I was checking the release notes found here: https://tortoisesvn.net/downloads.html
The page states that "The current version is 1.14.7" and below it is a link to release notes that do not mention the security fix. Thanks for confirming the fix! Best regards, Jens onsdag den 17. april 2024 kl. 11.16.09 UTC+2 skrev daniel.l...@gmail.com: > onsdag 17 april 2024 kl. 11:09:21 UTC+2 skrev jens.l...@gmail.com: > > Details on vulnerability can be found here: > > https://nvd.nist.gov/vuln/detail/CVE-2024-31497 > > The description mentions specifically: "This also affects, for example, > FileZilla before 3.67.0, WinSCP before 6.3.3, TortoiseGit before 2.15.0.1, > *and > TortoiseSVN through 1.14.6*." > > The release notes for 1.14.7 does not mention this vulnerability. Was that > an oversight or has the vulnerability yet to be fixed? > > > This was fixed by updating PuTTY/plink to version 0.81. > > > Can you mention which release notes you are looking at? > > I think the "What's New in TortoiseSVN 1.14" page is seldom updated for > patch-releases. > > The homepage news item "TortoiseSVN 1.14.7 released" does mention the > security fix. > > The ChangeLog.txt doesn't mention the updated PuTTY Plink, but it > frequently omit this completely. > > Kind regards, > Daniel > -- You received this message because you are subscribed to the Google Groups "TortoiseSVN" group. To unsubscribe from this group and stop receiving emails from it, send an email to tortoisesvn+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/tortoisesvn/0c43d008-09a0-4f6e-a63f-79e15e935ca0n%40googlegroups.com.
