Downloads:
Verj.io Studio Links:
Windows 64 bit: https://downloads.verj.io/verjio/v5.13. ... _win64.exe
Linux 64 bit: https://downloads.verj.io/verjio/v5.13. ... x64.tar.gz
Mac: https://downloads.verj.io/verjio/v5.13. ... _6_mac.dmg
On-premise Server Links
Windows 64 bit: https://downloads.verj.io/verjio/v5.13. ... _win64.exe
Linux 64 bit: https://downloads.verj.io/verjio/v5.13. ... x64.tar.gz
Functional changes in V5.13.6
- Add Same Site Cookie attribute support in the Verj.io Server Admin Application Server properties. The Same Site Cookie response header can be configured as follows:
Web Application – Use the Web Application‘s own same-site cookie configuration.
The following options are used to override the Web Application’s Cookie same-site settings:
Unset– The same-site attribute will not be set.
None– The same-site cookie attribute will be set and the cookie will always be sent in cross-site requests. This is useful when embedding content from third-party web sites. The Embedded Server must be restarted when None is selected. The Cookie will not be sent when the connection is unsecured HTTP (except on localhost).
Lax – The browser will only sends the cookie in same-site requests and cross-site top level GET requests.
Strict – The browser prevents sending the cookie in any cross-site requests.
- Upgrade Java to 17.0.15
- Upgrade to tomcat 9.0.106 that fixes:
- CVE-2025-31650 - Denial of Service via invalid HTTP priority header.
Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service.
- CVE-2025-31650 - Denial of Service via invalid HTTP priority header.
Release notes and installation instructions:
See the V5.13.6 Readme