: "Apache Subversion 1.8.14 released"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]