« Vault 5 / Fortress 2 betas available | Main | SourceOffSite 5 Preview release is imminent »

Vault/Fortress WebDAV not affected by the IIS WebDAV Vulnerability

You may have seen, or read reports of, Microsoft Security Advisory 971492 (Vulnerability in Internet Information Services Could Allow Elevation of Privilege), which details a potential security hole in IIS's WebDAV service. And you may be aware that Vault 5 and Fortress 2 (both in beta now) offer WebDAV access to version control repositories.

You needn't be concerned for your code's security — even when running under IIS 6 (the version affected by this issue), Vault and Fortress do not use Microsoft's WebDAV services. The code is completely separate, specific to Vault and Fortress, and doesn't access the file system in the way that's causing trouble for Microsoft.

So feel free to keep testing Beta 1 while we work on Beta 2, and keep the feedback coming in the Support Forums.

Posted by Paul Roub on May 20, 2009 4:07 PM |

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Search


About

This page contains a single entry from the blog posted on May 20, 2009 4:07 PM.

The previous post in this blog was Vault 5 / Fortress 2 betas available.

The next post in this blog is SourceOffSite 5 Preview release is imminent.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]

Powered by
Movable Type Pro 4.23-en
Paul Roub
SourceGear
Work:
115 North Neil St. #408
Champaign, IL 61820-4024
USA
work: +1-217-356-0105 x722