Skip to content

6.4.2
Compare
Choose a tag to compare
@darrachequesne darrachequesne released this 01 May 23:29
· 42 commits to main since this release
6.4.2
95e2153
This commit was signed with the committer’s verified signature. The key has expired.
darrachequesne Damien Arrachequesne
GPG key ID: 544D14663E7F7CF0
Expired
Verified
Learn about vigilant mode.

⚠️ This release contains an important security fix ⚠️

A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:

TypeError: Cannot read properties of undefined (reading 'handlesUpgrades')
  at Server.onWebSocket (build/server.js:515:67)

Please upgrade as soon as possible.

Bug Fixes

  • include error handling for Express middlewares (#674) (9395782)
  • prevent crash when provided with an invalid query param (fc480b4)
  • typings: make clientsCount public (#675) (bd6d471)
  • uws: prevent crash when using with middlewares (8b22162)

Credits

Huge thanks to @tyilo and @cieldeville for helping!

Links

Assets 2
Loading
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy