Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: socketio/engine.io
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: e7115b8
Choose a base ref
...
head repository: socketio/engine.io
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: c6315af
Choose a head ref
  • 12 commits
  • 24 files changed
  • 2 contributors

Commits on Dec 30, 2020

  1. docs(changelog): include changelog for release 3.5.0 

    Merged from the 3.5.x branch.
    @darrachequesne
    darrachequesne committed Dec 30, 2020
    Configuration menu
    Copy the full SHA
    04ea358 View commit details
    Browse the repository at this point in the history

  2. fix: correctly pass the options when using the Server constructor (#610) 

    Fixes #580
    @2Pacalypse-
    2Pacalypse- authored Dec 30, 2020
    Configuration menu
    Copy the full SHA
    cec2750 View commit details
    Browse the repository at this point in the history

  3. chore: update GitHub issue templates

    @darrachequesne
    darrachequesne committed Dec 30, 2020
    Configuration menu
    Copy the full SHA
    fffa0a3 View commit details
    Browse the repository at this point in the history

Commits on Jan 4, 2021

  1. chore: bump ws and debug versions

    @darrachequesne
    darrachequesne committed Jan 4, 2021
    Configuration menu
    Copy the full SHA
    5a91253 View commit details
    Browse the repository at this point in the history

  2. chore(release): 4.0.6 

    Diff: 4.0.5...4.0.6
    @darrachequesne
    darrachequesne committed Jan 4, 2021
    Configuration menu
    Copy the full SHA
    9b62152 View commit details
    Browse the repository at this point in the history

Commits on Jan 14, 2021

  1. feat: add support for v3.x clients 

    In order to ease the migration to Socket.IO v3, the Engine.IO server
can now communicate with v3.x clients.

```js
const eioServer = require("engine.io")(httpServer, {
  allowEIO3: true // false by default
});
```

If `allowEIO3` is false, the v3.x clients will now receive an HTTP 400
response ("Unsupported protocol version").

Note: the code of the v3 parser has been imported from [1] and
browser-related dependencies were removed.

[1]: https://github.com/socketio/engine.io-parser/tree/2.2.1

Related:

- socketio/engine.io-protocol#35
- socketio/socket.io-protocol#21
    @darrachequesne
    darrachequesne committed Jan 14, 2021
    Configuration menu
    Copy the full SHA
    663d326 View commit details
    Browse the repository at this point in the history

  2. chore(release): 4.1.0 

    Diff: 4.0.6...4.1.0
    @darrachequesne
    darrachequesne committed Jan 14, 2021
    Configuration menu
    Copy the full SHA
    e5b307c View commit details
    Browse the repository at this point in the history

Commits on Feb 2, 2021

  1. fix: do not reset the ping timer after upgrade 

    There was two issues with this behavior:

- v3 clients (with allowEIO3: true) were also receiving a "ping" after
a successful upgrade, which is incorrect (in v3, it's the client that
sends the "ping", and the server answers with a "pong")

- the ping timer is not reset after upgrade on the client-side, so an
upgrade which took longer than the `pingTimeout` duration could lead to
a "ping timeout" error on the client-side

I think the latter issue is present since the initial implementation.

Related: socketio/socket.io-client-swift#1309 (comment)
    @darrachequesne
    darrachequesne committed Feb 2, 2021
    Configuration menu
    Copy the full SHA
    ff2b8ab View commit details
    Browse the repository at this point in the history

  2. chore: point towards the master branch for the CI badge 

    Reference: https://docs.github.com/en/actions/managing-workflow-runs/adding-a-workflow-status-badge#using-the-branch-parameter
    @darrachequesne
    darrachequesne committed Feb 2, 2021
    Configuration menu
    Copy the full SHA
    ae840fa View commit details
    Browse the repository at this point in the history

  3. chore(release): 4.1.1 

    Diff: 4.1.0...4.1.1
    @darrachequesne
    darrachequesne committed Feb 2, 2021
    Configuration menu
    Copy the full SHA
    9534355 View commit details
    Browse the repository at this point in the history

Commits on Jan 11, 2022

  1. fix: properly handle invalid data sent by a malicious websocket client 

    **IMPORTANT SECURITY FIX**

A malicious client could send a specially crafted HTTP request,
triggering an uncaught exception and killing the Node.js process:

> RangeError: Invalid WebSocket frame: RSV2 and RSV3 must be clear
>   at Receiver.getInfo (/.../node_modules/ws/lib/receiver.js:176:14)
>   at Receiver.startLoop (/.../node_modules/ws/lib/receiver.js:136:22)
>   at Receiver._write (/.../node_modules/ws/lib/receiver.js:83:10)
>   at writeOrBuffer (internal/streams/writable.js:358:12)

This bug was introduced by [1], included in `[email protected]`, so
previous releases are not impacted.

[1]: f3c291f

Thanks to Marcus Wejderot from Mevisio for the responsible disclosure.

Backported from master: c0e194d
    @darrachequesne
    darrachequesne committed Jan 11, 2022
    Configuration menu
    Copy the full SHA
    a70800d View commit details
    Browse the repository at this point in the history

  2. chore(release): 4.1.2 

    Diff: 4.1.1...4.1.2
    @darrachequesne
    darrachequesne committed Jan 11, 2022
    Configuration menu
    Copy the full SHA
    c6315af View commit details
    Browse the repository at this point in the history
Loading