- update to 1.7.14 [bnc#850747], addressing two security issues:
* CVE-2013-4505: mod_dontdothat does not restrict requests from
serf clients.
* CVE-2013-4558: mod_dav_svn assertion triggered by
autoversioning commits.
- Client- and server-side bugfixes:
* fix assertion on urls of the form 'file://./'
- Client-side bugfixes:
* upgrade: fix an assertion when used with pre-1.3 wcs
* fix externals that point at redirected locations
* diff: fix incorrect calculation of changes in some cases
* diff: fix errors with added/deleted targets
- Server-side bugfixes:
* mod_dav_svn: Prevent crashes with some 3rd party modules
* fix OOM on concurrent requests at threaded server start
* fsfs: limit commit time of files with deep change histories
* mod_dav_svn: canonicalize paths properly
- Other tool improvements and bugfixes:
* mod_dontdothat: Fix the uri parser