Releases: socketio/socket.io
Release list
socket.io-parser@3.3.6
Bug Fixes
- reject binary packets with zero attachments (9c6323e)
socket.io-parser@4.2.7
socket.io-parser@3.4.5
Bug Fixes
- reject binary packets with zero attachments (ced94ff)
socket.io-adapter@2.5.8
The ws dependency was bumped to ~8.21.0 following CVE-2026-48779.
engine.io@6.6.9
engine.io-client@6.6.6
socket.io-adapter@2.5.7
The ws dependency was bumped to ~8.20.1 following CVE-2026-45736.
Note from the ws maintainers:
Although the calculated CVSS severity is medium, the actual severity is believed to be low, as the flaw is only exploitable through misuse that is unlikely in practice.
Bug Fixes
engine.io@6.6.8
The ws dependency was bumped to ~8.20.1 following CVE-2026-45736.
Note from the ws maintainers:
Although the calculated CVSS severity is medium, the actual severity is believed to be low, as the flaw is only exploitable through misuse that is unlikely in practice.
Bug Fixes
- clean up resources upon WebTransport handshake failure (f86b95f)
Dependencies
engine.io-client@6.6.5
The ws dependency was bumped to ~8.20.1 following CVE-2026-45736.
Note from the ws maintainers:
Although the calculated CVSS severity is medium, the actual severity is believed to be low, as the flaw is only exploitable through misuse that is unlikely in practice.
Dependencies
engine.io@6.6.7
Bug Fixes
- close HTTP requests with invalid content type (fc11285)
- handle invalid packets when upgrading to WebTransport (1fa1f46)
- prevent WebTransport connections when a middleware is registered (d1f5aa9)
Dependencies
ws@~8.18.3(no change)