Verj.io V5.13.4 released

Check for important Verj.io announcements such as version, service packs and patch releases, event dates, etc

Moderators: Jon, Steve, Ian, civanderputt, Dave

Locked
Steve
Moderator
Moderator
Posts: 421
Joined: Fri Sep 07, 2007 3:44 pm
Location: Sandy, UK
Contact:
Contact Steve

Verj.io V5.13.4 released

#1

Postby Steve » Tue Feb 04, 2025 9:40 am

Verj.io V5.13.4 is now available and can be downloaded using the links below.

Downloads:
Verj.io Studio Links:
Windows 64 bit: https://downloads.verj.io/verjio/v5.13. ... _win64.exe
Linux 64 bit: https://downloads.verj.io/verjio/v5.13. ... x64.tar.gz
Mac: https://downloads.verj.io/verjio/v5.13. ... _4_mac.dmg

On-premise Server Links
Windows 64 bit: https://downloads.verj.io/verjio/v5.13. ... _win64.exe
Linux 64 bit: https://downloads.verj.io/verjio/v5.13. ... x64.tar.gz


Changes introduced in Version 5.13.4:
  1. JavaScript API change to form.callUrl(url, parameters):

    Not all REST Service API’s are compatible with additional HTTP parameters that the API does not recognize. Calls to these REST API’s could result in an error code when called. The JavaScript API form.callUrl() functions automatically append the HTTP parameter to the parameters on the request URL:

    ufsReturnURL=<verj.io-server-callback-url>

    The ufsReturnURL parameter can be excluded adding the following configuration to the parameters argument of the callURL() function:

    addUFSReturnURL = false;

    JavaScript Example:

    Code: Select all

        var parms = {};
    parms.cardid = fields.CREDIT_CARD_NO.displayValue;
    parms.amount = fields.PAYMENT_AMOUNT.displayValue;
    parms.returl = form.getReturnUrl();
    parms.addUfsReturnURL = false;
  2. This release also contains performance and various bug fixes.

Security Fixes in Version 5.13.4:
  1. Upgrade to tomcat 9.0.98 that fixes:

    Remote Code Execution via write enabled Default Servlet. Mitigation for CVE-2024-50379 was incomplete - CVE-2024-56337

    The previous mitigation for CVE-2024-50379 was incomplete. In addition to upgrading to 9.0.98 or later, users running Tomcat on a case insensitive file system with the default servlet write enabled may need additional configuration:

    The system property sun.io.useCanonCaches, if set, must be set to false (it defaults to false)

    Remote Code Execution via write enabled Default Servlet CVE-2024-50379

    If the default servlet is write enabled (readonly initialisation parameter set to the non-default value of false) for a case insensitive file system, concurrent read and upload under load of the same file can bypass Tomcat's case sensitivity checks and cause an uploaded file to be treated as a JSP leading to remote code execution.

  2. Upgrade Java to 17.0.13

  3. Upgrade Apache CXF to V3.5.10 that includes various patches and the following security fixes:

Release notes and installation instructions:
See the V5.13.4 Readme
0 x
Locked

Return to “Announcements”

Who is online

Users browsing this forum: No registered users and 3 guests