RSS Feed
Latest Updates
Ticket change notice - attachment limit now set to 10MB
Posted by Gordon Vaughan on 19 November 2015 05:32 PM

WANdisco has recently experienced a surge in the number of tickets raised into our support portal with very large attachments. While our support portal is more than capable of handling the attachment sizes uploaded, the knock-on effect of this has been that emails from the support desk to our customers have been bounced due to sizing limits. This has given the potential for major communication issues, which is something neither WANdisco or our customers can countenance.


Having assessed all the options available and considered the impacts, we have deployed a 10MB file size limit on attachments via our portal, effective immediately. Any attempts to create or update tickets with files of this size or greater will result in a failure to upload, although the ticket text content will be received.


Should you have a need to send us a file sized 10MB or greater, please upload these to the shared space we have made available to you (FTP/SFTP). Should you be unfamiliar with this process, or require access, please contact the support team via the usual channels.



Gordon Vaughan

Service Delivery Manager - WANdisco

Read more »

SmartSVN sold to Syntevo
Posted by Phil Richardson on 24 February 2015 12:47 PM

From 23/02/2015 SmartSVN will be owned, maintained and managed by SmartSVN GmbH, a 100% child of Syntevo GmbH.

During the last two years the founders of Syntevo have continued to work extensively with WANdisco, so the transition back into their ownership will be smooth and seamless.

Will this affect my purchased SmartSVN license?

No, SmartSVN GmbH will continue to support current SmartSVN users and you'll be able to renew through them when the free upgrade period of your SmartSVN license has expired.

Where should I raise issues in the future?

The best place to go is Syntevo's contact page ( where you'll find the right contact depending on the nature of your issue.

You can read more about this on our blog here:


Read more »

Posted by Matt Taylor on 17 October 2014 02:15 PM

Due to a security vulnerability we have disabled access to our secure pages via SSLv3, and will now only offer secure connections for those using TLSv1 and newer protocols.

Unfortunately this means you will no longer be able to browse our secure pages such as our support ticket system and web store using Internet Explorer 6.

In order to access these pages please upgrade your version of Internet Explorer to version 8 or newer and enable support for TLS. Alternatively you could use a browser such as Chrome, Firefox or Opera.

Read more »

Subversion Vulnerability in Serf
Posted by Phil Richardson on 14 August 2014 12:34 PM

The Apache Subversion team have recently published details of two vulnerabilities in the Serf RA layer.

Firstly, vulnerable versions of the Serf RA layer will accept certificates that it should not accept as matching the hostname the client is using to make the request. This is deemed a Medium risk vulnerability.

Additionally, affected versions of the Serf RA layer do not properly handle certificates with embedded NUL bytes in their Common Names or Subject Alternate Names. This is also deemed a Medium risk vulnerability.

Either of these issues, or a combination of both, could lead to a man-in-the-middle attack and allow viewing of encrypted data and unauthorised repository access.

A further vulnerability has also been identified in the way that Subversion indexes cached authentication credentials. An MD5 hash collision can be engineered such that cached credentials are leaked to a third party. This is deemed a Low risk vulnerability.

For more information on these issues please see the following links:!msg/serf-dev/NvgPoK6sFsc/_TR7Buxtba0J

The ra_serf vulnerability affects Subversion versions 1.4.0-1.7.17 and 1.8.0-1.8.9. The Serf library vulnerability affects Serf versions 0.2.0 through 1.3.6 inclusive. Finally, the credentials vulnerability affects Subversion versions 1.0.0-1.7.17 and 1.8.0-1.8.9.

If you are using any of the vulnerable versions mentioned above we would urge you to upgrade to the latest release, either 1.8.10 or 1.7.18. Both are available on our website at

We believe that the information contained above, including the links to the Apache. Org communications, should be all that you need to deal with these issues. However, should further queries arise, feel free to reach out to the support team and we'll do what we can to assist.

Read more »

OpenSSL Vulnerability – The Heartbleed Bug
Posted by Phil Richardson on 11 April 2014 03:58 PM
The OpenSSL team recently published a security advisory regarding the TLS heartbeat read overrun. This vulnerability allows up to 64k of memory to be read by a connected client or server in chunks and different chunks can be requested on each attack.

The vulnerability affects versions 1.0.1 and 1.0.2-beta of OpenSSL.

The WANdisco SVN binaries for Windows and Solaris available since 2011 have included OpenSSL libraries which are vulnerable. We’ve released updated versions with the patch as of today, so if you are still using one of these older versions please download the latest:



Users of our Subversion products (including SVN Multisite) on other operating systems will still need to ensure they’ve updated their OpenSSL package however there’s nothing vulnerable included with our binaries. We recommend all users of these operating systems update their version of OpenSSL to 1.0.1g as soon as possible or, if unable to update, recompile OpenSSL with the -DOPENSSL_NO_HEARTBEATS flag.

For more information on this vulnerability please see
Read more »

Help Desk Software by Kayako fusion