It is linked against the Subversion library version 1.6.17.
This is a bugfix/maintenance release.
The Subversion library 1.6.17 contains three fixes for security
vulnerabilities which affect the servers. TortoiseSVN is not affected by
those. The vulnerabilities are:
CVE-2011-1752: Server NULL-pointer dereference
CVE-2011-1783: Server memory exhaustion
CVE-2011-1921: mod_dav_svn exposure of unreadable paths
More information on these vulnerabilities, including the relevent
advisories and potential attack vectors and workarounds, can be found on
the Subversion security website:
You can get TortoiseSVN 1.6.16 from our download page:
If you upgrade from a version earlier than 1.6.10, you have to run a
"repair install" right after the upgrade finishes. To do that, run the
installer again and click on the "Repair Installation" button.
I'm sorry about the inconvenience.
If you want to know why the repair install is required, you can read
about the technical details in my post:
The changelog for this release:
- BUG: The bugtraq:number property was not added
automatically to new folders. (Stefan)
- CHG: the in-memory auth cache is now encrypted. (Stefan)
Log in to post a comment.