4.2.4

Bug Fixes

• ensure reserved events cannot be used as event names (d9db473)
• properly detect plain objects (b0e6400)

Links

• Diff: 4.2.3...4.2.4

4.2.3

⚠️ This release contains an important security fix ⚠️

A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:

TypeError: Cannot convert object to primitive value
       at Socket.emit (node:events:507:25)
       at .../node_modules/socket.io/lib/socket.js:531:14

Please upgrade as soon as possible.

Bug Fixes

• check the format of the event name (3b78117)

Links

• Diff: 4.2.2...4.2.3

3.4.3

⚠️ This release contains an important security fix ⚠️

A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:

TypeError: Cannot convert object to primitive value
       at Socket.emit (node:events:507:25)
       at .../node_modules/socket.io/lib/socket.js:531:14

Please upgrade as soon as possible.

Bug Fixes

• check the format of the event name (2dc3c92)

Links

• Diff: 3.4.2...3.4.3

4.2.2

Bug Fixes

• calling destroy() should clear all internal state (22c42e3)
• do not modify the input packet upon encoding (ae8dd88)

Links

• Diff: 4.2.1...4.2.2

3.4.2

Bug Fixes

• check the format of the index of each attachment (04d23ce)

Links

• Diff: 3.4.1...3.4.2
• Branch: 3.4.x

3.3.3

Bug Fixes

• check the format of the index of each attachment (fb21e42)

Links

• Diff: 3.3.2...3.3.3
• Branch: 3.3.x

4.2.1

Bug Fixes

• check the format of the index of each attachment (b5d0cb7)

Links

• Diff: 4.2.0...4.2.1

4.0.5

Bug Fixes

• check the format of the index of each attachment (b559f05)

Links

• Diff: 4.0.4...4.0.5
• Branch: 4.0.x

4.2.0

Features

• allow the usage of custom replacer and reviver (#112) (b08bc1a)

Links

• Diff: 4.1.2...4.2.0

4.1.2

Bug Fixes

• allow objects with a null prototype in binary packets (#114) (7f6b262)

Links

• Diff: 4.1.1...4.1.2