Hi all,
Daniel Shahaf wrote:
Nico Kadel-Garcia wrote on Thu, Apr 10, 2014 at 23:53:14 -0400:
I was just realizing that no one has mentioned it here: For anyone
running HTTPS based Subversion servers, they should really take a good
look at whether their web server is vulnerable to the "HeartBleed"
security problem in OpenSSL.
Repositories served exclusively with http:// (non-SSLed), svn+ssh://,
and/or svn://-with-SASL-disabled are not affected.
This is not entirely correct: any web server process with openssl-based
SSL enabled was vulnerable. So even if the repository itself wasn't
served on HTTPS, but some other vhost was, you're still affected.
Best regards,
-hannes
