Skip to content

6.4.2
Compare
Choose a tag to compare
@darrachequesne darrachequesne released this 01 May 23:29
· 23 commits to main since this release
6.4.2
95e2153
This commit was signed with the committer’s verified signature.
darrachequesne Damien Arrachequesne
GPG key ID: 544D14663E7F7CF0
Learn about vigilant mode.

⚠️ This release contains an important security fix ⚠️

A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:

TypeError: Cannot read properties of undefined (reading 'handlesUpgrades')
  at Server.onWebSocket (build/server.js:515:67)

Please upgrade as soon as possible.

Bug Fixes

  • include error handling for Express middlewares (#674) (9395782)
  • prevent crash when provided with an invalid query param (fc480b4)
  • typings: make clientsCount public (#675) (bd6d471)
  • uws: prevent crash when using with middlewares (8b22162)

Credits

Huge thanks to @tyilo and @cieldeville for helping!

Links

Assets 2