The Apache Subversion Project has released two new versions of Subversion. Both versions are fixing the issues CVE-2013-2112 and CVE-2013-2088. Issue 2112 is a security issue and allows a DoS attac against the svnserve, which is the internal svn server. If Apache https is used as the server for remote accessent the repository this issue shouldn’t bringe you in trouble – otherwise it’s time for an update.

Apache Subversion 1.6 is still maintained, but because of the features of 1.7 you should think about an upgrade. Some of the new features are: metadata handling improvements, network performance improvements (http), new command svn patch to apply unidiff patches, … You can upgrade the server and use the old 1.6 clients.

The subversion project has also announced the rc2 of 1.8. It is the first public release candidate of Subversion 1.8.0 (rc1 was not publicly released). It is thought to be free of blocking issues, and if none are found will become the final release. “RC” stands for “Release Candidate”