Skip to content

6.2.1
Compare
Choose a tag to compare
@darrachequesne darrachequesne released this 20 Nov 01:18
· 72 commits to main since this release
6.2.1
24b847b
This commit was signed with the committer’s verified signature.
darrachequesne Damien Arrachequesne
GPG key ID: 544D14663E7F7CF0
Learn about vigilant mode.

⚠️ This release contains an important security fix ⚠️

A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:

Error: read ECONNRESET
    at TCP.onStreamRead (internal/stream_base_commons.js:209:20)
Emitted 'error' event on Socket instance at:
    at emitErrorNT (internal/streams/destroy.js:106:8)
    at emitErrorCloseNT (internal/streams/destroy.js:74:3)
    at processTicksAndRejections (internal/process/task_queues.js:80:21) {
  errno: -104,
  code: 'ECONNRESET',
  syscall: 'read'
}

Please upgrade as soon as possible.

Bug Fixes

  • catch errors when destroying invalid upgrades (#658) (425e833)
Assets 2
Loading