Skip to content
This repository was archived by the owner on Oct 8, 2025. It is now read-only.

Commit 9f8da7c

Browse files
ac000ac000
committed
Add 1.34.2 release page
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
1 parent 0475004 commit 9f8da7c

File tree

2 files changed

+51
-0
lines changed

2 files changed

+51
-0
lines changed

source/news/2025/index.rst

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,8 +2,18 @@
22
News of 2025
33
############
44

5+
56
News archive for the year 2025.
67

8+
.. nxt_news_entry::
9+
:author: Unit Team
10+
:description: Version 1.34.2 is a maintenance release that fixes a couple
11+
of Java WebSocket issues.
12+
:email: unit-owner@nginx.org
13+
:title: Unit 1.34.2 Released
14+
:url: news/2025/unit-1.34.2-released
15+
:date: 2025-02-26
16+
717
.. nxt_news_entry::
818
:author: Unit Team
919
:description: Version 1.34.1 is a maintenance release that fixes issues

source/news/2025/unit-1.34.2-released.rst

Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,41 @@
1+
:orphan:
2+
3+
####################
4+
Unit 1.34.2 Released
5+
####################
6+
7+
We are pleased to announce the release of NGINX Unit 1.34.2. This is a
8+
maintenance release that fixes a couple of issues in the Java WebSocket
9+
code within the Java language module.
10+
11+
- Security: When the NGINX Unit Java Language module is in use, undisclosed
12+
requests can lead to an infinite loop and cause an increase in CPU resource
13+
utilization (CVE-2025-1695).
14+
15+
- It addresses a potential security issue where we could get a negative
16+
payload length that could cause the Java language module process(es)
17+
to enter an infinite loop and consume excess CPU. (CVE-2025-1695)
18+
19+
`F5 SIRT <https://my.f5.com/manage/s/article/K000149959>`__.
20+
21+
- It addresses an issue whereby decoded payload lengths would be limited
22+
to 32 bits.
23+
24+
Both these issues affect Unit versions from 1.11.0 to 1.34.1. If you use
25+
the Java language module with WebSockets it is strongly suggested to
26+
upgrade.
27+
28+
**************
29+
Full Changelog
30+
**************
31+
32+
.. code-block:: none
33+
34+
Changes with Unit 1.34.2 26 Feb 2025
35+
36+
*) Security: fix missing websocket payload length validation in the Java
37+
language module which could lead to Java language module processes
38+
consuming excess CPU. (CVE-2025-1695).
39+
40+
*) Bugfix: fix incorrect websocket payload length calculation in the
41+
Java language module.

0 commit comments

Comments
 (0)