Skip to content

Releases: socketio/socket.io

socket.io-adapter@2.5.8

16 Jun 09:19
@darrachequesne darrachequesne
socket.io-adapter@2.5.8
ac83bfa
This commit was signed with the committer’s verified signature. The key has expired.
darrachequesne Damien Arrachequesne
GPG key ID: 544D14663E7F7CF0
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
socket.io-adapter@2.5.8

The ws dependency was bumped to ~8.21.0 following CVE-2026-48779.

Loading

engine.io@6.6.9

16 Jun 09:18
@darrachequesne darrachequesne
engine.io@6.6.9
9dbec81
This commit was signed with the committer’s verified signature. The key has expired.
darrachequesne Damien Arrachequesne
GPG key ID: 544D14663E7F7CF0
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
engine.io@6.6.9

The ws dependency was bumped to ~8.21.0 following CVE-2026-48779.

Dependencies

Loading

engine.io-client@6.6.6

16 Jun 09:18
@darrachequesne darrachequesne
engine.io-client@6.6.6
22cc483
This commit was signed with the committer’s verified signature. The key has expired.
darrachequesne Damien Arrachequesne
GPG key ID: 544D14663E7F7CF0
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
engine.io-client@6.6.6

The ws dependency was bumped to ~8.21.0 following CVE-2026-48779.

Bug Fixes

Dependencies

Loading

socket.io-adapter@2.5.7

20 May 09:35
@darrachequesne darrachequesne
socket.io-adapter@2.5.7
4faff49
This commit was signed with the committer’s verified signature. The key has expired.
darrachequesne Damien Arrachequesne
GPG key ID: 544D14663E7F7CF0
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
socket.io-adapter@2.5.7

The ws dependency was bumped to ~8.20.1 following CVE-2026-45736.

Note from the ws maintainers:

Although the calculated CVSS severity is medium, the actual severity is believed to be low, as the flaw is only exploitable through misuse that is unlikely in practice.

Bug Fixes

  • do not skip local broadcast when publishAndReturnOffset throws (#5457) (f630158)
Loading

engine.io@6.6.8

20 May 09:33
@darrachequesne darrachequesne
engine.io@6.6.8
ffe51e2
This commit was signed with the committer’s verified signature. The key has expired.
darrachequesne Damien Arrachequesne
GPG key ID: 544D14663E7F7CF0
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
engine.io@6.6.8

The ws dependency was bumped to ~8.20.1 following CVE-2026-45736.

Note from the ws maintainers:

Although the calculated CVSS severity is medium, the actual severity is believed to be low, as the flaw is only exploitable through misuse that is unlikely in practice.

Bug Fixes

  • clean up resources upon WebTransport handshake failure (f86b95f)

Dependencies

Loading

engine.io-client@6.6.5

20 May 09:34
@darrachequesne darrachequesne
engine.io-client@6.6.5
8413bce
This commit was signed with the committer’s verified signature. The key has expired.
darrachequesne Damien Arrachequesne
GPG key ID: 544D14663E7F7CF0
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
engine.io-client@6.6.5

The ws dependency was bumped to ~8.20.1 following CVE-2026-45736.

Note from the ws maintainers:

Although the calculated CVSS severity is medium, the actual severity is believed to be low, as the flaw is only exploitable through misuse that is unlikely in practice.

Dependencies

Loading

engine.io@6.6.7

27 Apr 09:24
@darrachequesne darrachequesne
engine.io@6.6.7
439a8f6
This commit was signed with the committer’s verified signature. The key has expired.
darrachequesne Damien Arrachequesne
GPG key ID: 544D14663E7F7CF0
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
engine.io@6.6.7

Bug Fixes

  • close HTTP requests with invalid content type (fc11285)
  • handle invalid packets when upgrading to WebTransport (1fa1f46)
  • prevent WebTransport connections when a middleware is registered (d1f5aa9)

Dependencies

Loading

socket.io-parser@4.2.6

17 Mar 14:03
@darrachequesne darrachequesne
socket.io-parser@4.2.6
522edcd
This commit was signed with the committer’s verified signature. The key has expired.
darrachequesne Damien Arrachequesne
GPG key ID: 544D14663E7F7CF0
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
socket.io-parser@4.2.6

This release includes a fix for CVE-2026-33151. Please upgrade as soon as possible.

Bug Fixes

  • add a limit to the number of binary attachments (b25738c)
Loading

socket.io-parser@3.4.4

18 Mar 08:21
@darrachequesne darrachequesne
socket.io-parser@3.4.4
082b683
This commit was signed with the committer’s verified signature. The key has expired.
darrachequesne Damien Arrachequesne
GPG key ID: 544D14663E7F7CF0
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
socket.io-parser@3.4.4

This release includes a fix for CVE-2026-33151. Please upgrade as soon as possible.

Bug Fixes

  • add a limit to the number of binary attachments (719f9eb)
Loading

socket.io-parser@3.3.5

18 Mar 08:19
@darrachequesne darrachequesne
socket.io-parser@3.3.5
17bc1d6
This commit was signed with the committer’s verified signature. The key has expired.
darrachequesne Damien Arrachequesne
GPG key ID: 544D14663E7F7CF0
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
socket.io-parser@3.3.5

This release includes a fix for CVE-2026-33151. Please upgrade as soon as possible.

Bug Fixes

  • add a limit to the number of binary attachments (9d39f1f)
Loading