Versions up to and including 1.0.4 have a potential denial of service and heap overflow issue related to the parsing of strings in the ‘svn://’ family of access protocols. This affects only sites running svnserve. It does not affect ‘http://’ access; repositories served only by Apache/mod_dav_svn do not have this vulnerability. This release fixes this issue.
Thanks for the news…
Any opinions? Small shop that does mostly Windows programming, about 10 developers.
Subversion really is a step up from CVS. Our customers like how easy apache access control makes it to have security without complicated tunnels, etc. The file renaming is also extremely useful and TortoiseSVN makes the whole thing amazingly easy for Windows users to use.
Check out our Subversion hosting service at http://wush.net/ if you want to try out Subversion. Easy web frontend lets you set up access control. Accounts are set up instantly and come with a one week free trial. You’ll be able to start playing with your repository in 5 minutes
Two new Subversion community resource sites have just recently opened. These should make for a nice reference point for issues such as this:
Subversion Forums: http://www.svnforum.org
Subversion Wiki: http://www.subversionary.org