Security Update for Windows
This release includes a security patch that fixes the vulnerability for serveStatic
on Windows OS. If you run a Hono app on Windows with Deno or Node.js, you must upgrade to this version 3.9.2
immediately.
Note: You don't need upgrade it right now if you run it on Cloudflare, Deno on Linux/Unix/macOS, Deno Deploy, Bun, or Node.js on Linux/Unix/macOS.
How to upgrade
For Deno
Just increment the version specifier to v3.9.2
.
import { Hono } from 'https://deno.land/x/hono@v3.9.2/mod.ts'
import { serveStatic } from 'https://deno.land/x/hono@v3.9.2/middleware.ts'
For Node.js
Upgrade the hono
package via npm:
npm install hono
// OR
yarn add hono
// OR
pnpm up hono
You may not update the hono
package with npm update
, so please use npm install
.
Our Approach to Security
If you discover such a vulnerability, please contact us immediately. We will respond immediately; we have enabled GitHub's private vulnerability reporting feature, so please use that.
https://github.com/honojs/hono/security/advisories
Thanks.
What's Changed
- chore(ci): maintenance Node.js by @watany-dev in #1636
- fix(utils/filepath): filepath supports Windows by @yusukebe in #1642
Full Changelog: v3.9.1...v3.9.2