1.14.1 certificate expired

Alexander Zimmermann

unread,

Nov 26, 2021, 11:37:06 AM11/26/21

to TortoiseSVN

Hello all,

I'm in the process of an internal company application certification, one part of it is the TortoiseSVN client.

The test team got the latest official stable 1.14.1.29085-x64, they found 2 low and 1 medium "vulnerability".

I would like to kindly ask if you can have a look at them one by one (will do 3 separate posts, as suggested in the report FAQ), and if there is a possibility to adjust for this.

---
Severity: Low

Vulnerability: Certificate expired

Description: The test team observed that the certificate of the dll files used in thick client have crossed their expiration period.

Screenshot attached with an example

---

The test team mentioned to me that low vulnerabilities can be justified if it cannot be managed to change or has been applied for specific reasons.

Any help is much appreciated.

Thank you

Alexander

Stefan

unread,

Nov 26, 2021, 12:39:40 PM11/26/21

to TortoiseSVN

On Friday, November 26, 2021 at 5:37:06 PM UTC+1 Alexander Zimmermann wrote:

---
Severity: Low
Vulnerability: Certificate expired
Description: The test team observed that the certificate of the dll files used in thick client have crossed their expiration period.
Screenshot attached with an example

please read about digital signing and timestamping.

If a binary is signed with time stamping, the expiration date does not matter at all.

Alexander Zimmermann

unread,

Nov 29, 2021, 10:31:23 AM11/29/21

to TortoiseSVN

Thank you very much Stefan!

Reply all

Reply to author

Forward