Return-Path: X-Original-To: apmail-announce-archive@www.apache.org Delivered-To: apmail-announce-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 1CFA110E01 for ; Mon, 25 Nov 2013 18:24:08 +0000 (UTC) Received: (qmail 43646 invoked by uid 500); 25 Nov 2013 18:23:44 -0000 Delivered-To: apmail-announce-archive@apache.org Received: (qmail 43010 invoked by uid 500); 25 Nov 2013 18:23:43 -0000 Mailing-List: contact announce-help@apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list announce@apache.org Delivered-To: moderator for announce@apache.org Received: (qmail 62827 invoked by uid 99); 25 Nov 2013 16:51:14 -0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy includes SPF record at spf.trusted-forwarder.org) X-Virus-Scanned: Debian amavisd-new at fornix.brain.org Message-ID: <52937FE1.2030700@apache.org> Date: Mon, 25 Nov 2013 08:50:41 -0800 From: Ben Reser User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:26.0) Gecko/20100101 Thunderbird/26.0 MIME-Version: 1.0 To: Subversion Development , "users@subversion.apache.org" , announce@subversion.apache.org, announce@apache.org Subject: Apache Subversion 1.7.14 released Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Virus-Checked: Checked by ClamAV on apache.org I'm happy to announce the release of Apache Subversion 1.7.14. Please choose the mirror closest to you by visiting: http://subversion.apache.org/download/#recommended-release This release addresses two security issues: CVE-2013-4505: mod_dontdothat does not restrict requests from serf clients. CVE-2013-4558: mod_dav_svn assertion triggered by autoversioning commits. More information on these vulnerabilities, including the relevant advisories and potential attack vectors and workarounds, can be found on the Subversion security website: http://subversion.apache.org/security/ The SHA1 checksums are: 3875467f272cd3e78d12ac57dc42d6e690033494 subversion-1.7.14.zip b35254a844d0b221a3fd8e80974ac75119d77b94 subversion-1.7.14.tar.bz2 0bdea1c7c20598cd4b6869bf00f6df84fd17d769 subversion-1.7.14.tar.gz PGP Signatures are available at: http://www.apache.org/dist/subversion/subversion-1.7.14.tar.bz2.asc http://www.apache.org/dist/subversion/subversion-1.7.14.tar.gz.asc http://www.apache.org/dist/subversion/subversion-1.7.14.zip.asc For this release, the following people have provided PGP signatures: Ben Reser [4096R/16A0DE01] with fingerprint: 19BB CAEF 7B19 B280 A0E2 175E 62D4 8FAD 16A0 DE01 Bert Huijben [4096R/CCC8E1DF] with fingerprint: 3D1D C66D 6D2E 0B90 3952 8138 C4A6 C625 CCC8 E1DF Branko Čibej [2048R/C8628501] with fingerprint: 8769 28CD 4954 EA74 87B6 B96C 29B8 92D0 C862 8501 Branko Čibej [4096R/A347943F] with fingerprint: BA3C 15B1 337C F0FB 222B D41A 1BCA 6586 A347 943F Johan Corveleyn [4096R/010C8AAD] with fingerprint: 8AA2 C10E EAAD 44F9 6972 7AEA B59C E6D6 010C 8AAD Julian Foad [4096R/4EECC493] with fingerprint: 6011 63CF 9D49 9FD7 18CF 582D 1FB0 64B8 4EEC C493 Paul T. Burba [4096R/56F3D7BC] with fingerprint: 1A0F E7C6 B3C5 F8D4 D0C4 A20B 64DD C071 56F3 D7BC Philip Martin [2048R/ED1A599C] with fingerprint: A844 790F B574 3606 EE95 9207 76D7 88E1 ED1A 599C Stefan Fuhrmann [4096R/57921ACC] with fingerprint: 056F 8016 D9B8 7B1B DE41 7467 99EC 741B 5792 1ACC Release notes for the 1.7.x release series may be found at: http://subversion.apache.org/docs/release-notes/1.7.html You can find the list of changes between 1.7.14 and earlier versions at: http://svn.apache.org/repos/asf/subversion/tags/1.7.14/CHANGES Questions, comments, and bug reports to users@subversion.apache.org. Thanks, - The Subversion Team