Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport CVE-2020-36048 to 3.5.x #612

Closed
andrewaustin opened this issue Jan 11, 2021 · 4 comments
Closed

Backport CVE-2020-36048 to 3.5.x #612

andrewaustin opened this issue Jan 11, 2021 · 4 comments
Labels
bug Something isn't working

Comments

@andrewaustin
Copy link

Can we backport the change here: 734f9d1 to 3.5.x?
@andrewaustin andrewaustin added the bug Something isn't working label Jan 11, 2021
@andrewaustin andrewaustin mentioned this issue Jan 11, 2021
Closed
@darrachequesne
Copy link
Member

Thanks for raising this issue 👍

My only concern is that it is actually a breaking change that is likely to break some production deployments. What do you think?

@andrewaustin
Copy link
Author

Is it possible to opt into the fix somehow without doing a major version bump?

@darrachequesne
Copy link
Member

As I said above, this is a breaking change that will silently bite some users.

What we could do instead is deprecate the latest 3.x version, in order to help users upgrade to Engine.IO v4 / Socket.IO v3.

@cronon cronon mentioned this issue Feb 10, 2021
Closed
10 tasks
@snyk-bot snyk-bot mentioned this issue May 27, 2021
Open
@darrachequesne darrachequesne mentioned this issue Aug 10, 2021
Closed
@darrachequesne
Copy link
Member

Closed due to inactivity, please reopen if needed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@andrewaustin @darrachequesne