Permalink
Comparing changes
Choose two branches to see what’s changed or to start a new pull request.
If you need to, you can also or
learn more about diff comparisons.
Open a pull request
Create a new pull request by comparing changes across two branches. If you need to, you can also .
Learn more about diff comparisons here.
...
- 4 commits
- 3 files changed
- 1 contributor
Commits on Jun 1, 2021
-
[security] Fix ReDoS vulnerability
A specially crafted value of the `Sec-Websocket-Protocol` header could be used to significantly slow down a ws server. PoC and fix were sent privately by Robert McLaughlin from University of California, Santa Barbara.
-
Commits on Jun 16, 2024
-
[security] Fix crash when the Upgrade header cannot be read (#2231)
It is possible that the Upgrade header is correctly received and handled (the `'upgrade'` event is emitted) without its value being returned to the user. This can happen if the number of received headers exceed the `server.maxHeadersCount` or `request.maxHeadersCount` threshold. In this case `incomingMessage.headers.upgrade` may not be set. Handle the case correctly and abort the handshake. Fixes #2230
-
Loading
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff 6.2.1...6.2.3