⚠️ This release contains an important security fix ⚠️
A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:
TypeError: Cannot read properties of undefined (reading 'handlesUpgrades')
at Server.onWebSocket (build/server.js:515:67)
Please upgrade as soon as possible.
Bug Fixes
- include error handling for Express middlewares (#674) (9395782)
- prevent crash when provided with an invalid query param (fc480b4)
- typings: make clientsCount public (#675) (bd6d471)
- uws: prevent crash when using with middlewares (8b22162)
Credits
Huge thanks to @tyilo and @cieldeville for helping!
Links
- Diff: 6.4.1...6.4.2
- Client release: -
- ws version: ~8.11.0 (no change)