engine.io
Advanced tools
Changelog
6.3.0 (2023-01-10)
The trailing slash which was added by default can now be disabled:
import { Server } from "engine.io";
const server = new Server();
server.attach(httpServer, {
addTrailingSlash: false
});
In the example above, the clients can omit the trailing slash and use /engine.io
instead of /engine.io/
.
This will be used when broadcasting packets at the Socket.IO level.
See also: https://github.com/socketio/socket.io-adapter/commit/5f7b47d40f9daabe4e3c321eda620bbadfe5ce96
Changelog
3.6.1 (2022-11-20)
:warning: This release contains an important security fix :warning:
A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:
Error: read ECONNRESET
at TCP.onStreamRead (internal/stream_base_commons.js:209:20)
Emitted 'error' event on Socket instance at:
at emitErrorNT (internal/streams/destroy.js:106:8)
at emitErrorCloseNT (internal/streams/destroy.js:74:3)
at processTicksAndRejections (internal/process/task_queues.js:80:21) {
errno: -104,
code: 'ECONNRESET',
syscall: 'read'
}
Please upgrade as soon as possible.
ws@~7.4.2
(no change)Changelog
6.2.1 (2022-11-20)
:warning: This release contains an important security fix :warning:
A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:
Error: read ECONNRESET
at TCP.onStreamRead (internal/stream_base_commons.js:209:20)
Emitted 'error' event on Socket instance at:
at emitErrorNT (internal/streams/destroy.js:106:8)
at emitErrorCloseNT (internal/streams/destroy.js:74:3)
at processTicksAndRejections (internal/process/task_queues.js:80:21) {
errno: -104,
code: 'ECONNRESET',
syscall: 'read'
}
Please upgrade as soon as possible.
ws@~8.2.3
(no change)Changelog
3.6.0 (2022-06-06)
This change reduces the default value from 100 mb to a more sane 1 mb.
This helps protect the server against denial of service attacks by malicious clients sending huge amounts of data.
See also: https://github.com/advisories/GHSA-j4f2-536g-r55m
Changelog
6.2.0 (2022-04-17)
So that clients in HTTP long-polling can decide how many packets they have to send to stay under the maxHttpBufferSize value.
This is a backward compatible change which should not mandate a new major revision of the protocol (we stay in v4), as we only add a field in the JSON-encoded handshake data:
0{"sid":"lv_VI97HAXpY6yYWAAAC","upgrades":["websocket"],"pingInterval":25000,"pingTimeout":5000,"maxPayload":1000000}