Skip to content

6.4.2

Compare
Choose a tag to compare
@darrachequesne darrachequesne released this 01 May 23:29
· 42 commits to main since this release
95e2153

⚠️ This release contains an important security fix ⚠️

A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:

TypeError: Cannot read properties of undefined (reading 'handlesUpgrades')
  at Server.onWebSocket (build/server.js:515:67)

Please upgrade as soon as possible.

Bug Fixes

  • include error handling for Express middlewares (#674) (9395782)
  • prevent crash when provided with an invalid query param (fc480b4)
  • typings: make clientsCount public (#675) (bd6d471)
  • uws: prevent crash when using with middlewares (8b22162)

Credits

Huge thanks to @tyilo and @cieldeville for helping!

Links