Skip to content

4.2.3
Compare
Choose a tag to compare
@darrachequesne darrachequesne released this 22 May 08:25
· 13 commits to main since this release
4.2.3
b6c824f
This commit was signed with the committer’s verified signature.
darrachequesne Damien Arrachequesne
GPG key ID: 544D14663E7F7CF0
Learn about vigilant mode.

⚠️ This release contains an important security fix ⚠️

A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:

TypeError: Cannot convert object to primitive value
       at Socket.emit (node:events:507:25)
       at .../node_modules/socket.io/lib/socket.js:531:14

Please upgrade as soon as possible.

Bug Fixes

  • check the format of the event name (3b78117)

Links

Assets 2
Loading