mirror of
https://github.com/socketio/socket.io.git
synced 2026-04-30 03:00:39 -04:00
26 lines
1.3 KiB
Markdown
26 lines
1.3 KiB
Markdown
# Security Policy
|
|
|
|
## Supported Versions
|
|
|
|
| Version | `socket.io` version | Supported |
|
|
|---------|---------------------|--------------------|
|
|
| 6.x | 4.x | :white_check_mark: |
|
|
| 4.x | 3.x | :white_check_mark: |
|
|
| 3.5.x | 2.4.x | :white_check_mark: |
|
|
| < 3.5.0 | < 2.4.0 | :x: |
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
To report a security vulnerability in this package, please send an email to [@darrachequesne](https://github.com/darrachequesne) (see address in profile) describing the vulnerability and how to reproduce it.
|
|
|
|
We will get back to you as soon as possible and publish a fix if necessary.
|
|
|
|
:warning: IMPORTANT :warning: please do not create an issue in this repository, as attackers might take advantage of it. Thank you in advance for your responsible disclosure.
|
|
|
|
## History
|
|
|
|
- Feb 2020: [Resource exhaustion in engine.io](https://github.com/advisories/GHSA-j4f2-536g-r55m) (CVE-2020-36048)
|
|
- Jan 2022: [Uncaught exception in engine.io](https://github.com/advisories/GHSA-273r-mgr4-v34f) (CVE-2022-21676)
|
|
- Nov 2022: [Uncaught exception in engine.io](https://github.com/advisories/GHSA-r7qp-cfhv-p84w) (CVE-2022-41940)
|
|
- May 2023: [Uncaught exception in engine.io](https://github.com/advisories/GHSA-q9mw-68c2-j6m5) (CVE-2023-31125)
|