6.1.1 (2022-01-11)

:warning: This release contains an important security fix :warning:

A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:

RangeError: Invalid WebSocket frame: RSV2 and RSV3 must be clear at Receiver.getInfo (/.../node_modules/ws/lib/receiver.js:176:14) at Receiver.startLoop (/.../node_modules/ws/lib/receiver.js:136:22) at Receiver._write (/.../node_modules/ws/lib/receiver.js:83:10) at writeOrBuffer (internal/streams/writable.js:358:12)

This bug was introduced by this commit, included in engine.io@4.0.0, so previous releases are not impacted.

Thanks to Marcus Wejderot from Mevisio for the responsible disclosure.

Bug Fixes

• properly handle invalid data sent by a malicious websocket client (c0e194d)

6.1.0 (2021-11-08)

Bug Fixes

• fix payload encoding for v3 clients (ed50fc3)

Features

• add an implementation based on uWebSockets.js (271e2df)

Performance Improvements

• refresh ping timer (#628) (37474c7)

6.0.1 (2021-11-06)

Bug Fixes

• fix payload encoding for v3 clients (3f42262)

6.0.0 (2021-10-08)

The codebase was migrated to TypeScript (c0d6eaa)

An ES module wrapper was also added (401f4b6).

Please note that the communication protocol was not updated, so a v5 client will be able to reach a v6 server (and vice-versa).

Reference: https://github.com/socketio/engine.io-protocol

BREAKING CHANGES

• the default export was removed, so the following code won't work anymore:

const eioServer = require("engine.io")(httpServer);

Please use this instead:

const { Server } = require("engine.io");
const eioServer = new Server(httpServer);

Dependencies

ws version: ~8.2.3 (bumped from ~7.4.2)

5.2.0 (2021-08-29)

No change on the server-side, this matches the client release.

5.1.1 (2021-05-16)

Bug Fixes

• properly close the websocket connection upon handshake error (4360686)

5.1.0 (2021-05-04)

Features

• add a "connection_error" event (7096e98)
• add the "initial_headers" and "headers" events (2527543)

Performance Improvements

• websocket: add a "wsPreEncoded" writing option (7706b12)
• websocket: fix write back-pressure (#618) (ad5306a)

5.0.0 (2021-03-10)

Bug Fixes

• set default protocol version to 3 (#616) (868d891)

Features

• increase the default value of pingTimeout (5a7fa13)
• remove dynamic require() with wsEngine (edb7343)

BREAKING CHANGES

• the syntax of the "wsEngine" option is updated

Before:

const eioServer = require("engine.io")(httpServer, {
  wsEngine: "eiows"
});

After:

const eioServer = require("engine.io")(httpServer, {
  wsEngine: require("eiows").Server
});

4.1.1 (2021-02-02)

Bug Fixes

• do not reset the ping timer after upgrade (ff2b8ab), closes /github.com/socketio/socket.io-client-swift/pull/1309#issuecomment-768475704