You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by st...@apache.org on 2021/02/10 13:36:22 UTC
svn commit: r1886387 - in /subversion/site/publish: ./
docs/release-notes/1.10.html docs/release-notes/1.14.html index.html
news.html roadmap.html security/CVE-2020-17525-advisory.txt
security/CVE-2020-17525-advisory.txt.asc security/index.html
Author: stsp
Date: Wed Feb 10 13:36:21 2021
New Revision: 1886387
URL: http://svn.apache.org/viewvc?rev=1886387&view=rev
Log:
* site/publish: Merge everything from staging area.
Added:
subversion/site/publish/security/CVE-2020-17525-advisory.txt
- copied unchanged from r1886386, subversion/site/staging/security/CVE-2020-17525-advisory.txt
subversion/site/publish/security/CVE-2020-17525-advisory.txt.asc
- copied unchanged from r1886386, subversion/site/staging/security/CVE-2020-17525-advisory.txt.asc
Modified:
subversion/site/publish/ (props changed)
subversion/site/publish/docs/release-notes/1.10.html
subversion/site/publish/docs/release-notes/1.14.html
subversion/site/publish/index.html (contents, props changed)
subversion/site/publish/news.html (contents, props changed)
subversion/site/publish/roadmap.html (props changed)
subversion/site/publish/security/index.html
Propchange: subversion/site/publish/
------------------------------------------------------------------------------
Merged /subversion/site/staging:r1878173-1885742,1885744-1886108,1886110-1886386
Modified: subversion/site/publish/docs/release-notes/1.10.html
URL: http://svn.apache.org/viewvc/subversion/site/publish/docs/release-notes/1.10.html?rev=1886387&r1=1886386&r2=1886387&view=diff
==============================================================================
--- subversion/site/publish/docs/release-notes/1.10.html (original)
+++ subversion/site/publish/docs/release-notes/1.10.html Wed Feb 10 13:36:21 2021
@@ -268,22 +268,81 @@ selected while 1.10 combines all the lin
The 1.10 implementation may change in future releases, perhaps to
<a href="/issue/4794">make this case an error</a>.</p>
-<p>The 1.9 implementation combined the global and per-repository rules
-for the same path:</p>
+<p>A fix for <a href="https://issues.apache.org/jira/browse/SVN-4762?issueNumber=4762"
+>Issue #4762</a> may change the way path-based authorization rules are applied
+in some circumstances. See <a href="http://svn.apache.org/r1882326">r1882326</a>.</p>
+
+<p>Background: Subversion 1.10 introduced a new implementation of path-based
+authorization (authz) to deliver wildcard support and improved performance
+over that of Subversion 1.9 and earlier. From Subversion 1.10 through 1.14.0,
+the new implementation did not correctly combine global rules with repository
+rules: if a global rule and a per-repository rule were both present for a
+path, the global rule would be ignored and the per-repository rule would
+apply by itself. As a result, from Subversion 1.10 through 1.14.0, it was not
+possible to override per-path access rules for specific users (or groups) at
+the global level. Administrators whose authz rules rely on this incorrect
+behavior may need to adjust their rules accordingly.
+</p>
+
+<p>This issue is fixed in 1.14.1, making it possible once again to
+override per-path access rules for specific users (and groups) at the global level.
+Such global rules are overridden by repository-specific rules only if both the
+user and the path match the repository-specific rule.</p>
+
+<p>As an example, consider the following rule set:</p>
<pre>
- [/some/path]
- userA = rw
- [repository:/some/path]
- userB = r
+[groups]
+company = developer1, developer2, developer3
+customer = customer1, customer2
+
+# company can read-write on everything
+[/]
+@company = rw
+
+[project1:/]
+@customer = r
+</pre>
+
+<p>
+Does <tt>developer1</tt> have <tt>rw</tt> access to <tt>"/trunk"</tt> in <tt>project1</tt>?
+</p>
+
+<p>
+Subversion servers running 1.10.0 up to 1.10.6 or 1.14.0, without the fix for
+<a href="https://issues.apache.org/jira/browse/SVN-4762?issueNumber=4762"
+>issue #4762</a>, will only apply the repository-specific part of the rule set:</p>
+<pre>
+[project1:/]
+@customer = r
+</pre>
+<p>
+The answer in this case is that <tt>developer1</tt> has no access at all because the
+global rule which grants <tt>rw</tt> access to the <tt>@company</tt> group is ignored.
+</p>
+
+<p>
+Subversion servers running 1.14.1 or later match the behaviour of
+Subversion 1.9, meaning they will apply both the global and the repository-specific
+part of the rule set:</p>
+<pre>
+# company can read-write on everything
+[/]
+@company = rw
+
+[project1:/]
+@customer = r
</pre>
+<p>
+The answer in this case is that <tt>developer1</tt> has <tt>rw</tt> access
+to any path in <tt>project1</tt>.
+Global rules are overridden by repository-specific rules only if both the
+user (<tt>developer1</tt>) and the path (<tt>"/"</tt>, including child paths
+for which no specific rules exist) match the repository-specific rule.
+While the repository-specific rule matches <tt>"/trunk"</tt> it does not
+match <tt>developer1</tt>, and hence the global rule will be used.
+</p>
-<p>In 1.9 this would define access for both <tt>userA</tt>
-and <tt>userB</tt>, in 1.10 the per-repository rule overrides the
-global rule and this only defines access for <tt>userB</tt>. The 1.10
-implementation may change in future releases, but the exact change
-is still being <a href="/issue/4762">discussed</a> on the dev mailing
-list.</p>
</div> <!-- authz-compatibility -->
Modified: subversion/site/publish/docs/release-notes/1.14.html
URL: http://svn.apache.org/viewvc/subversion/site/publish/docs/release-notes/1.14.html?rev=1886387&r1=1886386&r2=1886387&view=diff
==============================================================================
--- subversion/site/publish/docs/release-notes/1.14.html (original)
+++ subversion/site/publish/docs/release-notes/1.14.html Wed Feb 10 13:36:21 2021
@@ -1,4 +1,4 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
@@ -82,7 +82,7 @@ also cases where a new feature will work
the client is new and the server old.</p>
<p>There is <strong>no need</strong> to <a href="http://svnbook.red-bean.com/en/1.8/svn.reposadmin.maint.html#svn.reposadmin.maint.migrate.svnadmin"
->dump and reload</a> your repositories.
+>dump and reload</a> your repositories.
Subversion 1.14 servers can read and write to repositories created by
earlier versions. To upgrade an existing server installation, just install the
newest libraries and binaries on top of the older ones.</p>
@@ -208,7 +208,6 @@ an existing working copy.</p>
</div> <!-- compatibility-shelving -->
-<!-- (This section only makes sense when there are some issues listed in it.)
<div class="h3" id="compat-misc">
<h3>Miscellaneous Compatibility Notes
<a class="sectionlink" href="#compat-misc"
@@ -219,8 +218,90 @@ an existing working copy.</p>
release might necessitate further adjustment by administrators or
users. We'll cover those in this section.</p>
-</div> <!- - compat-misc - ->
--->
+<div class="h4" id="compat-misc-authz">
+<h4>Path-based authorization compatibility
+ <a class="sectionlink" href="#compat-misc-authz"
+ title="Link to this section">¶</a>
+</h4>
+
+<p>A fix for <a href="https://issues.apache.org/jira/browse/SVN-4762?issueNumber=4762"
+>Issue #4762</a> may change the way path-based authorization rules are applied
+in some circumstances. See <a href="http://svn.apache.org/r1882326">r1882326</a>.</p>
+
+<p>Background: Subversion 1.10 introduced a new implementation of path-based
+authorization (authz) to deliver wildcard support and improved performance
+over that of Subversion 1.9 and earlier. From Subversion 1.10 through 1.14.0,
+the new implementation did not correctly combine global rules with repository
+rules: if a global rule and a per-repository rule were both present for a
+path, the global rule would be ignored and the per-repository rule would
+apply by itself. As a result, from Subversion 1.10 through 1.14.0, it was not
+possible to override per-path access rules for specific users (or groups) at
+the global level. Administrators whose authz rules rely on this incorrect
+behavior may need to adjust their rules accordingly.
+</p>
+
+<p>This issue is fixed in 1.14.1, making it possible once again to
+override per-path access rules for specific users (and groups) at the global level.
+Such global rules are overridden by repository-specific rules only if both the
+user and the path match the repository-specific rule.</p>
+
+<p>As an example, consider the following rule set:</p>
+
+<pre>
+[groups]
+company = developer1, developer2, developer3
+customer = customer1, customer2
+
+# company can read-write on everything
+[/]
+@company = rw
+
+[project1:/]
+@customer = r
+</pre>
+
+<p>
+Does <tt>developer1</tt> have <tt>rw</tt> access to <tt>"/trunk"</tt> in <tt>project1</tt>?
+</p>
+
+<p>
+Subversion servers running 1.10.0 up to 1.10.6 or 1.14.0, without the fix for
+<a href="https://issues.apache.org/jira/browse/SVN-4762?issueNumber=4762"
+>issue #4762</a>, will only apply the repository-specific part of the rule set:</p>
+<pre>
+[project1:/]
+@customer = r
+</pre>
+<p>
+The answer in this case is that <tt>developer1</tt> has no access at all because the
+global rule which grants <tt>rw</tt> access to the <tt>@company</tt> group is ignored.
+</p>
+
+<p>
+Subversion servers running 1.14.1 or later match the behaviour of
+Subversion 1.9, meaning they will apply both the global and the repository-specific
+part of the rule set:</p>
+<pre>
+# company can read-write on everything
+[/]
+@company = rw
+
+[project1:/]
+@customer = r
+</pre>
+<p>
+The answer in this case is that <tt>developer1</tt> has <tt>rw</tt> access
+to any path in <tt>project1</tt>.
+Global rules are overridden by repository-specific rules only if both the
+user (<tt>developer1</tt>) and the path (<tt>"/"</tt>, including child paths
+for which no specific rules exist) match the repository-specific rule.
+While the repository-specific rule matches <tt>"/trunk"</tt> it does not
+match <tt>developer1</tt>, and hence the global rule will be used.
+</p>
+
+</div> <!-- compat-misc-authz -->
+
+</div> <!-- compat-misc -->
</div> <!-- compatibility -->
@@ -387,7 +468,7 @@ export SVN_EDITOR
<tt>foo bar.txt</tt>:</p>
<pre>
-$ svn up
+$ svn up
Updating '.':
C foo bar.txt
Updated to revision 2.
@@ -509,7 +590,7 @@ in the working copy, for example.</p>
<li>A problem where the resolver mistakenly
<a href="https://svn.apache.org/r1839662">searched back through
the entire history of the repository</a></li>
-<li>A case where text conflicts were created with the incoming changes
+<li>A case where text conflicts were created with the incoming changes
theirs) and local changes (mine) swapped within text conflict markers. This
caused unexpected results when the <tt>svn resolve</tt> command was used with
the <tt>--accept theirs</tt> or <tt>--accept mine</tt> options. This is fixed
@@ -1291,8 +1372,119 @@ full path of a Python 3 executable pr
</div> <!-- autogen_sh-py2-py3 -->
+<div class="h4" id="issues-py3-testsuite-windows">
+<h4>Test suite broken when run with Python 3 on Windows
+ <a class="sectionlink" href="#issues-py3-testsuite-windows"
+ title="Link to this section">¶</a>
+</h4>
+
+<p>As of 1.14.0, Subversion's test suite does not run correctly with Python 3
+on Windows due to differences in the way that Python 2.7 and Python 3 handle
+End-Of-Line (EOL) conversions, special characters in pathnames, escaping of
+backslashes used in Windows pathnames, and handling of UTF-8 character
+sequences.</p>
+
+<p>Most of these issues are corrected in 1.14.1. See
+<a href="http://svn.apache.org/r1876707">r1876707</a>,
+<a href="http://svn.apache.org/r1876734">r1876734</a>,
+<a href="http://svn.apache.org/r1877318">r1877318</a>,
+<a href="http://svn.apache.org/r1877712">r1877712</a>,
+<a href="http://svn.apache.org/r1878141">r1878141</a>,
+<a href="http://svn.apache.org/r1878142">r1878142</a>,
+<a href="http://svn.apache.org/r1878143">r1878143</a>, and
+<a href="http://svn.apache.org/r1878144">r1878144</a>.</p>
+
+</div> <!-- issues-py3-testsuite-windows -->
+
+<div class="h4" id="issues-py3-windows-os-dup">
+<h4>Cannot redirect test suite output to a log file with Python 3.6 or later on Windows
+ <a class="sectionlink" href="#issues-py3-windows-os-dup"
+ title="Link to this section">¶</a>
+</h4>
+
+<p>This issue affects Subversion 1.14.0 on Windows when using Python 3.6 or
+later due to changes in Python's handling of os.dup2().</p>
+
+<p>When using <tt>win-tests.py</tt> to run Subversion's unit tests on Windows
+and redirecting the output to a log file, the following errors may occur:</p>
+
+<pre>
+Testing Release configuration on local repository.
+[1/1] authz_tests.pyTraceback (most recent call last):
+ File "win-tests.py", line 1126, in <module>
+ failed = th.run(tests_to_run)
+ File "build\run_tests.py",
+line 590, in run
+ failed = self._run_local_schedulers(testlist)
+ File "build\run_tests.py",
+line 536, in _run_local_schedulers
+ failed = self._run_test(testcase, count, testcount) or failed
+ File "build\run_tests.py",
+line 947, in _run_test
+ failed = testcase(progabs, progdir, progbase, test_nums, dots_needed)
+ File "build\run_tests.py",
+line 853, in _run_py_test
+ print("PING")
+OSError: [WinError 6] The handle is invalid
+Exception ignored in: <_io.TextIOWrapper name='<stdout>' mode='w'
+encoding='utf-8'>
+OSError: [WinError 6] The handle is invalid
+</pre>
+
+<p>Two workarounds are available:</p>
+
+<ul>
+<li>Define the <tt>PYTHONLEGACYWINDOWSSTDIO</tt> environment variable as
+described in <a href="https://stackoverflow.com/questions/52373180/python-on-windows-handle-invalid-when-redirecting-stdout-writing-to-file"
+>this Stack Overflow question</a>, or:</li>
+<li>Pass the <tt>--log-to-stdout</tt> switch to <tt>win-tests.py</tt>.</li>
+</ul>
+
+<p>This issue is fixed as of Subversion 1.14.1. See
+<a href="http://svn.apache.org/r1883337">r1883337</a>.</p>
+
+</div> <!-- issues-py3-windows-os-dup -->
+
</div> <!-- python3-work-in-progress -->
+<div class="h3" id="issues-building-without-swig">
+<h3>Installed SWIG prevents building Subversion's Python 3 bindings
+ <a class="sectionlink" href="#issues-building-without-swig"
+ title="Link to this section">¶</a>
+</h3>
+
+<p>When building Subversion from a 1.14.0 distribution tarball, you may not be
+able to build Subversion's language bindings for Python 3 if
+<tt>configure</tt> detects an unsuitable version of SWIG on your system. This
+is a bug because the sources generated by SWIG for Python 3 bindings are
+included with the release.</p>
+
+<p>For this situation, a workaround is available as of 1.14.1: pass the
+<tt>--without-swig</tt> option to <tt>configure</tt>.</p>
+
+<p>See <a href="http://svn.apache.org/r1876662">r1876662</a>.</p>
+
+<p>The workaround does not apply in the following situations:</p>
+
+<ul>
+ <li>building Subversion from sources checked out from the repository, where
+ the SWIG-generated files are not included</li>
+ <li>building Subversion's SWIG bindings for Python 2.x, in which case SWIG
+ is needed to regenerate the language bindings because the included ones
+ target Python 3</li>
+</ul>
+
+<p>In these cases, you will need a suitable version of SWIG:</p>
+
+<ul>
+ <li>To target Python 2: SWIG 2.0.0 through 3.x. (Note that
+ <tt>configure</tt> will allow SWIG 1.3.24 through 3.x, but SWIG 4.0.0 or
+ later are not supported for Python 2.)</li>
+ <li>To target Python 3: SWIG 3.0.10 or later.</li>
+</ul>
+
+</div> <!-- issues-building-without-swig -->
+
<div class="h3" id="ruby-swig-issue-602">
<h3>Ruby bindings require swig 3.0.9
<a class="sectionlink" href="#ruby-swig-issue-602"
@@ -1318,6 +1510,158 @@ patch into their swig-3.0.8 packages.)</
</div> <!-- ruby-swig-issue-602 -->
+<div class="h3" id="issues-javahl-crash">
+<h3>JavaHL crash
+ <a class="sectionlink" href="#issues-javahl-crash"
+ title="Link to this section">¶</a>
+</h3>
+
+<p>Subversion 1.14.0 and earlier may crash when using the JavaHL bindings.</p>
+
+<p>A crash is known to manifest when Subversion is built with GCC 10. The
+failure is detected by the test suite. This issue is fixed as of 1.14.1. See
+<a href="http://svn.apache.org/r1880886">r1880886</a>.</p>
+
+<p>A crash is known to occur when using JDK14. The failure is detected by the
+test suite. This issue is fixed as of 1.14.1. See
+<a href="http://svn.apache.org/r1882115">r1882115</a>.</p>
+
+<p>Several potential crashes in JavaHL TunnelAgent are known which are related
+to exception handling cleanup and garbage-collected Java objects. As of
+1.14.1, new regression tests are introduced to detect these failures and the
+issues have been fixed. See <a href="http://svn.apache.org/r1886029"
+>r1886029</a>.</p>
+
+</p>
+
+</div> <!-- issues-javahl-crash -->
+
+<div class="h3" id="issues-mergeinfo-issue-4859">
+<h3>Merge may fail when removing a folder
+ <a class="sectionlink" href="#issues-mergeinfo-issue-4859"
+ title="Link to this section">¶</a>
+</h3>
+
+<p>Subversion 1.14.0 and earlier could fail to perform a merge that removes a
+folder that has non-inheritable mergeinfo. The merge would fail with:</p>
+
+<pre>
+svn: E155023: Can't set properties on '...': invalid status for updating properties
+</pre>
+
+(See <a href="https://issues.apache.org/jira/browse/SVN-4859">issue #4859</a>.)
+
+<p>This issue is fixed as of Subversion 1.14.1. See
+<a href="http://svn.apache.org/r1878997">r1878997</a>,
+<a href="http://svn.apache.org/r1879192">r1879192</a>,
+<a href="http://svn.apache.org/r1879474">r1879474</a>, and
+<a href="http://svn.apache.org/r1879959">r1879959</a>.</p>
+
+</div> <!-- issues-mergeinfo-issue-4859 -->
+
+<div class="h3" id="issues-filesizes-human-readable">
+<h3>Incorrect file sizes shown with <tt>svn list</tt> command
+ <a class="sectionlink" href="#issues-filesizes-human-readable"
+ title="Link to this section">¶</a>
+</h3>
+
+<p>The <tt>svn list --verbose --human-readable</tt> command
+(<tt>svn ls -vH</tt>) shows file sizes with base-2 unit suffixes (Byte,
+Kilobyte, Megabyte, Gigabyte, etc.), limiting the number of digits to three
+or less.</p>
+
+<p>In Subversion 1.14.0 and earlier, this command may produce incorrect output
+for certain file sizes. If built in Debug mode, the Subversion client may
+abort with an assertion failure:</p>
+
+<pre>
+ svn: subversion/svn/filesize.c:93: format_size: Assertion `absolute_human_readable_size < 1000.0' failed.
+</pre>
+
+<p>This issue is fixed as of Subversion 1.14.1. See
+<a href="http://svn.apache.org/r1878909">r1878909</a>,
+<a href="http://svn.apache.org/r1878918">r1878918</a>, and
+<a href="http://svn.apache.org/r1878950">r1878950</a>.</p>
+
+</div> <!-- issues-filesizes-human-readable -->
+
+<div class="h3" id="issues-authz-4762">
+<h3>Path-based authorization doesn't combine global and per-repository rules
+ <a class="sectionlink" href="#issues-authz-4762"
+ title="Link to this section">¶</a>
+</h3>
+
+<p>Subversion 1.10.0 through 1.14.0 did not combine global and per-repository
+path-based authorization (authz) rules: if a global rule and a per-repository
+rule were both present for a path, the global rule would be ignored and the
+per-repository rule would apply by itself.</p>
+
+<p>This issue is fixed as of 1.14.1. See <a
+href="https://issues.apache.org/jira/browse/SVN-4762?issueNumber=4762"
+>Issue #4762</a> and <a href="http://svn.apache.org/r1882326">r1882326</a>.</p>
+
+<p>See the section <a href="#compat-misc-authz"
+>Path-based authorization compatibility</a> for compatibility notes relating
+to this change.</p>
+
+</div> <!-- issues-authz-4762 -->
+
+<div class="h3" id="issues-sqlite-dqs">
+<h3>SQLite error when upgrading a SVN 1.7 working copy
+ <a class="sectionlink" href="#issues-sqlite-dqs"
+ title="Link to this section">¶</a>
+</h3>
+
+<p>Upgrading a Subversion 1.7 working copy could fail with a SQLite error
+under specific circumstances:</p>
+
+<p>This could occur in Subversion 1.14.0 or older, if built with SQLite 3.29
+or newer, and if SQLite is built without deprecated support for double-quoted
+string literals.</p>
+
+<p>This issue is fixed in Subversion 1.14.1.</p>
+
+<p>See <a href="http://svn.apache.org/r1879198">r1879198</a>.</p>
+
+</div> <!-- issues-sqlite-dqs -->
+
+<div class="h3" id="issues-other">
+<h3>Other issues
+ <a class="sectionlink" href="#issues-other"
+ title="Link to this section">¶</a>
+</h3>
+
+<p>This section lists minor issues that do not fit well elsewhere.</p>
+
+<div class="h4" id="issues-other-c90compat">
+<h4>C90 compatibility fixes
+ <a class="sectionlink" href="#issues-other-c90compat"
+ title="Link to this section">¶</a>
+</h4>
+
+<p>In 1.14.0, several variable declarations in mid-block were reported to
+prevent building Subversion with VC9 (Visual Studio 2008). This issue is fixed
+as of 1.14.1. See <a href="http://svn.apache.org/r1877259">r1877259</a>.</p>
+
+</div> <!-- issues-other-c90compat -->
+
+<div class="h4" id="issues-other-apr-1-4">
+<h4>Restored support for building with APR 1.4
+ <a class="sectionlink" href="#issues-other-apr-1-4"
+ title="Link to this section">¶</a>
+</h4>
+
+<p>Subversion 1.14.0 increased the minimum required version of
+<a href="https://apr.apache.org">APR</a> to 1.5. By request to support
+building Subversion on older operating system distributions such as CentOS 7,
+Subversion 1.14.1 restores support for building with APR 1.4 or newer. See
+<a href="http://svn.apache.org/r1881958">r1881958</a> and
+<a href="http://svn.apache.org/r1882128">r1882128</a>.</p>
+
+</div> <!-- issues-other-apr-1-4 -->
+
+</div> <!-- issues-other -->
+
</div> <!-- issues -->
<!-- (This section only makes sense when there are some issues listed in it.)
Modified: subversion/site/publish/index.html
URL: http://svn.apache.org/viewvc/subversion/site/publish/index.html?rev=1886387&r1=1886386&r2=1886387&view=diff
==============================================================================
--- subversion/site/publish/index.html (original)
+++ subversion/site/publish/index.html Wed Feb 10 13:36:21 2021
@@ -66,6 +66,46 @@
<!-- In general, we'll keep only the most recent 3 or 4 news items here. -->
+<div class="h3" id="news-20210210-1.14.1">
+<h3>2021-02-10 — Apache Subversion 1.14.1 Released
+ <a class="sectionlink" href="#news-20210210-1.14.1"
+ title="Link to this section">¶</a>
+</h3>
+
+<p>We are pleased to announce the release of Apache Subversion 1.14.1.
+ This is the most complete Subversion release to date, and we encourage
+ users of Subversion to upgrade as soon as reasonable.
+ Please see the
+ <a href="https://lists.apache.org/list.html?announce@subversion.apache.org"
+ >release announcement</a> and the
+ <a href="/docs/release-notes/1.14"
+ >release notes</a> for more information about this release.</p>
+
+<p>To get this release from the nearest mirror, please visit our
+ <a href="/download.cgi#recommended-release">download page</a>.</p>
+
+</div> <!-- #news-20210210-1.14.1 -->
+
+<div class="h3" id="news-20210210-1.10.7">
+<h3>2021-02-10 — Apache Subversion 1.10.7 Released
+ <a class="sectionlink" href="#news-20210210-1.10.7"
+ title="Link to this section">¶</a>
+</h3>
+
+<p>We are pleased to announce the release of Apache Subversion 1.10.7.
+ This is the most complete release of the 1.10.x line to date,
+ and we encourage all users to upgrade as soon as reasonable.
+ Please see the
+ <a href="https://lists.apache.org/list.html?announce@subversion.apache.org"
+ >release announcement</a> and the
+ <a href="/docs/release-notes/1.10"
+ >release notes</a> for more information about this release.</p>
+
+<p>To get this release from the nearest mirror, please visit our
+ <a href="/download.cgi#supported-releases">download page</a>.</p>
+
+</div> <!-- #news-20210210-1.10.7 -->
+
<div class="h3" id="news-20200527">
<h3>2020-05-27 — Apache Subversion 1.14.0 Released
<a class="sectionlink" href="#news-20200527"
Propchange: subversion/site/publish/index.html
------------------------------------------------------------------------------
Merged /subversion/site/staging/index.html:r1878173-1886386
Modified: subversion/site/publish/news.html
URL: http://svn.apache.org/viewvc/subversion/site/publish/news.html?rev=1886387&r1=1886386&r2=1886387&view=diff
==============================================================================
--- subversion/site/publish/news.html (original)
+++ subversion/site/publish/news.html Wed Feb 10 13:36:21 2021
@@ -22,6 +22,67 @@
<!-- Maybe we could insert H2's to split up the news items by -->
<!-- calendar year if we felt the need to do so. -->
+<div class="h3" id="news-20210210">
+<h3>2021-02-10 — Apache Subversion Security Advisory
+<a class="sectionlink" href="#news-20210210"
+ title="Link to this section">¶</a>
+</h3>
+
+<p>The recent releases of Apache Subversion 1.14.1 and 1.10.7 contain
+ a fix for a security issue: <a
+ href="/security/CVE-2020-17525-advisory.txt">CVE-2020-17525</a>. This issue
+ affect Subversion 'mod_dav_svn' servers only. We encourage server operators
+ to upgrade to the latest appropriate version as soon as reasonable.
+
+ Please see the <a
+ href="https://lists.apache.org/list.html?announce@subversion.apache.org"
+ >release announcements</a> for more information about the releases.</p>
+
+<p>To get the latest release from the nearest mirror, please visit our
+ <a href="/download.cgi">download page</a>.</p>
+
+</div> <!-- #news-20210210 -->
+
+<div class="h3" id="news-20210210-1.14.1">
+<h3>2021-02-10 — Apache Subversion 1.14.1 Released
+ <a class="sectionlink" href="#news-20210210-1.14.1"
+ title="Link to this section">¶</a>
+</h3>
+
+<p>We are pleased to announce the release of Apache Subversion 1.14.1.
+ This is the most complete Subversion release to date, and we encourage
+ users of Subversion to upgrade as soon as reasonable.
+ Please see the
+ <a href="https://lists.apache.org/list.html?announce@subversion.apache.org"
+ >release announcement</a> and the
+ <a href="/docs/release-notes/1.14"
+ >release notes</a> for more information about this release.</p>
+
+<p>To get this release from the nearest mirror, please visit our
+ <a href="/download.cgi#recommended-release">download page</a>.</p>
+
+</div> <!-- #news-20210210-1.14.1 -->
+
+<div class="h3" id="news-20210210-1.10.7">
+<h3>2021-02-10 — Apache Subversion 1.10.7 Released
+ <a class="sectionlink" href="#news-20210210-1.10.7"
+ title="Link to this section">¶</a>
+</h3>
+
+<p>We are pleased to announce the release of Apache Subversion 1.10.7.
+ This is the most complete release of the 1.10.x line to date,
+ and we encourage all users to upgrade as soon as reasonable.
+ Please see the
+ <a href="https://lists.apache.org/list.html?announce@subversion.apache.org"
+ >release announcement</a> and the
+ <a href="/docs/release-notes/1.10"
+ >release notes</a> for more information about this release.</p>
+
+<p>To get this release from the nearest mirror, please visit our
+ <a href="/download.cgi#supported-releases">download page</a>.</p>
+
+</div> <!-- #news-20210210-1.10.7 -->
+
<div class="h3" id="news-20200527">
<h3>2020-05-27 — Apache Subversion 1.14.0 Released
<a class="sectionlink" href="#news-20200527"
Propchange: subversion/site/publish/news.html
------------------------------------------------------------------------------
Merged /subversion/site/staging/news.html:r1878173-1886386
Propchange: subversion/site/publish/roadmap.html
------------------------------------------------------------------------------
Merged /subversion/site/staging/roadmap.html:r1878173-1886386
Modified: subversion/site/publish/security/index.html
URL: http://svn.apache.org/viewvc/subversion/site/publish/security/index.html?rev=1886387&r1=1886386&r2=1886387&view=diff
==============================================================================
--- subversion/site/publish/security/index.html (original)
+++ subversion/site/publish/security/index.html Wed Feb 10 13:36:21 2021
@@ -306,6 +306,13 @@ clients using http(s)://</td>
<td>Remote unauthenticated denial-of-service in Subversion svnserve.</td>
</tr>
+<tr>
+<td><a href="CVE-2020-17525-advisory.txt">CVE-2020-17525-advisory.txt</a>
+[<a href="CVE-2020-17525-advisory.txt.asc">PGP</a>]</td>
+<td>1.9.0-1.9.10, 1.10.0-1.10.6, 1.11.0-1.11.1, 1.12.0-1.12.2, 1.13.0, 1.14.0</td>
+<td>Remote unauthenticated denial-of-service in mod_authz_svn.</td>
+</tr>
+
</tbody>
</table>