Verj.io V5.13.6 released

Check for important Verj.io announcements such as version, service packs and patch releases, event dates, etc

Moderators: Jon, Steve, Ian, civanderputt, Dave

Steve
Moderator
Moderator
Posts: 422
Joined: Fri Sep 07, 2007 3:44 pm
Location: Sandy, UK
Contact:

Verj.io V5.13.6 released

#1

Postby Steve » Wed Jun 18, 2025 10:23 am

Verj.io V5.13.6 is now available and can be downloaded using the links below.

Downloads:
Verj.io Studio Links:
Windows 64 bit: https://downloads.verj.io/verjio/v5.13. ... _win64.exe
Linux 64 bit: https://downloads.verj.io/verjio/v5.13. ... x64.tar.gz
Mac: https://downloads.verj.io/verjio/v5.13. ... _6_mac.dmg

On-premise Server Links
Windows 64 bit: https://downloads.verj.io/verjio/v5.13. ... _win64.exe
Linux 64 bit: https://downloads.verj.io/verjio/v5.13. ... x64.tar.gz


Functional changes in V5.13.6
  1. Add Same Site Cookie attribute support in the Verj.io Server Admin Application Server properties. The Same Site Cookie response header can be configured as follows:

    Web Application – Use the Web Application‘s own same-site cookie configuration.

    The following options are used to override the Web Application’s Cookie same-site settings:

    Unset– The same-site attribute will not be set.

    None– The same-site cookie attribute will be set and the cookie will always be sent in cross-site requests. This is useful when embedding content from third-party web sites. The Embedded Server must be restarted when None is selected. The Cookie will not be sent when the connection is unsecured HTTP (except on localhost).

    Lax – The browser will only sends the cookie in same-site requests and cross-site top level GET requests.

    Strict – The browser prevents sending the cookie in any cross-site requests.

  2. Upgrade Java to 17.0.15
Security Fixes in V5.13.6
  1. Upgrade to tomcat 9.0.106 that fixes:
    • CVE-2025-31650 - Denial of Service via invalid HTTP priority header.

      Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service.

Release notes and installation instructions:

See the V5.13.6 Readme
0 x

Who is online

Users browsing this forum: No registered users and 1 guest