Skip to content

Releases: socketio/socket.io

socket.io-parser@3.3.6

Choose a tag to compare

@darrachequesne darrachequesne released this 16 Jul 08:28
98e61b9

Bug Fixes

  • reject binary packets with zero attachments (9c6323e)

socket.io-parser@4.2.7

Choose a tag to compare

@darrachequesne darrachequesne released this 15 Jul 14:55
4054894

Bug Fixes

  • honor toJSON() when deconstructing a binary packet (#5518) (57f1114)
  • reject binary packets with zero attachments (7c6ef57)

New Contributors

socket.io-parser@3.4.5

Choose a tag to compare

@darrachequesne darrachequesne released this 16 Jul 08:27
e590976

Bug Fixes

  • reject binary packets with zero attachments (ced94ff)

socket.io-adapter@2.5.8

Choose a tag to compare

@darrachequesne darrachequesne released this 16 Jun 09:19
ac83bfa

The ws dependency was bumped to ~8.21.0 following CVE-2026-48779.

engine.io@6.6.9

Choose a tag to compare

@darrachequesne darrachequesne released this 16 Jun 09:18
9dbec81

The ws dependency was bumped to ~8.21.0 following CVE-2026-48779.

Dependencies

engine.io-client@6.6.6

Choose a tag to compare

@darrachequesne darrachequesne released this 16 Jun 09:18
22cc483

The ws dependency was bumped to ~8.21.0 following CVE-2026-48779.

Bug Fixes

Dependencies

socket.io-adapter@2.5.7

Choose a tag to compare

@darrachequesne darrachequesne released this 20 May 09:35
4faff49

The ws dependency was bumped to ~8.20.1 following CVE-2026-45736.

Note from the ws maintainers:

Although the calculated CVSS severity is medium, the actual severity is believed to be low, as the flaw is only exploitable through misuse that is unlikely in practice.

Bug Fixes

  • do not skip local broadcast when publishAndReturnOffset throws (#5457) (f630158)

engine.io@6.6.8

Choose a tag to compare

@darrachequesne darrachequesne released this 20 May 09:33
ffe51e2

The ws dependency was bumped to ~8.20.1 following CVE-2026-45736.

Note from the ws maintainers:

Although the calculated CVSS severity is medium, the actual severity is believed to be low, as the flaw is only exploitable through misuse that is unlikely in practice.

Bug Fixes

  • clean up resources upon WebTransport handshake failure (f86b95f)

Dependencies

engine.io-client@6.6.5

Choose a tag to compare

@darrachequesne darrachequesne released this 20 May 09:34
8413bce

The ws dependency was bumped to ~8.20.1 following CVE-2026-45736.

Note from the ws maintainers:

Although the calculated CVSS severity is medium, the actual severity is believed to be low, as the flaw is only exploitable through misuse that is unlikely in practice.

Dependencies

engine.io@6.6.7

Choose a tag to compare

@darrachequesne darrachequesne released this 27 Apr 09:24
439a8f6

Bug Fixes

  • close HTTP requests with invalid content type (fc11285)
  • handle invalid packets when upgrading to WebTransport (1fa1f46)
  • prevent WebTransport connections when a middleware is registered (d1f5aa9)

Dependencies