CVS

This release fixes two backwards compatibility
issues in 1.11.7 and 1.11.8, as well as an issue
that could cause some files to become unavailable
to clients running on systems with case
insensitive filesystems. An upgrade for all CVS
clients and servers is recommended.

In this version, a warning message is issued if an
admin file contains more than one DEFAULT entry. Error
running a verifymsg script (such as referencing an
unset user variable or the script not existing) now
causes the verification to fail. Errors in admin files
commands (like unset user variables) are no longer
reported unless the command is actually executed. The
Checkin.prog and Update.prog features have been
removed. This previously allowed executables to be
specified in the modules file to be run at update and
checkin time, but users could edit these files on a per
workspace basis, creating a security hole.

This release fixes a major security vulnerability in CVS. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0015 to this issue.

There are bugfixes for Windows platforms. Message timestamps are now in UTC rather than the server's local time.

This version includes new options for log and rlog commands, fixes for a serious error that allowed read-only users to tag files, and other fixes and improvements.