honojs/hono v3.9.2

on GitHub

Security Update for Windows

This release includes a security patch that fixes the vulnerability for serveStatic on Windows OS. If you run a Hono app on Windows with Deno or Node.js, you must upgrade to this version 3.9.2 immediately.

Note: You don't need upgrade it right now if you run it on Cloudflare, Deno on Linux/Unix/macOS, Deno Deploy, Bun, or Node.js on Linux/Unix/macOS.

How to upgrade

For Deno

Just increment the version specifier to v3.9.2.

import { Hono } from 'https://deno.land/x/hono@v3.9.2/mod.ts'
import { serveStatic } from 'https://deno.land/x/hono@v3.9.2/middleware.ts'

For Node.js

Upgrade the hono package via npm:

npm install hono

// OR

yarn add hono

// OR

pnpm up hono

You may not update the hono package with npm update, so please use npm install.

Our Approach to Security

If you discover such a vulnerability, please contact us immediately. We will respond immediately; we have enabled GitHub's private vulnerability reporting feature, so please use that.

https://github.com/honojs/hono/security/advisories

Thanks.

What's Changed

• chore(ci): maintenance Node.js by @watany-dev in #1636
• fix(utils/filepath): filepath supports Windows by @yusukebe in #1642

Full Changelog: v3.9.1...v3.9.2