chore: release Ferron 1.3.5

DorianNiemiecSVRJS · DorianNiemiecSVRJS · commit d85d3bd1e233 · 2025-07-31T09:11:12.000+02:00
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/blog/ferron-1-3-5-has-been-released.md b/blog/ferron-1-3-5-has-been-released.md
@@ -0,0 +1,20 @@
+---
+title: "Ferron 1.3.5 has been released"
+description: We are excited to announce the release of Ferron 1.3.5. This release brings lower memory usage for Brotli and Zstandard compression.
+date: 2025-07-31 09:01:00
+cover: /img/covers/ferron-1-3-5-has-been-released.png
+---
+
+We are excited to introduce Ferron 1.3.5, with lower memory usage for Brotli and Zstandard compression.
+
+## Key improvements and fixes
+
+### Adjusted Brotli and Zstandard compression
+
+We've adjusted the compression parameters for Brotli and Zstandard to reduce the memory usage, allowing for more memory-efficient compression.
+
+## Thank you!
+
+We appreciate all the feedback and contributions from our community. Your support helps us improve Ferron with each release. Thank you for being a part of this journey!
+
+_The Ferron Team_
diff --git a/ferron-passwd/Cargo.toml b/ferron-passwd/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "ferron-passwd"
-version = "1.3.4"
+version = "1.3.5"
 edition = "2021"
 
 [package.metadata.winresource]
diff --git a/ferron/Cargo.toml b/ferron/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "ferron"
-version = "1.3.4"
+version = "1.3.5"
 edition = "2021"
 
 [package.metadata.winresource]
diff --git a/website/public/img/covers/ferron-1-3-5-has-been-released.png b/website/public/img/covers/ferron-1-3-5-has-been-released.png
diff --git a/website/src/pages/changelog.md b/website/src/pages/changelog.md
@@ -4,6 +4,12 @@ title: Ferron change log
 description: Stay updated on Ferron web server improvements with a change log, featuring bug fixes, new features, and enhancements for each release.
 ---
 
+## Ferron 1.3.5
+
+**Released in July 31, 2025**
+
+- Adjusted the Brotli and Zstandard compression parameters for lower memory usage
+
 ## Ferron 1.3.4
 
 **Released in July 22, 2025**
diff --git a/website/src/pages/download.md b/website/src/pages/download.md
@@ -6,35 +6,35 @@ description: Get started with Ferron! Visit the downloads page for the latest st
 
 Ferron (along with modules) is currently available for GNU/Linux, Windows Server, macOS, and FreeBSD.
 
-## Ferron 1.3.4
+## Ferron 1.3.5
 
 ### Most common platforms
 
-- [64-bit GNU/Linux](https://downloads.ferronweb.org/1.3.4/ferron-1.3.4-x86_64-unknown-linux-gnu.zip)
-- [64-bit Linux (musl libc)](https://downloads.ferronweb.org/1.3.4/ferron-1.3.4-x86_64-unknown-linux-musl.zip)
-- [64-bit Windows](https://downloads.ferronweb.org/1.3.4/ferron-1.3.4-x86_64-pc-windows-msvc.zip)
-- [ARM64 GNU/Linux](https://downloads.ferronweb.org/1.3.4/ferron-1.3.4-aarch64-unknown-linux-gnu.zip)
-- [ARM64 Linux (musl libc)](https://downloads.ferronweb.org/1.3.4/ferron-1.3.4-aarch64-unknown-linux-musl.zip)
-- [macOS (on Apple Silicon)](https://downloads.ferronweb.org/1.3.4/ferron-1.3.4-aarch64-apple-darwin.zip)
-- [macOS (on Intel CPUs)](https://downloads.ferronweb.org/1.3.4/ferron-1.3.4-x86_64-apple-darwin.zip)
+- [64-bit GNU/Linux](https://downloads.ferronweb.org/1.3.5/ferron-1.3.5-x86_64-unknown-linux-gnu.zip)
+- [64-bit Linux (musl libc)](https://downloads.ferronweb.org/1.3.5/ferron-1.3.5-x86_64-unknown-linux-musl.zip)
+- [64-bit Windows](https://downloads.ferronweb.org/1.3.5/ferron-1.3.5-x86_64-pc-windows-msvc.zip)
+- [ARM64 GNU/Linux](https://downloads.ferronweb.org/1.3.5/ferron-1.3.5-aarch64-unknown-linux-gnu.zip)
+- [ARM64 Linux (musl libc)](https://downloads.ferronweb.org/1.3.5/ferron-1.3.5-aarch64-unknown-linux-musl.zip)
+- [macOS (on Apple Silicon)](https://downloads.ferronweb.org/1.3.5/ferron-1.3.5-aarch64-apple-darwin.zip)
+- [macOS (on Intel CPUs)](https://downloads.ferronweb.org/1.3.5/ferron-1.3.5-x86_64-apple-darwin.zip)
 
 ### Other platforms
 
-- [32-bit GNU/Linux](https://downloads.ferronweb.org/1.3.4/ferron-1.3.4-i686-unknown-linux-gnu.zip)
-- [32-bit Linux (musl libc)](https://downloads.ferronweb.org/1.3.4/ferron-1.3.4-i686-unknown-linux-musl.zip)
-- [32-bit Windows](https://downloads.ferronweb.org/1.3.4/ferron-1.3.4-i686-pc-windows-msvc.zip)
-- [64-bit FreeBSD](https://downloads.ferronweb.org/1.3.4/ferron-1.3.4-x86_64-unknown-freebsd.zip)
-- [ARM64 Windows](https://downloads.ferronweb.org/1.3.4/ferron-1.3.4-aarch64-pc-windows-msvc.zip)
-- [ARMv7 hardfloat GNU/Linux](https://downloads.ferronweb.org/1.3.4/ferron-1.3.4-armv7-unknown-linux-gnueabihf.zip)
-- [ARMv7 hardfloat Linux (musl libc)](https://downloads.ferronweb.org/1.3.4/ferron-1.3.4-armv7-unknown-linux-musleabihf.zip)
-- [GNU/Linux on IBM Z](https://downloads.ferronweb.org/1.3.4/ferron-1.3.4-s390x-unknown-linux-gnu.zip)
-- [Power LE GNU/Linux](https://downloads.ferronweb.org/1.3.4/ferron-1.3.4-powerpc64le-unknown-linux-gnu.zip)
-- [RISC-V GNU/Linux](https://downloads.ferronweb.org/1.3.4/ferron-1.3.4-riscv64gc-unknown-linux-gnu.zip)
+- [32-bit GNU/Linux](https://downloads.ferronweb.org/1.3.5/ferron-1.3.5-i686-unknown-linux-gnu.zip)
+- [32-bit Linux (musl libc)](https://downloads.ferronweb.org/1.3.5/ferron-1.3.5-i686-unknown-linux-musl.zip)
+- [32-bit Windows](https://downloads.ferronweb.org/1.3.5/ferron-1.3.5-i686-pc-windows-msvc.zip)
+- [64-bit FreeBSD](https://downloads.ferronweb.org/1.3.5/ferron-1.3.5-x86_64-unknown-freebsd.zip)
+- [ARM64 Windows](https://downloads.ferronweb.org/1.3.5/ferron-1.3.5-aarch64-pc-windows-msvc.zip)
+- [ARMv7 hardfloat GNU/Linux](https://downloads.ferronweb.org/1.3.5/ferron-1.3.5-armv7-unknown-linux-gnueabihf.zip)
+- [ARMv7 hardfloat Linux (musl libc)](https://downloads.ferronweb.org/1.3.5/ferron-1.3.5-armv7-unknown-linux-musleabihf.zip)
+- [GNU/Linux on IBM Z](https://downloads.ferronweb.org/1.3.5/ferron-1.3.5-s390x-unknown-linux-gnu.zip)
+- [Power LE GNU/Linux](https://downloads.ferronweb.org/1.3.5/ferron-1.3.5-powerpc64le-unknown-linux-gnu.zip)
+- [RISC-V GNU/Linux](https://downloads.ferronweb.org/1.3.5/ferron-1.3.5-riscv64gc-unknown-linux-gnu.zip)
 
 Older versions of Ferron can be found at the [Ferron download server](https://downloads.ferronweb.org/).
 
 ## Note for Windows
 
 Possibly due to Ferron on Windows not being digitally signed, Microsoft Defender SmartScreen may warn you against running the Ferron executable.
 
-If you don't trust the pre-built Ferron executables, you can always either verify the checksums (you can [download the checksums](https://downloads.ferronweb.org/1.3.4/ferron-1.3.4.sha256sum)), or compile Ferron yourself (from [our repository](https://github.com/ferronweb/ferron)).
+If you don't trust the pre-built Ferron executables, you can always either verify the checksums (you can [download the checksums](https://downloads.ferronweb.org/1.3.5/ferron-1.3.5.sha256sum)), or compile Ferron yourself (from [our repository](https://github.com/ferronweb/ferron)).
diff --git a/website/src/pages/vulnerabilities.md b/website/src/pages/vulnerabilities.md
@@ -6,6 +6,10 @@ description: Discover security vulnerabilities of outdated Ferron versions. Stay
 
 Some older versions of Ferron may contain security vulnerabilities. It's recommended to keep Ferron up-to-date.
 
+## Fixed in Ferron 1.3.5
+
+- An attacker could send a lot of concurrent requests that have a header defining accepted compression algorithm to be Brotli (for example using `ferrbench -c 20000 -d 1h -t 12 -H "Cache-Control: no-cache" -H "Accept-Encoding: br" -h https://victim.example --http2` command) to cause the server to consume too much memory. (CWE-400)
+
 ## Fixed in Ferron 1.3.4
 
 - An attacker could request a resource with a URL that would be replaced with a sanitized one, to possibly bypass security restrictions, if they're configured in location configurations. (CWE-20; introduced in Ferron 1.0.0-beta2)
