You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by ds...@apache.org on 2021/02/19 06:59:25 UTC
svn commit: r1886685 - in /subversion/site/staging-ng: ./
docs/community-guide/ docs/release-notes/ security/
Author: dsahlberg
Date: Fri Feb 19 06:59:25 2021
New Revision: 1886685
URL: http://svn.apache.org/viewvc?rev=1886685&view=rev
Log:
In site/staging-ng: Catchup merge from site/staging
Added:
subversion/site/staging-ng/security/CVE-2020-17525-advisory.txt
- copied unchanged from r1886684, subversion/site/staging/security/CVE-2020-17525-advisory.txt
subversion/site/staging-ng/security/CVE-2020-17525-advisory.txt.asc
- copied unchanged from r1886684, subversion/site/staging/security/CVE-2020-17525-advisory.txt.asc
Modified:
subversion/site/staging-ng/ (props changed)
subversion/site/staging-ng/contributing.html
subversion/site/staging-ng/doap.rdf
subversion/site/staging-ng/docs/community-guide/releasing.part.html
subversion/site/staging-ng/docs/release-notes/1.10.html
subversion/site/staging-ng/docs/release-notes/1.14.html
subversion/site/staging-ng/docs/release-notes/release-history.html
subversion/site/staging-ng/download.html
subversion/site/staging-ng/faq.html
subversion/site/staging-ng/index.html (contents, props changed)
subversion/site/staging-ng/mailing-lists.html
subversion/site/staging-ng/news.html (contents, props changed)
subversion/site/staging-ng/security/index.html
subversion/site/staging-ng/upcoming.part.html
Propchange: subversion/site/staging-ng/
------------------------------------------------------------------------------
Merged /subversion/site/publish:r1884661-1885717
Merged /subversion/site/staging:r1884661-1886684
Modified: subversion/site/staging-ng/contributing.html
URL: http://svn.apache.org/viewvc/subversion/site/staging-ng/contributing.html?rev=1886685&r1=1886684&r2=1886685&view=diff
==============================================================================
--- subversion/site/staging-ng/contributing.html (original)
+++ subversion/site/staging-ng/contributing.html Fri Feb 19 06:59:25 2021
@@ -222,11 +222,7 @@
beneficial to the developer community — where quality
developers are concerned, "the more, the merrier"! But never
underestimate how valuable this experience can be to you
- personally
- and <a href="http://onlamp.com/pub/a/onlamp/2005/07/14/osdevelopers.html"
- >professionally</a>,
- <a href="http://onlamp.com/pub/a/onlamp/2005/08/01/opensourcedevelopers.html"
- >too</a>.</p>
+ personally and professionally.</p>
</li>
</ul>
Modified: subversion/site/staging-ng/doap.rdf
URL: http://svn.apache.org/viewvc/subversion/site/staging-ng/doap.rdf?rev=1886685&r1=1886684&r2=1886685&view=diff
==============================================================================
--- subversion/site/staging-ng/doap.rdf (original)
+++ subversion/site/staging-ng/doap.rdf Fri Feb 19 06:59:25 2021
@@ -22,7 +22,7 @@
limitations under the License.
-->
<Project rdf:about="http://subversion.apache.org/">
- <created>2010-12-28</created>
+ <created>2000-02-29</created>
<license rdf:resource="http://usefulinc.com/doap/licenses/asl20" />
<name>Apache Subversion</name>
<homepage rdf:resource="http://subversion.apache.org/" />
@@ -37,15 +37,15 @@
<release>
<Version>
<name>Current 1.14 LTS release</name>
- <created>2020-05-27</created>
- <revision>1.14.0</revision>
+ <created>2021-02-10</created>
+ <revision>1.14.1</revision>
</Version>
</release>
<release>
<Version>
<name>Current 1.10 LTS release</name>
- <created>2019-07-24</created>
- <revision>1.10.6</revision>
+ <created>2021-02-10</created>
+ <revision>1.10.7</revision>
</Version>
</release>
<repository>
Modified: subversion/site/staging-ng/docs/community-guide/releasing.part.html
URL: http://svn.apache.org/viewvc/subversion/site/staging-ng/docs/community-guide/releasing.part.html?rev=1886685&r1=1886684&r2=1886685&view=diff
==============================================================================
--- subversion/site/staging-ng/docs/community-guide/releasing.part.html (original)
+++ subversion/site/staging-ng/docs/community-guide/releasing.part.html Fri Feb 19 06:59:25 2021
@@ -1255,80 +1255,25 @@ href="https://reporter.apache.org/addrel
</div> <!-- releasing-upload -->
-<div class="h4" id="releasing-press">
-<h4>Press releases for 1.x.0 releases
- <a class="sectionlink" href="<!--#echo var="GUIDE_RELEASING_PAGE" -->#releasing-press"
- title="Link to this section">¶</a>
-</h4>
-
-<p>New minor releases (numbered 1.x.0) may be accompanied by press releases.
-All details of the prospective press release are handled on the
-<a href="/mailing-lists#private-ml">private@</a> list, in coordination with
-<a href="https://www.apache.org/press/">press@a.o</a>.</p>
-
-<p>As a rule of thumb, start a thread on private@ / press@
-<a href="#release-stabilization">at the start of the soak</a>; it is better
-to give press@ too long an advance warning than too short one.</p>
-
-</div> <!-- releasing-press -->
-
-<div class="h4" id="releasing-announce">
-<h4>Announcing the release
- <a class="sectionlink" href="<!--#echo var="GUIDE_RELEASING_PAGE" -->#releasing-announce"
- title="Link to this section">¶</a>
-</h4>
-
-<p>Write a release announcement, referring to previous ones for
-guidance. Remember to include the URL and checksums in the
-announcement! The <tt>release.py write-announcement</tt> subcommand
-creates a template announcement which can be customized for specific
-circumstances. If the release fixes security issues, pass
-the <tt>--security</tt> flag, in order to generate the correct Subject,
-Cc, and description in the output.</p>
-
-<p>If the community support levels are changing with this
-release, be sure to update the <tt>recommended_release</tt> variable in release.py
-before using it to generate the announcement.</p>
-
-<p>Send the announcement from your @apache.org email address.
-(Mail to announce@ will bounce if sent from any other address.
-For best results, follow the instructions on the
-<a href="https://infra.apache.org/committer-email.html">committer email</a>
-page and send your message through the official mail relay.)
-Ensure that your mailer doesn't wrap the URLs over multiple lines.</p>
-
-<p>NOTE: We announce the release before updating the website since the website
-update links to the release announcement sent to the announce@ mailing list.</p>
-
-<p>There are two announce@ mailing lists where the release announcement gets
-posted: The Subversion project's announce@subversion.apache.org list, and the ASF-wide announce@apache.org
-list. It is possible that your message to the ASF-wide announce@ list will be
-rejected. This generates a moderation notification with a Subject line such as:
-<tt>Returned post for announce@apache.org</tt>. The moderator who ordered the
-mailing list software to reject the message may neglect to sign their name to
-the rejection message, making the rejection anonymous, and the grounds for the
-rejection may be invalid. Be that as it may, keep calm and forward the
-rejection to the dev@ mailing list so the project can discuss whether anything
-needs to be done about it. (If necessary, announce@ mailing list moderators can
-be contacted via the announce-owner@ handle.)</p>
-
-<p>Update the topics in various Subversion-related IRC channels, such as
-<tt>#svn</tt> and <tt>#svn-dev</tt> on freenode.</p>
-
-<p>If this is an X.Y.0 release, update the community support level at the very
-top of the <tt>STATUS</tt> files of any branches that have changed support
-status. This would usually be <tt>X.Y.x/STATUS</tt>,
-<tt>X.$((Y-1)).x/STATUS</tt>, and if the new release is an LTS release, then
-the oldest supported LTS branch's <tt>STATUS</tt> file as well.</p>
-
-</div> <!-- releasing-announce -->
-
<div class="h4" id="releasing-update-website">
<h4>Update the website
<a class="sectionlink" href="<!--#echo var="GUIDE_RELEASING_PAGE" -->#releasing-update-website"
title="Link to this section">¶</a>
</h4>
+<p>Even though the steps below indicate to update the published website
+directly, you may prepare the changes on <tt>^/subversion/site/staging</tt>.
+In that case:</p>
+<ul>
+ <li><p>Do a catch-up merge from <tt>^/subversion/site/publish</tt>.</p></li>
+ <li><p>Commit any changes to <tt>^/subversion/site/staging</tt> and
+ check the results on <a href="https://subversion-staging.apache.org"
+ >https://subversion-staging.apache.org</a>.</p></li>
+ <li><p>When ready to publish, merge the changes back to
+ <tt>^/subversion/site/publish</tt> (review the merge in case there are
+ other changes on staging not ready to be merged).</p></li>
+</ul>
+
<p>For any release, including pre-releases (alpha/beta/rc):</p>
<ul>
<li><p>Edit <tt>^/subversion/site/publish/download.html</tt>
@@ -1344,9 +1289,10 @@ the oldest supported LTS branch's <tt>ST
<tt>^/subversion/site/publish/index.html</tt>, also removing the
oldest News item from that page. Use <tt>release.py write-news</tt> to
generate a template news item, which should then be customized.
- At least fill in the URL to the archived announcement email, and check
- that the date is correct if you generated the template in advance of the
- release date.
+ In the news item there is a section that should contain a link to the
+ announcement mail. For now it is commented out, the link is added later.
+ Check that the date is correct if you generated the template in advance of
+ the release date.
</p></li>
</ul>
@@ -1354,6 +1300,12 @@ the oldest supported LTS branch's <tt>ST
<ul>
<li><p>List the new release on
<tt>^/subversion/site/publish/doap.rdf</tt>
+ </p>
+ <p>There should be a <release> section for each supported minor
+ release with the <created> and <revision> being updated
+ to the current release date and patch release number. Do not change
+ anything else in the file (in particular the <created> under
+ <Project> is the date when the Subversion project was created).
</p></li>
<li><p>List the new release on
<tt>^/subversion/site/publish/docs/release-notes/release-history.html</tt>
@@ -1403,6 +1355,87 @@ svn ci -m "In 'staging': Add $VER API do
</div> <!-- release-update-website -->
+<div class="h4" id="releasing-press">
+<h4>Press releases for 1.x.0 releases
+ <a class="sectionlink" href="<!--#echo var="GUIDE_RELEASING_PAGE" -->#releasing-press"
+ title="Link to this section">¶</a>
+</h4>
+
+<p>New minor releases (numbered 1.x.0) may be accompanied by press releases.
+All details of the prospective press release are handled on the
+<a href="/mailing-lists#private-ml">private@</a> list, in coordination with
+<a href="https://www.apache.org/press/">press@a.o</a>.</p>
+
+<p>As a rule of thumb, start a thread on private@ / press@
+<a href="#release-stabilization">at the start of the soak</a>; it is better
+to give press@ too long an advance warning than too short one.</p>
+
+</div> <!-- releasing-press -->
+
+<div class="h4" id="releasing-announce">
+<h4>Announcing the release
+ <a class="sectionlink" href="<!--#echo var="GUIDE_RELEASING_PAGE" -->#releasing-announce"
+ title="Link to this section">¶</a>
+</h4>
+
+<p>Write a release announcement, referring to previous ones for
+guidance. Remember to include the URL and checksums in the
+announcement! The <tt>release.py write-announcement</tt> subcommand
+creates a template announcement which can be customized for specific
+circumstances. If the release fixes security issues, pass
+the <tt>--security</tt> flag, in order to generate the correct Subject,
+Cc, and description in the output.</p>
+
+<p>If the community support levels are changing with this
+release, be sure to update the <tt>recommended_release</tt> variable in release.py
+before using it to generate the announcement.</p>
+
+<p>Send the announcement from your @apache.org email address.
+(Mail to announce@ will bounce if sent from any other address.
+For best results, follow the instructions on the
+<a href="https://infra.apache.org/committer-email.html">committer email</a>
+page and send your message through the official mail relay.)
+Ensure that your mailer doesn't wrap the URLs over multiple lines.</p>
+
+<p>NOTE: We update the website before announcing the release to make sure any
+links in the release announcement are valid. After announcing the release,
+links to the release announcement e-mail are added to the website.</p>
+
+<p>There are two announce@ mailing lists where the release announcement gets
+posted: The Subversion project's announce@subversion.apache.org list, and the ASF-wide announce@apache.org
+list. It is possible that your message to the ASF-wide announce@ list will be
+rejected. This generates a moderation notification with a Subject line such as:
+<tt>Returned post for announce@apache.org</tt>. The moderator who ordered the
+mailing list software to reject the message may neglect to sign their name to
+the rejection message, making the rejection anonymous, and the grounds for the
+rejection may be invalid. Be that as it may, keep calm and forward the
+rejection to the dev@ mailing list so the project can discuss whether anything
+needs to be done about it. (If necessary, announce@ mailing list moderators can
+be contacted via the announce-owner@ handle.)</p>
+
+<p>Update the topics in various Subversion-related IRC channels, such as
+<tt>#svn</tt> and <tt>#svn-dev</tt> on freenode.</p>
+
+<p>If this is an X.Y.0 release, update the community support level at the very
+top of the <tt>STATUS</tt> files of any branches that have changed support
+status. This would usually be <tt>X.Y.x/STATUS</tt>,
+<tt>X.$((Y-1)).x/STATUS</tt>, and if the new release is an LTS release, then
+the oldest supported LTS branch's <tt>STATUS</tt> file as well.</p>
+
+</div> <!-- releasing-announce -->
+
+<div class="h4" id="website-release-announcement-links">
+<h4>Add links to the release announcement e-mail in the website
+ <a class="sectionlink" href="<!--#echo var="GUIDE_RELEASING_PAGE" -->#website-release-announcement-links"
+ title="Link to this section">¶</a>
+</h4>
+
+<p>Update <tt>^/subversion/site/publish/news.html</tt> and
+<tt>^/subversion/site/publish/index.html</tt>, uncommenting and adding the
+link to the release announcement e-mail.</p>
+
+</div> <!-- website-release-announcement-links -->
+
<p>It is then time for the release manager to go and enjoy his
$favorite_beverage.</p>
Modified: subversion/site/staging-ng/docs/release-notes/1.10.html
URL: http://svn.apache.org/viewvc/subversion/site/staging-ng/docs/release-notes/1.10.html?rev=1886685&r1=1886684&r2=1886685&view=diff
==============================================================================
--- subversion/site/staging-ng/docs/release-notes/1.10.html (original)
+++ subversion/site/staging-ng/docs/release-notes/1.10.html Fri Feb 19 06:59:25 2021
@@ -268,22 +268,81 @@ selected while 1.10 combines all the lin
The 1.10 implementation may change in future releases, perhaps to
<a href="/issue/4794">make this case an error</a>.</p>
-<p>The 1.9 implementation combined the global and per-repository rules
-for the same path:</p>
+<p>A fix for <a href="https://issues.apache.org/jira/browse/SVN-4762?issueNumber=4762"
+>Issue #4762</a> may change the way path-based authorization rules are applied
+in some circumstances. See <a href="http://svn.apache.org/r1882326">r1882326</a>.</p>
+
+<p>Background: Subversion 1.10 introduced a new implementation of path-based
+authorization (authz) to deliver wildcard support and improved performance
+over that of Subversion 1.9 and earlier. From Subversion 1.10 through 1.14.0,
+the new implementation did not correctly combine global rules with repository
+rules: if a global rule and a per-repository rule were both present for a
+path, the global rule would be ignored and the per-repository rule would
+apply by itself. As a result, from Subversion 1.10 through 1.14.0, it was not
+possible to override per-path access rules for specific users (or groups) at
+the global level. Administrators whose authz rules rely on this incorrect
+behavior may need to adjust their rules accordingly.
+</p>
+
+<p>This issue is fixed in 1.14.1, making it possible once again to
+override per-path access rules for specific users (and groups) at the global level.
+Such global rules are overridden by repository-specific rules only if both the
+user and the path match the repository-specific rule.</p>
+
+<p>As an example, consider the following rule set:</p>
<pre>
- [/some/path]
- userA = rw
- [repository:/some/path]
- userB = r
+[groups]
+company = developer1, developer2, developer3
+customer = customer1, customer2
+
+# company can read-write on everything
+[/]
+@company = rw
+
+[project1:/]
+@customer = r
+</pre>
+
+<p>
+Does <tt>developer1</tt> have <tt>rw</tt> access to <tt>"/trunk"</tt> in <tt>project1</tt>?
+</p>
+
+<p>
+Subversion servers running 1.10.0 up to 1.10.6 or 1.14.0, without the fix for
+<a href="https://issues.apache.org/jira/browse/SVN-4762?issueNumber=4762"
+>issue #4762</a>, will only apply the repository-specific part of the rule set:</p>
+<pre>
+[project1:/]
+@customer = r
+</pre>
+<p>
+The answer in this case is that <tt>developer1</tt> has no access at all because the
+global rule which grants <tt>rw</tt> access to the <tt>@company</tt> group is ignored.
+</p>
+
+<p>
+Subversion servers running 1.14.1 or later match the behaviour of
+Subversion 1.9, meaning they will apply both the global and the repository-specific
+part of the rule set:</p>
+<pre>
+# company can read-write on everything
+[/]
+@company = rw
+
+[project1:/]
+@customer = r
</pre>
+<p>
+The answer in this case is that <tt>developer1</tt> has <tt>rw</tt> access
+to any path in <tt>project1</tt>.
+Global rules are overridden by repository-specific rules only if both the
+user (<tt>developer1</tt>) and the path (<tt>"/"</tt>, including child paths
+for which no specific rules exist) match the repository-specific rule.
+While the repository-specific rule matches <tt>"/trunk"</tt> it does not
+match <tt>developer1</tt>, and hence the global rule will be used.
+</p>
-<p>In 1.9 this would define access for both <tt>userA</tt>
-and <tt>userB</tt>, in 1.10 the per-repository rule overrides the
-global rule and this only defines access for <tt>userB</tt>. The 1.10
-implementation may change in future releases, but the exact change
-is still being <a href="/issue/4762">discussed</a> on the dev mailing
-list.</p>
</div> <!-- authz-compatibility -->
Modified: subversion/site/staging-ng/docs/release-notes/1.14.html
URL: http://svn.apache.org/viewvc/subversion/site/staging-ng/docs/release-notes/1.14.html?rev=1886685&r1=1886684&r2=1886685&view=diff
==============================================================================
--- subversion/site/staging-ng/docs/release-notes/1.14.html (original)
+++ subversion/site/staging-ng/docs/release-notes/1.14.html Fri Feb 19 06:59:25 2021
@@ -226,7 +226,7 @@ users. We'll cover those in this sectio
<p>A fix for <a href="https://issues.apache.org/jira/browse/SVN-4762?issueNumber=4762"
>Issue #4762</a> may change the way path-based authorization rules are applied
-in some circumstances.</p>
+in some circumstances. See <a href="http://svn.apache.org/r1882326">r1882326</a>.</p>
<p>Background: Subversion 1.10 introduced a new implementation of path-based
authorization (authz) to deliver wildcard support and improved performance
@@ -236,20 +236,68 @@ rules: if a global rule and a per-reposi
path, the global rule would be ignored and the per-repository rule would
apply by itself. As a result, from Subversion 1.10 through 1.14.0, it was not
possible to override per-path access rules for specific users (or groups) at
-the global level.</p>
+the global level. Administrators whose authz rules rely on this incorrect
+behavior may need to adjust their rules accordingly.
+</p>
+
+<p>This issue is fixed in 1.14.1, making it possible once again to
+override per-path access rules for specific users (and groups) at the global level.
+Such global rules are overridden by repository-specific rules only if both the
+user and the path match the repository-specific rule.</p>
-<p>This issue is fixed in 1.14.1, making it possible once again to override
-per-path access rules for specific users (and groups) at the global level.
-Such global rules are overridden by repository-specific rules only if
-both the user and the path match the repository-specific rule.</p>
+<p>As an example, consider the following rule set:</p>
-<p class="todo">TODO: Show examples of authz syntax and explain how they are
-interpreted before and after the fix.</p>
+<pre>
+[groups]
+company = developer1, developer2, developer3
+customer = customer1, customer2
+
+# company can read-write on everything
+[/]
+@company = rw
-<p>Administrators whose authz rules rely on the incorrect behavior in 1.10
-through 1.14.0 may need to adjust their rules accordingly.</p>
+[project1:/]
+@customer = r
+</pre>
-<p>See <a href="http://svn.apache.org/r1882326">r1882326</a>.
+<p>
+Does <tt>developer1</tt> have <tt>rw</tt> access to <tt>"/trunk"</tt> in <tt>project1</tt>?
+</p>
+
+<p>
+Subversion servers running 1.10.0 up to 1.10.6 or 1.14.0, without the fix for
+<a href="https://issues.apache.org/jira/browse/SVN-4762?issueNumber=4762"
+>issue #4762</a>, will only apply the repository-specific part of the rule set:</p>
+<pre>
+[project1:/]
+@customer = r
+</pre>
+<p>
+The answer in this case is that <tt>developer1</tt> has no access at all because the
+global rule which grants <tt>rw</tt> access to the <tt>@company</tt> group is ignored.
+</p>
+
+<p>
+Subversion servers running 1.14.1 or later match the behaviour of
+Subversion 1.9, meaning they will apply both the global and the repository-specific
+part of the rule set:</p>
+<pre>
+# company can read-write on everything
+[/]
+@company = rw
+
+[project1:/]
+@customer = r
+</pre>
+<p>
+The answer in this case is that <tt>developer1</tt> has <tt>rw</tt> access
+to any path in <tt>project1</tt>.
+Global rules are overridden by repository-specific rules only if both the
+user (<tt>developer1</tt>) and the path (<tt>"/"</tt>, including child paths
+for which no specific rules exist) match the repository-specific rule.
+While the repository-specific rule matches <tt>"/trunk"</tt> it does not
+match <tt>developer1</tt>, and hence the global rule will be used.
+</p>
</div> <!-- compat-misc-authz -->
@@ -1348,6 +1396,55 @@ sequences.</p>
</div> <!-- issues-py3-testsuite-windows -->
+<div class="h4" id="issues-py3-windows-os-dup">
+<h4>Cannot redirect test suite output to a log file with Python 3.6 or later on Windows
+ <a class="sectionlink" href="#issues-py3-windows-os-dup"
+ title="Link to this section">¶</a>
+</h4>
+
+<p>This issue affects Subversion 1.14.0 on Windows when using Python 3.6 or
+later due to changes in Python's handling of os.dup2().</p>
+
+<p>When using <tt>win-tests.py</tt> to run Subversion's unit tests on Windows
+and redirecting the output to a log file, the following errors may occur:</p>
+
+<pre>
+Testing Release configuration on local repository.
+[1/1] authz_tests.pyTraceback (most recent call last):
+ File "win-tests.py", line 1126, in <module>
+ failed = th.run(tests_to_run)
+ File "build\run_tests.py",
+line 590, in run
+ failed = self._run_local_schedulers(testlist)
+ File "build\run_tests.py",
+line 536, in _run_local_schedulers
+ failed = self._run_test(testcase, count, testcount) or failed
+ File "build\run_tests.py",
+line 947, in _run_test
+ failed = testcase(progabs, progdir, progbase, test_nums, dots_needed)
+ File "build\run_tests.py",
+line 853, in _run_py_test
+ print("PING")
+OSError: [WinError 6] The handle is invalid
+Exception ignored in: <_io.TextIOWrapper name='<stdout>' mode='w'
+encoding='utf-8'>
+OSError: [WinError 6] The handle is invalid
+</pre>
+
+<p>Two workarounds are available:</p>
+
+<ul>
+<li>Define the <tt>PYTHONLEGACYWINDOWSSTDIO</tt> environment variable as
+described in <a href="https://stackoverflow.com/questions/52373180/python-on-windows-handle-invalid-when-redirecting-stdout-writing-to-file"
+>this Stack Overflow question</a>, or:</li>
+<li>Pass the <tt>--log-to-stdout</tt> switch to <tt>win-tests.py</tt>.</li>
+</ul>
+
+<p>This issue is fixed as of Subversion 1.14.1. See
+<a href="http://svn.apache.org/r1883337">r1883337</a>.</p>
+
+</div> <!-- issues-py3-windows-os-dup -->
+
</div> <!-- python3-work-in-progress -->
<div class="h3" id="issues-building-without-swig">
@@ -1429,6 +1526,14 @@ failure is detected by the test suite. T
test suite. This issue is fixed as of 1.14.1. See
<a href="http://svn.apache.org/r1882115">r1882115</a>.</p>
+<p>Several potential crashes in JavaHL TunnelAgent are known which are related
+to exception handling cleanup and garbage-collected Java objects. As of
+1.14.1, new regression tests are introduced to detect these failures and the
+issues have been fixed. See <a href="http://svn.apache.org/r1886029"
+>r1886029</a>.</p>
+
+</p>
+
</div> <!-- issues-javahl-crash -->
<div class="h3" id="issues-mergeinfo-issue-4859">
@@ -1487,18 +1592,39 @@ abort with an assertion failure:</p>
</h3>
<p>Subversion 1.10.0 through 1.14.0 did not combine global and per-repository
-rules: if a global rule and a per-repository rule were both present for a
-path, the global rule would be ignored and the per-repository rule would apply
-by itself.</p>
+path-based authorization (authz) rules: if a global rule and a per-repository
+rule were both present for a path, the global rule would be ignored and the
+per-repository rule would apply by itself.</p>
-<p>See <a href="https://issues.apache.org/jira/browse/SVN-4762?issueNumber=4762"
+<p>This issue is fixed as of 1.14.1. See <a
+href="https://issues.apache.org/jira/browse/SVN-4762?issueNumber=4762"
>Issue #4762</a> and <a href="http://svn.apache.org/r1882326">r1882326</a>.</p>
-<p>See <a href="#compat-misc-authz"> for compatibility notes relating to this
-change.</a></p>
+<p>See the section <a href="#compat-misc-authz"
+>Path-based authorization compatibility</a> for compatibility notes relating
+to this change.</p>
</div> <!-- issues-authz-4762 -->
+<div class="h3" id="issues-sqlite-dqs">
+<h3>SQLite error when upgrading a SVN 1.7 working copy
+ <a class="sectionlink" href="#issues-sqlite-dqs"
+ title="Link to this section">¶</a>
+</h3>
+
+<p>Upgrading a Subversion 1.7 working copy could fail with a SQLite error
+under specific circumstances:</p>
+
+<p>This could occur in Subversion 1.14.0 or older, if built with SQLite 3.29
+or newer, and if SQLite is built without deprecated support for double-quoted
+string literals.</p>
+
+<p>This issue is fixed in Subversion 1.14.1.</p>
+
+<p>See <a href="http://svn.apache.org/r1879198">r1879198</a>.</p>
+
+</div> <!-- issues-sqlite-dqs -->
+
<div class="h3" id="issues-other">
<h3>Other issues
<a class="sectionlink" href="#issues-other"
@@ -1519,24 +1645,20 @@ as of 1.14.1. See <a href="http://svn.ap
</div> <!-- issues-other-c90compat -->
-<div class="h4" id="issues-other-sqlite-dqs">
-<h4>Possible SQLite error when upgrading a SVN 1.7 working copy
- <a class="sectionlink" href="#issues-other-sqlite-dqs"
+<div class="h4" id="issues-other-apr-1-4">
+<h4>Restored support for building with APR 1.4
+ <a class="sectionlink" href="#issues-other-apr-1-4"
title="Link to this section">¶</a>
</h4>
-<p>Upgrading a Subversion 1.7 working copy could fail with a SQLite error
-under specific circumstances:</p>
-
-<p>This could occur in Subversion 1.14.0 or older, if built with SQLite 3.29
-or newer, and if SQLite is built without deprecated support for double-quoted
-string literals.</p>
-
-<p>This issue is fixed in Subversion 1.14.1.</p>
-
-<p>See <a href="http://svn.apache.org/r1879198">r1879198</a>.</p>
+<p>Subversion 1.14.0 increased the minimum required version of
+<a href="https://apr.apache.org">APR</a> to 1.5. By request to support
+building Subversion on older operating system distributions such as CentOS 7,
+Subversion 1.14.1 restores support for building with APR 1.4 or newer. See
+<a href="http://svn.apache.org/r1881958">r1881958</a> and
+<a href="http://svn.apache.org/r1882128">r1882128</a>.</p>
-</div> <!-- issues-other-sqlite-dqs -->
+</div> <!-- issues-other-apr-1-4 -->
</div> <!-- issues-other -->
Modified: subversion/site/staging-ng/docs/release-notes/release-history.html
URL: http://svn.apache.org/viewvc/subversion/site/staging-ng/docs/release-notes/release-history.html?rev=1886685&r1=1886684&r2=1886685&view=diff
==============================================================================
--- subversion/site/staging-ng/docs/release-notes/release-history.html (original)
+++ subversion/site/staging-ng/docs/release-notes/release-history.html Fri Feb 19 06:59:25 2021
@@ -31,6 +31,12 @@ Subversion 2.0.</p>
<ul>
<li>
+ <b>Subversion 1.14.1</b> (Wednesday, 10 February 2021): Bugfix/security release.
+ </li>
+ <li>
+ <b>Subversion 1.10.7</b> (Wednesday, 10 February 2021): Bugfix/security release.
+ </li>
+ <li>
<b>Subversion 1.14.0</b> (Wednesday, 27 May 2020): Feature and bugfix release, see the <a href="/docs/release-notes/1.14.html">release notes</a>.
</li>
<li>
Modified: subversion/site/staging-ng/download.html
URL: http://svn.apache.org/viewvc/subversion/site/staging-ng/download.html?rev=1886685&r1=1886684&r2=1886685&view=diff
==============================================================================
--- subversion/site/staging-ng/download.html (original)
+++ subversion/site/staging-ng/download.html Fri Feb 19 06:59:25 2021
@@ -102,7 +102,7 @@ Other mirrors:
title="Link to this section">¶</a>
</h3>
-<p style="font-size: 150%; text-align: center;">Apache Subversion 1.14.0 LTS</p>
+<p style="font-size: 150%; text-align: center;">Apache Subversion 1.14.1 LTS</p>
<table class="centered">
<tr>
<th>File</th>
@@ -111,20 +111,20 @@ Other mirrors:
<th>PGP Public Keys</th>
</tr>
<tr>
- <td><a href="[preferred]subversion/subversion-1.14.0.tar.bz2">subversion-1.14.0.tar.bz2</a></td>
- <td>[<a href="https://www.apache.org/dist/subversion/subversion-1.14.0.tar.bz2.sha512">SHA-512</a>]</td>
- <td>[<a href="https://www.apache.org/dist/subversion/subversion-1.14.0.tar.bz2.asc">PGP signatures</a>]</td>
- <td>[<a href="https://www.apache.org/dist/subversion/subversion-1.14.0.KEYS">PGP keyring</a>]</td>
+ <td><a href="[preferred]subversion/subversion-1.14.1.tar.bz2">subversion-1.14.1.tar.bz2</a></td>
+ <td>[<a href="https://www.apache.org/dist/subversion/subversion-1.14.1.tar.bz2.sha512">SHA-512</a>]</td>
+ <td>[<a href="https://www.apache.org/dist/subversion/subversion-1.14.1.tar.bz2.asc">PGP signatures</a>]</td>
+ <td>[<a href="https://www.apache.org/dist/subversion/subversion-1.14.1.KEYS">PGP keyring</a>]</td>
</tr><tr>
- <td><a href="[preferred]subversion/subversion-1.14.0.tar.gz">subversion-1.14.0.tar.gz</a></td>
- <td>[<a href="https://www.apache.org/dist/subversion/subversion-1.14.0.tar.gz.sha512">SHA-512</a>]</td>
- <td>[<a href="https://www.apache.org/dist/subversion/subversion-1.14.0.tar.gz.asc">PGP signatures</a>]</td>
- <td>[<a href="https://www.apache.org/dist/subversion/subversion-1.14.0.KEYS">PGP keyring</a>]</td>
+ <td><a href="[preferred]subversion/subversion-1.14.1.tar.gz">subversion-1.14.1.tar.gz</a></td>
+ <td>[<a href="https://www.apache.org/dist/subversion/subversion-1.14.1.tar.gz.sha512">SHA-512</a>]</td>
+ <td>[<a href="https://www.apache.org/dist/subversion/subversion-1.14.1.tar.gz.asc">PGP signatures</a>]</td>
+ <td>[<a href="https://www.apache.org/dist/subversion/subversion-1.14.1.KEYS">PGP keyring</a>]</td>
</tr><tr>
- <td><a href="[preferred]subversion/subversion-1.14.0.zip">subversion-1.14.0.zip</a></td>
- <td>[<a href="https://www.apache.org/dist/subversion/subversion-1.14.0.zip.sha512">SHA-512</a>]</td>
- <td>[<a href="https://www.apache.org/dist/subversion/subversion-1.14.0.zip.asc">PGP signatures</a>]</td>
- <td>[<a href="https://www.apache.org/dist/subversion/subversion-1.14.0.KEYS">PGP keyring</a>]</td>
+ <td><a href="[preferred]subversion/subversion-1.14.1.zip">subversion-1.14.1.zip</a></td>
+ <td>[<a href="https://www.apache.org/dist/subversion/subversion-1.14.1.zip.sha512">SHA-512</a>]</td>
+ <td>[<a href="https://www.apache.org/dist/subversion/subversion-1.14.1.zip.asc">PGP signatures</a>]</td>
+ <td>[<a href="https://www.apache.org/dist/subversion/subversion-1.14.1.KEYS">PGP keyring</a>]</td>
</tr>
</table>
@@ -136,31 +136,29 @@ Other mirrors:
title="Link to this section">¶</a>
</h3>
-<p style="font-size: 150%; text-align: center;">Apache Subversion 1.10.6 LTS</p>
+<p style="font-size: 150%; text-align: center;">Apache Subversion 1.10.7 LTS</p>
<table class="centered">
<tr>
<th>File</th>
<th>Checksum (SHA512)</th>
<th>Signatures</th>
+ <th>PGP Public Keys</th>
</tr>
<tr>
- <td><a href="[preferred]subversion/subversion-1.10.6.tar.bz2">subversion-1.10.6.tar.bz2</a></td>
- <!-- The sha512 line does not have a class="checksum" since the link needn't
- be rendered in monospace. -->
- <td>[<a href="https://www.apache.org/dist/subversion/subversion-1.10.6.tar.bz2.sha512">SHA-512</a>]</td>
- <td>[<a href="https://www.apache.org/dist/subversion/subversion-1.10.6.tar.bz2.asc">PGP</a>]</td>
+ <td><a href="[preferred]subversion/subversion-1.10.7.tar.bz2">subversion-1.10.7.tar.bz2</a></td>
+ <td>[<a href="https://www.apache.org/dist/subversion/subversion-1.10.7.tar.bz2.sha512">SHA-512</a>]</td>
+ <td>[<a href="https://www.apache.org/dist/subversion/subversion-1.10.7.tar.bz2.asc">PGP signatures</a>]</td>
+ <td>[<a href="https://www.apache.org/dist/subversion/subversion-1.10.7.KEYS">PGP keyring</a>]</td>
</tr><tr>
- <td><a href="[preferred]subversion/subversion-1.10.6.tar.gz">subversion-1.10.6.tar.gz</a></td>
- <!-- The sha512 line does not have a class="checksum" since the link needn't
- be rendered in monospace. -->
- <td>[<a href="https://www.apache.org/dist/subversion/subversion-1.10.6.tar.gz.sha512">SHA-512</a>]</td>
- <td>[<a href="https://www.apache.org/dist/subversion/subversion-1.10.6.tar.gz.asc">PGP</a>]</td>
+ <td><a href="[preferred]subversion/subversion-1.10.7.tar.gz">subversion-1.10.7.tar.gz</a></td>
+ <td>[<a href="https://www.apache.org/dist/subversion/subversion-1.10.7.tar.gz.sha512">SHA-512</a>]</td>
+ <td>[<a href="https://www.apache.org/dist/subversion/subversion-1.10.7.tar.gz.asc">PGP signatures</a>]</td>
+ <td>[<a href="https://www.apache.org/dist/subversion/subversion-1.10.7.KEYS">PGP keyring</a>]</td>
</tr><tr>
- <td><a href="[preferred]subversion/subversion-1.10.6.zip">subversion-1.10.6.zip</a></td>
- <!-- The sha512 line does not have a class="checksum" since the link needn't
- be rendered in monospace. -->
- <td>[<a href="https://www.apache.org/dist/subversion/subversion-1.10.6.zip.sha512">SHA-512</a>]</td>
- <td>[<a href="https://www.apache.org/dist/subversion/subversion-1.10.6.zip.asc">PGP</a>]</td>
+ <td><a href="[preferred]subversion/subversion-1.10.7.zip">subversion-1.10.7.zip</a></td>
+ <td>[<a href="https://www.apache.org/dist/subversion/subversion-1.10.7.zip.sha512">SHA-512</a>]</td>
+ <td>[<a href="https://www.apache.org/dist/subversion/subversion-1.10.7.zip.asc">PGP signatures</a>]</td>
+ <td>[<a href="https://www.apache.org/dist/subversion/subversion-1.10.7.KEYS">PGP keyring</a>]</td>
</tr>
</table>
Modified: subversion/site/staging-ng/faq.html
URL: http://svn.apache.org/viewvc/subversion/site/staging-ng/faq.html?rev=1886685&r1=1886684&r2=1886685&view=diff
==============================================================================
--- subversion/site/staging-ng/faq.html (original)
+++ subversion/site/staging-ng/faq.html Fri Feb 19 06:59:25 2021
@@ -713,8 +713,7 @@ other resources available:</p>
<a href="https://webchat.freenode.net/?channels=#svn">web interface</a>
or <a href="https://matrix.to/#/#freenode_#svn:matrix.org">Matrix</a>
or any IRC software; archived
- <a href="https://colabti.org/irclogger/irclogger_logs/svn">1</a>,
- <a href="https://wilderness.apache.org/channels/#logs-#svn">2</a>)
+ <a href="https://colabti.org/irclogger/irclogger_logs/svn">here</a>)
</li>
<li><a href="https://www.svnforum.org/">svnforum.org</a>, an unofficial
<b>web-based forum</b> with approximately the same target audience as the
Modified: subversion/site/staging-ng/index.html
URL: http://svn.apache.org/viewvc/subversion/site/staging-ng/index.html?rev=1886685&r1=1886684&r2=1886685&view=diff
==============================================================================
--- subversion/site/staging-ng/index.html (original)
+++ subversion/site/staging-ng/index.html Fri Feb 19 06:59:25 2021
@@ -66,6 +66,67 @@
<!-- In general, we'll keep only the most recent 3 or 4 news items here. -->
+<div class="h3" id="news-20210210">
+<h3>2021-02-10 — Apache Subversion Security Advisory
+<a class="sectionlink" href="#news-20210210"
+ title="Link to this section">¶</a>
+</h3>
+
+<p>The recent releases of Apache Subversion 1.14.1 and 1.10.7 contain
+ a fix for a security issue: <a
+ href="/security/CVE-2020-17525-advisory.txt">CVE-2020-17525</a>. This issue
+ affect Subversion 'mod_dav_svn' servers only. We encourage server operators
+ to upgrade to the latest appropriate version as soon as reasonable.
+
+ Please see the <a
+ href="https://lists.apache.org/list.html?announce@subversion.apache.org"
+ >release announcements</a> for more information about the releases.</p>
+
+<p>To get the latest release from the nearest mirror, please visit our
+ <a href="/download.cgi">download page</a>.</p>
+
+</div> <!-- #news-20210210 -->
+
+<div class="h3" id="news-20210210-1.14.1">
+<h3>2021-02-10 — Apache Subversion 1.14.1 Released
+ <a class="sectionlink" href="#news-20210210-1.14.1"
+ title="Link to this section">¶</a>
+</h3>
+
+<p>We are pleased to announce the release of Apache Subversion 1.14.1.
+ This is the most complete Subversion release to date, and we encourage
+ users of Subversion to upgrade as soon as reasonable.
+ Please see the
+ <a href="https://lists.apache.org/thread.html/rd55a46419a0ee994c9290cb2d5149d94f834584f1d78135390a4095b%40%3Cannounce.subversion.apache.org%3E"
+ >release announcement</a> and the
+ <a href="/docs/release-notes/1.14"
+ >release notes</a> for more information about this release.</p>
+
+<p>To get this release from the nearest mirror, please visit our
+ <a href="/download.cgi#recommended-release">download page</a>.</p>
+
+</div> <!-- #news-20210210-1.14.1 -->
+
+<div class="h3" id="news-20210210-1.10.7">
+<h3>2021-02-10 — Apache Subversion 1.10.7 Released
+ <a class="sectionlink" href="#news-20210210-1.10.7"
+ title="Link to this section">¶</a>
+</h3>
+
+<p>We are pleased to announce the release of Apache Subversion 1.10.7.
+ This is the most complete release of the 1.10.x line to date,
+ and we encourage all users to upgrade as soon as reasonable.
+ Please see the
+ <a href="https://lists.apache.org/thread.html/r86eb93bd4e12c126203f61e9bd42f9a3905117842b481d20e15fd61f%40%3Cannounce.subversion.apache.org%3E"
+ >release announcement</a> and the
+ <a href="/docs/release-notes/1.10"
+ >release notes</a> for more information about this release.</p>
+
+<p>To get this release from the nearest mirror, please visit our
+ <a href="/download.cgi#supported-releases">download page</a>.</p>
+
+</div> <!-- #news-20210210-1.10.7 -->
+
<div class="h3" id="news-20200527">
<h3>2020-05-27 — Apache Subversion 1.14.0 Released
<a class="sectionlink" href="#news-20200527"
Propchange: subversion/site/staging-ng/index.html
------------------------------------------------------------------------------
Merged /subversion/site/staging/index.html:r1884661-1886684
Modified: subversion/site/staging-ng/mailing-lists.html
URL: http://svn.apache.org/viewvc/subversion/site/staging-ng/mailing-lists.html?rev=1886685&r1=1886684&r2=1886685&view=diff
==============================================================================
--- subversion/site/staging-ng/mailing-lists.html (original)
+++ subversion/site/staging-ng/mailing-lists.html Fri Feb 19 06:59:25 2021
@@ -9,7 +9,7 @@
</style>
</head>
-<body>
+<body onload="document.getElementById('q').value = document.getElementById('q').value.replace(/inurl:subversion /gi, '');">
<!--#include virtual="/site-banner.html" -->
<!--#include virtual="/site-nav.html" -->
<div id="site-content">
@@ -34,8 +34,8 @@
<!-- SiteSearch Google -->
<form method="get" action="https://www.google.com/custom">
<p>
- <input type="hidden" name="domains" value="svn.haxx.se" />
- <input type="hidden" name="sitesearch" value="svn.haxx.se" />
+ <input type="hidden" name="domains" value="mail-archives.apache.org" />
+ <input type="hidden" name="sitesearch" value="mail-archives.apache.org" />
<input type="hidden" name="client" value="pub-9313125053076989" />
<input type="hidden" name="forid" value="1" />
<input type="hidden" name="channel" value="8989477434" />
@@ -43,8 +43,16 @@
<input type="hidden" name="oe" value="ISO-8859-1" />
<input type="hidden" name="cof" value="GALT:#0066CC;GL:1;DIV:#999999;VLC:336633;AH:center;BGC:FFFFFF;LBGC:FF9900;ALC:0066CC;LC:0066CC;T:000000;GFNT:666666;GIMP:666666;FORID:1;" />
<input type="hidden" name="hl" value="en" />
- <input type="text" name="q" size="31" maxlength="255" value="" />
- <input type="submit" name="sa" value="Search the archives" />
+ <!--
+ The value inurl:subversion is because Google sitesearch doesn't provide
+ a way to search just a subdirectory of a site, and we don't want matches
+ in other mailing lists at mail-archives.a.o.
+ For browsers without javascript the default value is there as a help.
+ For browsers with javascript the value is removed in body.onload and added
+ on submit to decrease clutter for the users.
+ -->
+ <input type="text" name="q" size="31" maxlength="255" value="inurl:subversion " id="q"/>
+ <input type="submit" name="sa" value="Search the archives" onclick="if (!document.getElementById('q').value.includes('inurl:subversion ')) { document.getElementById('q').value = 'inurl:subversion '+document.getElementById('q').value; }"/>
</p>
</form>
<!-- SiteSearch Google -->
@@ -149,7 +157,7 @@ delay for your post to appear (see below
<li><a href="https://lists.apache.org/list.html?users@subversion.apache.org"
>lists.apache.org</a> (searchable)</li>
<li><a href="https://svn.haxx.se/users/"
- >svn.haxx.se</a></li>
+ >svn.haxx.se</a> (archives up to December 2020, no longer updated)</li>
<li><a href="nntps://news.gmane.org/gmane.comp.version-control.subversion.user"
>news.gmane.org</a> (NNTP/SSL)</li>
</ul></td>
@@ -211,7 +219,7 @@ delay for your post to appear (see below
<li><a href="https://lists.apache.org/list.html?dev@subversion.apache.org"
>lists.apache.org</a> (searchable)</li>
<li><a href="https://svn.haxx.se/dev/"
- >svn.haxx.se</a></li>
+ >svn.haxx.se</a> (archives up to December 2020, no longer updated)</li>
<li><a href="nntps://news.gmane.org/gmane.comp.version-control.subversion.devel"
>news.gmane.org</a> (NNTP/SSL)</li>
</ul></td>
Modified: subversion/site/staging-ng/news.html
URL: http://svn.apache.org/viewvc/subversion/site/staging-ng/news.html?rev=1886685&r1=1886684&r2=1886685&view=diff
==============================================================================
--- subversion/site/staging-ng/news.html (original)
+++ subversion/site/staging-ng/news.html Fri Feb 19 06:59:25 2021
@@ -22,6 +22,67 @@
<!-- Maybe we could insert H2's to split up the news items by -->
<!-- calendar year if we felt the need to do so. -->
+<div class="h3" id="news-20210210">
+<h3>2021-02-10 — Apache Subversion Security Advisory
+<a class="sectionlink" href="#news-20210210"
+ title="Link to this section">¶</a>
+</h3>
+
+<p>The recent releases of Apache Subversion 1.14.1 and 1.10.7 contain
+ a fix for a security issue: <a
+ href="/security/CVE-2020-17525-advisory.txt">CVE-2020-17525</a>. This issue
+ affect Subversion 'mod_dav_svn' servers only. We encourage server operators
+ to upgrade to the latest appropriate version as soon as reasonable.
+
+ Please see the <a
+ href="https://lists.apache.org/list.html?announce@subversion.apache.org"
+ >release announcements</a> for more information about the releases.</p>
+
+<p>To get the latest release from the nearest mirror, please visit our
+ <a href="/download.cgi">download page</a>.</p>
+
+</div> <!-- #news-20210210 -->
+
+<div class="h3" id="news-20210210-1.14.1">
+<h3>2021-02-10 — Apache Subversion 1.14.1 Released
+ <a class="sectionlink" href="#news-20210210-1.14.1"
+ title="Link to this section">¶</a>
+</h3>
+
+<p>We are pleased to announce the release of Apache Subversion 1.14.1.
+ This is the most complete Subversion release to date, and we encourage
+ users of Subversion to upgrade as soon as reasonable.
+ Please see the
+ <a href="https://lists.apache.org/thread.html/rd55a46419a0ee994c9290cb2d5149d94f834584f1d78135390a4095b%40%3Cannounce.subversion.apache.org%3E"
+ >release announcement</a> and the
+ <a href="/docs/release-notes/1.14"
+ >release notes</a> for more information about this release.</p>
+
+<p>To get this release from the nearest mirror, please visit our
+ <a href="/download.cgi#recommended-release">download page</a>.</p>
+
+</div> <!-- #news-20210210-1.14.1 -->
+
+<div class="h3" id="news-20210210-1.10.7">
+<h3>2021-02-10 — Apache Subversion 1.10.7 Released
+ <a class="sectionlink" href="#news-20210210-1.10.7"
+ title="Link to this section">¶</a>
+</h3>
+
+<p>We are pleased to announce the release of Apache Subversion 1.10.7.
+ This is the most complete release of the 1.10.x line to date,
+ and we encourage all users to upgrade as soon as reasonable.
+ Please see the
+ <a href="https://lists.apache.org/thread.html/r86eb93bd4e12c126203f61e9bd42f9a3905117842b481d20e15fd61f%40%3Cannounce.subversion.apache.org%3E"
+ >release announcement</a> and the
+ <a href="/docs/release-notes/1.10"
+ >release notes</a> for more information about this release.</p>
+
+<p>To get this release from the nearest mirror, please visit our
+ <a href="/download.cgi#supported-releases">download page</a>.</p>
+
+</div> <!-- #news-20210210-1.10.7 -->
+
<div class="h3" id="news-20200527">
<h3>2020-05-27 — Apache Subversion 1.14.0 Released
<a class="sectionlink" href="#news-20200527"
Propchange: subversion/site/staging-ng/news.html
------------------------------------------------------------------------------
Merged /subversion/site/staging/news.html:r1884661-1886684
Modified: subversion/site/staging-ng/security/index.html
URL: http://svn.apache.org/viewvc/subversion/site/staging-ng/security/index.html?rev=1886685&r1=1886684&r2=1886685&view=diff
==============================================================================
--- subversion/site/staging-ng/security/index.html (original)
+++ subversion/site/staging-ng/security/index.html Fri Feb 19 06:59:25 2021
@@ -306,6 +306,13 @@ clients using http(s)://</td>
<td>Remote unauthenticated denial-of-service in Subversion svnserve.</td>
</tr>
+<tr>
+<td><a href="CVE-2020-17525-advisory.txt">CVE-2020-17525-advisory.txt</a>
+[<a href="CVE-2020-17525-advisory.txt.asc">PGP</a>]</td>
+<td>1.9.0-1.9.10, 1.10.0-1.10.6, 1.11.0-1.11.1, 1.12.0-1.12.2, 1.13.0, 1.14.0</td>
+<td>Remote unauthenticated denial-of-service in mod_authz_svn.</td>
+</tr>
+
</tbody>
</table>
Modified: subversion/site/staging-ng/upcoming.part.html
URL: http://svn.apache.org/viewvc/subversion/site/staging-ng/upcoming.part.html?rev=1886685&r1=1886684&r2=1886685&view=diff
==============================================================================
--- subversion/site/staging-ng/upcoming.part.html (original)
+++ subversion/site/staging-ng/upcoming.part.html Fri Feb 19 06:59:25 2021
@@ -339,6 +339,33 @@ Merge the <a href="https://svn.apache.or
+1: futatuki, jcorvel, hartmannathan
------------------------------------------------------------------------
+<a href="https://svn.apache.org/r1884665">r1884665</a> | svn-role | 2020-12-21 04:00:12 +0000 (Mon, 21 Dec 2020) | 10 lines
+
+Merge <a href="https://svn.apache.org/r1884642">r1884642</a> from trunk:
+
+ * <a href="https://svn.apache.org/r1884642">r1884642</a>
+ Fix win-tests.py is unable to load Python bindings with debug configuration
+ since Python 3.5.
+ Justification:
+ Allow unit tests with debug configuration on Windows.
+ Votes:
+ +1: jun66j5, jcorvel
+
+------------------------------------------------------------------------
+<a href="https://svn.apache.org/r1885507">r1885507</a> | svn-role | 2021-01-15 04:00:13 +0000 (Fri, 15 Jan 2021) | 11 lines
+
+Merge <a href="https://svn.apache.org/r1885112">r1885112</a> from trunk:
+
+ * <a href="https://svn.apache.org/r1885112">r1885112</a>
+ swig-py: Fix a typo in tests.
+ Justification:
+ This typo causes DeprecationWarning since Python 3.6 and it will be
+ Syntax error.
+ Votes:
+ +1: futatuki
+ +0: jcorvel
+
+------------------------------------------------------------------------
</pre>
<p>Further changes currently under consideration are listed in each release line's