If you are using CVS 1.10 or CVS 1.11 server *and* client this message does not concern you.
Just a quick reminder that the 'old' versions of CVSNT 2.0 and 2.5 shipped with TortoiseCVS and WinCVS have known security vulnerabilities: https://www.march-hare.com/cvspro/security.htm If you are using WinCVS or TortoiseCVS, then CVSNT is the software that actually does the 'checkout' and 'commit' operations - you can 'see' it running in the 'progress' window. CVSNT is bundled with some copies of WinCVS and all copies of TortoiseCVS. WinCVS is the 'GUI' that gives you the drop down menus etc. and TortoiseCVS gives you the right click menu and the dialog boxes, CVSNT does the version control. In particular the CVSNT client (and hence WinCVS and TortoiseCVS) is susceptible to the recent 'FREAK' SSL bug. CVSNT servers are also affected: https://www.march-hare.com/cvspro/freak.htm CVS Suite 2009R2 (CVSNT 2.8.01) was updated on 30th March 2015 to resolve this. CVS Suite 2009R2 client contains TortoiseCVS, WinCVS, CVS Suite Studio, Release Manager etc. and is compatible with Windows 8, Windows 7, Windows Vista and Windows XP. CVS Suite 2009R2 command line client is compatible with Windows, Mac and Linux. CVS Suite 2009R2 server contains the high performance server service, integration with Jira, Bugzilla and Mantis, failsafe audit, change and merge tracking and is compatible with Linux, Mac, and Windows Server 2012R2, Windows Server 2012, Windows Server 2008R2, Windows Server 2008 and Windows Server 2003. For more information please contact [email protected] Regards, Arthur Barrett Product Manager March Hare Software authors of CVSNT since 2004
