I'm happy to announce the release of Apache Subversion 1.14.5. This is a stable bugfix and security release of the Apache Subversion open source version control system.
Among regular bug fixes, this release fixes CVE-2024-46901: mod_dav_svn denial-of-service via control characters in paths It has been discovered that the patch for CVE-2013-1968 was incomplete and unintentionally left mod_dav_svn vulnerable to control characters in filenames. If a path or a revision-property which contains control characters is committed to a repository then SVN operations served by mod_dav_svn can be disrupted. Reported by: HaoZi, WordPress China Full advisory: https://subversion.apache.org/security/CVE-2024-46901-advisory.txt https://subversion.apache.org/security/CVE-2024-46901-advisory.txt.asc Please choose the mirror closest to you by visiting: https://subversion.apache.org/download.cgi#recommended-release SHA-512 checksums are available at: https://www.apache.org/dist/subversion/subversion-1.14.5.tar.bz2.sha512 https://www.apache.org/dist/subversion/subversion-1.14.5.tar.gz.sha512 https://www.apache.org/dist/subversion/subversion-1.14.5.zip.sha512 PGP Signatures are available at: https://www.apache.org/dist/subversion/subversion-1.14.5.tar.bz2.asc https://www.apache.org/dist/subversion/subversion-1.14.5.tar.gz.asc https://www.apache.org/dist/subversion/subversion-1.14.5.zip.asc For this release, the following people have provided PGP signatures: Stefan Sperling [rsa2048/4F7DBAA99A59B973] with fingerprint: 8BC4 DAE0 C5A4 D65F 4044 0107 4F7D BAA9 9A59 B973 Nathan Hartman (CODE SIGNING KEY) [rsa4096/583F00ADF981C39F] with fingerprint: 3F8E 467C B336 6E30 13E1 120D 583F 00AD F981 C39F Daniel Sahlberg [ed25519/2B4822B4B6340BAC] with fingerprint: 7DC8 A7BF 3747 8FF4 8E33 E85E 2B48 22B4 B634 0BAC Timofei Zhakov (CODE SIGNING KEY) [rsa4096/2A56BB6322864335] with fingerprint: B593 8A45 4FEA DBD4 3565 E85F 2A56 BB63 2286 4335 Johan Corveleyn [rsa4096/B59CE6D6010C8AAD] with fingerprint: 8AA2 C10E EAAD 44F9 6972 7AEA B59C E6D6 010C 8AAD Evgeny Kotkov [rsa4096/B64FFF1209F9FA74] with fingerprint: E7B2 A7F4 EC28 BE9F F8B3 8BA4 B64F FF12 09F9 FA74 These public keys are available at: https://www.apache.org/dist/subversion/subversion-1.14.5.KEYS Release notes for the 1.14.x release series may be found at: https://subversion.apache.org/docs/release-notes/1.14.html You can find the list of changes between 1.14.5 and earlier versions at: https://svn.apache.org/repos/asf/subversion/tags/1.14.5/CHANGES Questions, comments, and bug reports to users@subversion.apache.org. Thanks, - The Subversion Team -- To unsubscribe, please see: https://subversion.apache.org/mailing-lists.html#unsubscribing
