mirror of
https://github.com/socketio/socket.io.git
synced 2026-01-09 15:08:12 -05:00
1.3 KiB
1.3 KiB
Security Policy
Supported Versions
| Version | socket.io version |
Supported |
|---|---|---|
| 6.x | 4.x | ✅ |
| 4.x | 3.x | ✅ |
| 3.5.x | 2.4.x | ✅ |
| < 3.5.0 | < 2.4.0 | ❌ |
Reporting a Vulnerability
To report a security vulnerability in this package, please send an email to @darrachequesne (see address in profile) describing the vulnerability and how to reproduce it.
We will get back to you as soon as possible and publish a fix if necessary.
⚠️ IMPORTANT ⚠️ please do not create an issue in this repository, as attackers might take advantage of it. Thank you in advance for your responsible disclosure.
History
- Feb 2020: Resource exhaustion in engine.io (CVE-2020-36048)
- Jan 2022: Uncaught exception in engine.io (CVE-2022-21676)
- Nov 2022: Uncaught exception in engine.io (CVE-2022-41940)
- May 2023: Uncaught exception in engine.io (CVE-2023-31125)