SVN-4788: DAV doesn't handle control characters in paths
https://issues.apache.org/jira/browse/SVN-4788
If a path with a control character exists in the HEAD revision, operations
involving this path will fail over DAV, until the offending path has been
removed with 'svn rm'.
This bug was initially being tracked as a security issue CVE-2018-1293. Per
recommendation of the Apache Security team, this problem is now being treated
as a non-security issue. The impact is a DoS which can only be triggered by an
authenticated attacker, and is easily resolved with 'svn rm'.
Philip developed a test and a fix (working but incomplete) which is now being
developed in public on the 'dav-path-escape' branch.
Branch creation, with the fix in progress:
https://svn.apache.org/r1846391
Description of the fix on the branch:
https://svn.apache.org/repos/asf/subversion/branches/dav-path-escape/BRANCH-README
"This branch aims to transport control characters in paths over DAV. ..."
--
- Julian
