精华帖 (0) :: 良好帖 (0) :: 新手帖 (0) :: 隐藏帖 (0)
|
|
---|---|
作者 | 正文 |
发表时间:2007-08-29
Subversion 1.4.5 ReleasedAugust 27, 2007Subversion 1.4.5 was released today. You can download the updated CollabNet Subversion binaries immediately. Subversion 1.4.5 contains a fix for a security exploit on Windows clients. This exploit was discovered and reported by researchers at the Colorado Research Institute for Security and Privacy. The only change from Subversion 1.4.4 is the patch for this security exploit. Since the exploit only affects Windows clients, we decided to only release CollabNet Subversion 1.4.5 packages for Windows. There is no point for someone who is already running 1.4.4 on any other operating system to update to 1.4.5. I am not going to give a lot of details about the exploit, you can find more information at various security reporting sites, such as CVE. I will say that it was a legitimate exposure that made it possible for the Subversion client to write files outside the normal working copy. That being said, there are a couple of points to make:
If you are running a Subversion client on Windows, this would include the command line client as well as any graphical client such as TortoiseSVN or Subclipse, then you should definitely go ahead and install this version of Subversion. I would recommend that users of earlier versions such as 1.3.2 or 1.2.3 also install this update immediately. The Subversion 1.4.5 client can talk to any 1.x version of the server, so there is no reason not to update your client (for compatibility: if you have the command line and a GUI client, update them both). Subversion servers are not affected by this exploit. That being said, a Windows server that uses the Subversion client in scripts would still be vulnerable and should be updated to 1.4.5. http://blogs.open.collab.net/svn/2007/08/subversion-145-.html 声明:ITeye文章版权属于作者,受法律保护。没有作者书面许可不得转载。
推荐链接
|
|
返回顶楼 | |
浏览 3209 次