Eli

Version 1.6.13 of Subversion has been released, this is a bugfix release, part of the 1.6.x release series.
This release includes a fix which addresses CVE-2010-3315, a security issue when using 'SVNPathAuthz short_circuit'.

Release Notes

User-visible changes in Subversion 1.6.13:

• Don't drop properties during foreign-repo merges (issue #3623)
• Improve auto-props failure error message (r961970)
• Improve error message for 403 status with ra_neon (r876615)
• Don't allow 'merge --reintegrate' for 2-url merges (r959004)
• Improve handling of missing fsfs.conf during hotcopy (r980811, -1449)
• Escape unsafe characters in a URL during export (issue #3683)
• Don't leak stale locks in FSFS (r959760)
• Better detect broken working copies during update over ra_neon (r979045)
• fsfs: make rev files read-only (r981921)
• Properly canonicalize a URL (r984928, -31)
• Fix wc corruption with 'commit --depth=empty' (issue #3700)
• Permissions fixes when doing reintegrate merges (related to issue #3242)
• Fix mergeinfo miscalculation during 2-url merges (issue #3648)
• Fix error transmission problems in svnserve (r997457, -66)
• Fixed: record-only merges create self-referential mergeinfo (issue #3646)
• Fixed: 'SVNPathAuthz short_circuit' unsolicited read access (issue #3695)
• Make 'svnmucc propset' handle existing and non-existing URLs (r1000607)
• Add new 'propsetf' subcommand to svnmucc (r1000612)
• Emit a warning about copied dirs during ci with limited depth (r1002094)
  
  

Developer-visible changes in Subversion 1.6.13:

• Make ruby bindings compatible with Ruby 1.9 (r957507)
• Use the repos verify API in JavaHL (r948916)
• Teach ra_serf to parse md5 checksums with update editors (r979429)
• Let ra_serf work with current serf releases (r879757, r880320, r943796)

For more informations about changes, see the Changelog.