From 98cbb8648d3dac7ded1795a8b2238873da685124 Mon Sep 17 00:00:00 2001 From: Jon Cahill-Torre Date: Tue, 27 May 2025 17:12:55 +0100 Subject: [PATCH 1/2] add Unit 1.34.2 details --- content/unit/changes.md | 9 ++++++++ .../unit/news/2025/unit-1.34.1-released.md | 2 +- .../unit/news/2025/unit-1.34.2-released.md | 21 +++++++++++++++++++ 3 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 content/unit/news/2025/unit-1.34.2-released.md diff --git a/content/unit/changes.md b/content/unit/changes.md index d08c94900..87f369799 100644 --- a/content/unit/changes.md +++ b/content/unit/changes.md @@ -5,6 +5,15 @@ toc: true --- ```text +Changes with Unit 1.34.2 26 Feb 2025 + + *) Security: fix missing websocket payload length validation in the Java + language module which could lead to Java language module processes + consuming excess CPU. (CVE-2025-1695). + + *) Bugfix: fix incorrect websocket payload length calculation in the + Java language module. + Changes with Unit 1.34.1 10 Jan 2025 *) Bugfix: fix instability issues due to OpenTelemetry (OTEL) support. diff --git a/content/unit/news/2025/unit-1.34.1-released.md b/content/unit/news/2025/unit-1.34.1-released.md index 5772af0c4..c346111b0 100644 --- a/content/unit/news/2025/unit-1.34.1-released.md +++ b/content/unit/news/2025/unit-1.34.1-released.md @@ -1,6 +1,6 @@ --- title: Unit 1.34.1 Released -weight: 100 +weight: 1000 --- We are pleased to announce the release of NGINX Unit 1.34.1. This is a diff --git a/content/unit/news/2025/unit-1.34.2-released.md b/content/unit/news/2025/unit-1.34.2-released.md new file mode 100644 index 000000000..1bcbcd90d --- /dev/null +++ b/content/unit/news/2025/unit-1.34.2-released.md @@ -0,0 +1,21 @@ +--- +title: Unit 1.34.2 Released +weight: 900 +--- + +We are pleased to announce the release of NGINX Unit 1.34.2. This is a maintenance release that fixes a couple of issues in the Java WebSocket code within the Java language module. + +- Security: When the NGINX Unit Java Language module is in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization (CVE-2025-1695). + +## Full Changelog + +```none +Changes with Unit 1.34.2 26 Feb 2025 + + *) Security: fix missing websocket payload length validation in the Java + language module which could lead to Java language module processes + consuming excess CPU. (CVE-2025-1695). + + *) Bugfix: fix incorrect websocket payload length calculation in the + Java language module. +``` From b91edabaee003065355e01c4e536fd932cee4deb Mon Sep 17 00:00:00 2001 From: Jon Cahill-Torre Date: Tue, 27 May 2025 17:23:22 +0100 Subject: [PATCH 2/2] make link to releases more prominent for Unit --- content/unit/about.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/content/unit/about.md b/content/unit/about.md index 14db002bc..c7a540cc4 100644 --- a/content/unit/about.md +++ b/content/unit/about.md @@ -12,8 +12,11 @@ running application code (including WebAssembly), serving static assets, handling TLS and request routing. Unit was created by [nginx](https://nginx.org/en/) team members from scratch to -be highly efficient and fully configurable at runtime. You can read the details -about the latest release in the [news]({{< relref "/unit/news/">}}) section. +be highly efficient and fully configurable at runtime. + +{{< tip >}}You can read the details +about the latest release in the [Releases and announcements]({{< relref "/unit/news/">}}) section. +{{< /tip >}} - See a quickstart [guide](https://github.com/nginx/unit/) on our GitHub page. - Browse the [Changelog]({{< relref "/unit/changes/">}}) or see the release notes in the [Releases and announcements]({{< relref "/unit/news/">}}) archive.