npm @hono/node-server 2.0.10
v2.0.10

7 hours ago

Security fixes

This release includes a fix for the following security issue:

Unauthenticated memory-leak DoS via aborted WebSocket handshake

Affects: upgradeWebSocket. A WebSocket upgrade request with a missing or malformed Sec-WebSocket-Key header leaked the request's IncomingMessage and left a promise pending, even though no connection was established. Since the route is reachable pre-handshake without authentication, an attacker could flood it to gradually exhaust memory. GHSA-9mqv-5hh9-4cgg


Users of upgradeWebSocket are encouraged to upgrade to this version.

Don't miss a new node-server release

NewReleases is sending notifications on new releases.