Downloads:
Verj.io Studio Links:
Windows 64 bit: https://downloads.verj.io/verjio/v5.13. ... _win64.exe
Linux 64 bit: https://downloads.verj.io/verjio/v5.13. ... x64.tar.gz
Mac: https://downloads.verj.io/verjio/v5.13. ... _7_mac.dmg
On-premise Server Links
Windows 64 bit: https://downloads.verj.io/verjio/v5.13. ... _win64.exe
Linux 64 bit: https://downloads.verj.io/verjio/v5.13. ... x64.tar.gz
Functional changes in V5.13.7
This release is a maintenance release and contains an important Tomcat security fix.
Security Fixes in V5.13.7
- Upgrade to tomcat 9.0.110 that fixes::
- CVE-2025-48989 - DoS in HTTP/2 due to client triggered stream reset.
Tomcat's HTTP/2 implementation was vulnerable to the made you reset attack. The denial of service typically manifested as an OutOfMemoryError.
- CVE-2025-52434 - APR/Native Connector crash leading to DoS.
A race condition on connection close could trigger a JVM crash when using the APR/Native connector leading to a DoS. This was particularly noticeable with client initiated closes of HTTP/2 connections.
- CVE-2025-53506 - DoS via excessive HTTP/2 streams.
An uncontrolled resource consumption vulnerability if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams could result in a DoS.
- CVE-2025-48989 - DoS in HTTP/2 due to client triggered stream reset.
- Upgrade Java to 17.0.16
- Cross-Site Scripting (XSS) Prevention – Ensure that URL parameters are sanitized to remove potentially harmful HTML element tags, such as <script> tags, which may lead to the execution of malicious code if rendered on the web page.
Release notes and installation instructions:
See the V5.13.7 Readme