Author: stsp Date: Tue Apr 12 18:52:40 2022 New Revision: 1899789 URL: http://svn.apache.org/viewvc?rev=1899789&view=rev Log: * CHANGES: The fix for CVE-2021-28544 was a server-side fix, not client-side.
Modified: subversion/trunk/CHANGES Modified: subversion/trunk/CHANGES URL: http://svn.apache.org/viewvc/subversion/trunk/CHANGES?rev=1899789&r1=1899788&r2=1899789&view=diff ============================================================================== --- subversion/trunk/CHANGES (original) +++ subversion/trunk/CHANGES Tue Apr 12 18:52:40 2022 @@ -15,12 +15,12 @@ Version 1.14.2 (12 Apr 2022, from /branches/1.14.x) User-visible changes: - Client-side bugfixes: - * Fix CVE-2021-28544: authz protected copyfrom paths regression (r1899227) * Fix -r option documentation for some svnadmin subcommands (r1896877) * Fix error message encoding when system() call fails (r1887641, r1890013) * Fix assertion failure in conflict resolver (r1892470, -471, -541) - Server-side bugfixes: + * Fix CVE-2021-28544: authz protected copyfrom paths regression (r1899227) * Fix CVE-2022-24070: use-after-free in mod_dav_svn (issue #4880) Developer-visible changes: @@ -300,10 +300,10 @@ Version 1.10.8 (12 Apr 2022, from /branches/1.10.x) User-visible changes: - Client-side bugfixes: - * Fix CVE-2021-28544: authz protected copyfrom paths regression (r1899227) * Fix merge assertion failure in svn_sort__array_insert (issue #4840) - Server-side bugfixes: + * Fix CVE-2021-28544: authz protected copyfrom paths regression (r1899227) * Fix CVE-2022-24070: use-after-free in mod_dav_svn (issue #4880) * Fix authz doesn't combine global and repository rules (issue #4762)