You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@subversion.apache.org by Ben Reser <br...@apache.org> on 2014/08/11 17:52:23 UTC

Apache Subversion 1.7.18 released

I'm happy to announce the release of Apache Subversion 1.7.18.

This release addresses two security issues:
    CVE-2014-3522: ra_serf improper validation of wildcards in SSL certs.
    CVE-2014-3528: credentials cached with svn may be sent to wrong server.

Please choose the mirror closest to you by visiting:

    http://subversion.apache.org/download/#supported-releases

The SHA1 checksums are:

    09fa636f2c59a5a4bc965def814645a2841e1b91 subversion-1.7.18.zip
    96873512eeb196e5ba6435fbffb24ba284bfcf84 subversion-1.7.18.tar.gz
    56bd2b413950c916642bb4c280690da875d3c745 subversion-1.7.18.tar.bz2

PGP Signatures are available at:

    http://www.apache.org/dist/subversion/subversion-1.7.18.tar.bz2.asc
    http://www.apache.org/dist/subversion/subversion-1.7.18.tar.gz.asc
    http://www.apache.org/dist/subversion/subversion-1.7.18.zip.asc

For this release, the following people have provided PGP signatures:

   Ben Reser [4096R/16A0DE01] with fingerprint:
    19BB CAEF 7B19 B280 A0E2  175E 62D4 8FAD 16A0 DE01
   Bert Huijben [4096R/CCC8E1DF] with fingerprint:
    3D1D C66D 6D2E 0B90 3952  8138 C4A6 C625 CCC8 E1DF
   Branko Čibej [2048R/C8628501] with fingerprint:
    8769 28CD 4954 EA74 87B6  B96C 29B8 92D0 C862 8501
   Branko Čibej [4096R/A347943F] with fingerprint:
    BA3C 15B1 337C F0FB 222B  D41A 1BCA 6586 A347 943F
   Ivan Zhakov [4096R/F6AD8147] with fingerprint:
    4829 8F0F E47F 4B8A 43FD  6525 919F 6F61 F6AD 8147
   Paul T. Burba [4096R/56F3D7BC] with fingerprint:
    1A0F E7C6 B3C5 F8D4 D0C4  A20B 64DD C071 56F3 D7BC
   Philip Martin [2048R/ED1A599C] with fingerprint:
    A844 790F B574 3606 EE95  9207 76D7 88E1 ED1A 599C
   Stefan Fuhrmann [4096R/57921ACC] with fingerprint:
    056F 8016 D9B8 7B1B DE41  7467 99EC 741B 5792 1ACC

Release notes for the 1.7.x release series may be found at:

    http://subversion.apache.org/docs/release-notes/1.7.html

You can find the list of changes between 1.7.18 and earlier versions at:

    http://svn.apache.org/repos/asf/subversion/tags/1.7.18/CHANGES

Questions, comments, and bug reports to users@subversion.apache.org.

Thanks,
- The Subversion Team

Re: Apache Subversion 1.7.18 released

Posted by Nico Kadel-Garcia <nk...@gmail.com>.

On Mon, Aug 11, 2014 at 11:52 AM, Ben Reser <br...@apache.org> wrote:
> I'm happy to announce the release of Apache Subversion 1.7.18.
>
> This release addresses two security issues:
>     CVE-2014-3522: ra_serf improper validation of wildcards in SSL certs.
>     CVE-2014-3528: credentials cached with svn may be sent to wrong server.

For RHEL 6 users, or CentOS or Scientific Linux users, I've updated my
hooks for building Subversion  1.7 RPM.s at
https://github.com/nkadel/subversion-1.7.x-srpm. Look for tag
v1.7.18-0.1 for the 1.7.18 build.

                    Nico Kadel-Garcia <nk...@gmail.com>

Re: Apache Subversion 1.7.18 released

Posted by Nico Kadel-Garcia <nk...@gmail.com>.

On Mon, Aug 11, 2014 at 11:52 AM, Ben Reser <br...@apache.org> wrote:
> I'm happy to announce the release of Apache Subversion 1.7.18.
>
> This release addresses two security issues:
>     CVE-2014-3522: ra_serf improper validation of wildcards in SSL certs.
>     CVE-2014-3528: credentials cached with svn may be sent to wrong server.

For RHEL 6 users, or CentOS or Scientific Linux users, I've updated my
hooks for building Subversion  1.7 RPM.s at
https://github.com/nkadel/subversion-1.7.x-srpm. Look for tag
v1.7.18-0.1 for the 1.7.18 build.

                    Nico Kadel-Garcia <nk...@gmail.com>