Mark Phippard

About Mark Phippard

Engineering manager for several teams at CollabNet, including CloudForge, Subversion, Subversion Edge, Git and our Desktops and Integrations. Project owner for the Subclipse project, which provides Subversion support in Eclipse. Also a full committer for the Subversion project. Product owner for GitEye, Subversion Edge and the CollabNet Desktops and Integrations.

Subversion SHA1 Collision Problem Statement — Prevention and Remediation Options

shattered

You probably saw the news last week that researchers at Google had found a scenario where they were able to break the SHA1 algorithm by creating two PDF files with differing content that produced the same hash. If you are following this story then you may have also seen that the Webkit Subversion repository had problems after a user committed these example files to their repository so that they could be used in test cases for SHA1 collisions. This post will try to explain the problem this caused and what prevention and remediation options are available if you run into …

Read More »

SVN Edge 5.0 Released – with Java 8 Support

I am pleased to announce the release and general availability of SVN Edge 5.0. Downloads for Windows, Linux and Solaris are available now. If you already have SVN Edge installed, you can update from within the application itself. Windows users should read on though. The driver for this release was support for Java 8. Normally, new releases of Java are not that big a deal because Java has excellent backwards compatibility and code written and compiled for older versions generally works the same on newer versions. I’ve been working with Java since 1.1 and that has always been my experience. …

Read More »

Subversion and Heartbleed — Are you vulnerable?

Heartbleed

You have probably already heard about the OpenSSL vulnerability, named Heartbleed, that is getting so much attention in the press. This is a significant vulnerability that can expose data in memory on your server. Making matters worse is that this vulnerability leaves absolutely no trace on the server. You will not see this in your logs no matter how detailed your logging level and it also does not require any authentication with the server. This bug impacts the current Subversion binaries we were providing so we have updated those binaries to include the fixed version of OpenSSL – 1.0.1g and those …

Read More »

Subversion Edge 4.0 Released

advanced-settings

Hopefully you saw Mike’s post yesterday about the release of Subversion 1.8. Congratulations to the Subversion team on the new release. Today I am pleased to announce the release of Subversion Edge 4.0. This is the release that delivers Subversion 1.8 to your servers so that you can take advantage of the new features offered by Subversion on the server. We are also taking this opportunity to upgrade our Apache HTTP Server stack from 2.2 to 2.4. This will allow you to get the most out of your Subversion 1.8 server as it benefits from some of the fixes and …

Read More »

Getting Started with CollabNet GitEye

GitEye logo

We released GitEye a couple weeks ago.  See my earlier blog post Introducing CollabNet GitEye if you missed it. This is a followup blog post that is aimed at new users and should help get you started using GitEye as your Git client. I have created three initial videos that walk through different aspects of using GitEye.  The videos are all short, just a few minutes, so you should be able to just watch the videos you need. For example, the first video shows how to setup an SSH key. If you do not need help with this, or do …

Read More »

Introducing CollabNet GitEye

GitEye Logo

Today I have the pleasure of announcing a new graphical client for Git that we have been working on — CollabNet GitEye. GitEye is a Java GUI client for Git written on top of the Eclipse RCP framework. We are providing downloads for Windows, OSX and Linux though we can theoretically produce builds for a few other operating systems as well if the demand is there. Leveraging the Eclipse RCP framework allows us to provide a native GUI experience on all of these different operating systems, while still benefiting from the cross platform nature of Java. This approach also allows …

Read More »

New Subversion Release Includes Several Security Fixes

Apache Subversion 1.7.9 and 1.6.21 have been released. Among the normal set of bug fixes in the release are several fixes for security vulnerabilities. A list of all of the vulnerabilities and their details are available on the Subversion security page: http://subversion.apache.org/security/ I would encourage you to read the details of each vulnerability so that you can assess the risk for your environment.  My take on these items is that they are all on the Low/Medium end of the spectrum. There are not any of the higher risk vulnerabilities such as arbitrary code execution or privilege escalation included. Generally speaking, …

Read More »

New Subversion Edge and TeamForge Releases Available

Subversion Edge 3.1.0 has been released today and is available immediately for download as well as via the integrated updates within the Subversion Edge web user interface. The primary new feature in this release is support for the newly released TeamForge 6.2, more on that in a minute. There are also fixes for all of the top bugs that have been reported in the forum. For a full account of what is included in this Subversion Edge release, please see the wiki page for this release. For those of you on an older release of Subversion Edge, this would be …

Read More »

Ten Reasons to Upgrade Your Subversion Server

In the earliest days of Subversion Edge, when we were planning out the short and long term roadmap for the product, the one true release defining feature for the first release was an integrated web-based update feature.  We wanted to have a way to easily notify you of available updates and let you install those updates right from your web browser without needing direct access to the server itself. We were inspired for this feature by Jenkins, which has this feature and we loved from our usage of that tool.  We knew if we had a way to easily deliver …

Read More »

Subversion Edge 3.0.1 Released

As I detailed in the previous post, Apache Subversion 1.7.5 was released today and with that release it is a good time to also do a new Subversion Edge release.  In addition to the inclusion of the binaries for Subversion 1.7.5, this release focuses on fixes to customer reported defects.  This update is available immediately and can be obtained by clicking on the Software Updates option in the Subversion Edge web console. A complete list of the fixes in this release can be viewed in the wiki: https://ctf.open.collab.net/sf/wiki/do/viewPage/projects.svnedge/wiki/Release_3.0.1 For more information on Subversion Edge, please see my earlier blog post …

Read More »