RSS Feed
Latest Updates
SmartSVN sold to Syntevo
Posted by Phil Richardson on 24 February 2015 12:47 PM

From 23/02/2015 SmartSVN will be owned, maintained and managed by SmartSVN GmbH, a 100% child of Syntevo GmbH.

During the last two years the founders of Syntevo have continued to work extensively with WANdisco, so the transition back into their ownership will be smooth and seamless.

Will this affect my purchased SmartSVN license?

No, SmartSVN GmbH will continue to support current SmartSVN users and you'll be able to renew through them when the free upgrade period of your SmartSVN license has expired.

Where should I raise issues in the future?

The best place to go is Syntevo's contact page ( where you'll find the right contact depending on the nature of your issue.

You can read more about this on our blog here:


Read more »

Posted by Matt Taylor on 17 October 2014 02:15 PM

Due to a security vulnerability we have disabled access to our secure pages via SSLv3, and will now only offer secure connections for those using TLSv1 and newer protocols.

Unfortunately this means you will no longer be able to browse our secure pages such as our support ticket system and web store using Internet Explorer 6.

In order to access these pages please upgrade your version of Internet Explorer to version 8 or newer and enable support for TLS. Alternatively you could use a browser such as Chrome, Firefox or Opera.

Read more »

Subversion Vulnerability in Serf
Posted by Phil Richardson on 14 August 2014 12:34 PM

The Apache Subversion team have recently published details of two vulnerabilities in the Serf RA layer.

Firstly, vulnerable versions of the Serf RA layer will accept certificates that it should not accept as matching the hostname the client is using to make the request. This is deemed a Medium risk vulnerability.

Additionally, affected versions of the Serf RA layer do not properly handle certificates with embedded NUL bytes in their Common Names or Subject Alternate Names. This is also deemed a Medium risk vulnerability.

Either of these issues, or a combination of both, could lead to a man-in-the-middle attack and allow viewing of encrypted data and unauthorised repository access.

A further vulnerability has also been identified in the way that Subversion indexes cached authentication credentials. An MD5 hash collision can be engineered such that cached credentials are leaked to a third party. This is deemed a Low risk vulnerability.

For more information on these issues please see the following links:!msg/serf-dev/NvgPoK6sFsc/_TR7Buxtba0J

The ra_serf vulnerability affects Subversion versions 1.4.0-1.7.17 and 1.8.0-1.8.9. The Serf library vulnerability affects Serf versions 0.2.0 through 1.3.6 inclusive. Finally, the credentials vulnerability affects Subversion versions 1.0.0-1.7.17 and 1.8.0-1.8.9.

If you are using any of the vulnerable versions mentioned above we would urge you to upgrade to the latest release, either 1.8.10 or 1.7.18. Both are available on our website at

We believe that the information contained above, including the links to the Apache. Org communications, should be all that you need to deal with these issues. However, should further queries arise, feel free to reach out to the support team and we'll do what we can to assist.

Read more »

OpenSSL Vulnerability – The Heartbleed Bug
Posted by Phil Richardson on 11 April 2014 03:58 PM
The OpenSSL team recently published a security advisory regarding the TLS heartbeat read overrun. This vulnerability allows up to 64k of memory to be read by a connected client or server in chunks and different chunks can be requested on each attack.

The vulnerability affects versions 1.0.1 and 1.0.2-beta of OpenSSL.

The WANdisco SVN binaries for Windows and Solaris available since 2011 have included OpenSSL libraries which are vulnerable. We’ve released updated versions with the patch as of today, so if you are still using one of these older versions please download the latest:



Users of our Subversion products (including SVN Multisite) on other operating systems will still need to ensure they’ve updated their OpenSSL package however there’s nothing vulnerable included with our binaries. We recommend all users of these operating systems update their version of OpenSSL to 1.0.1g as soon as possible or, if unable to update, recompile OpenSSL with the -DOPENSSL_NO_HEARTBEATS flag.

For more information on this vulnerability please see
Read more »

Ticket priority changes
Posted by Phil Richardson on 14 August 2013 10:26 PM

From today, when you raise a support request for any of the WANdisco products, you'll notice that the priority fields offered have changed. 

As our product suite grows its important that we make any changes necessary to make it easier for you to raise and escalate support requests, and for our support team to support you to the standard you expect. 

You'll now see up to five priority categories for your support ticket, depending on the product and your support agreement. You can see the breakdown of these, and a guide to help you choose the right level, in our KB article here. You'll also see a link to this when you raise a ticket.

We hope you'll find these changes helpful, and welcome your feedback, either in your ticket or in the satisfaction survey you'll receive when your ticket is closed.

Read more »

Help Desk Software by Kayako fusion