Skip to content

Releases: socketio/socket.io

socket.io-adapter@2.5.7

20 May 09:35
@darrachequesnedarrachequesne
socket.io-adapter@2.5.7
4faff49
This commit was signed with the committer’s verified signature. The key has expired.
darrachequesne Damien Arrachequesne
GPG key ID: 544D14663E7F7CF0
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
socket.io-adapter@2.5.7

The ws dependency was bumped to ~8.20.1 following CVE-2026-45736.

Note from the ws maintainers:

Although the calculated CVSS severity is medium, the actual severity is believed to be low, as the flaw is only exploitable through misuse that is unlikely in practice.

Bug Fixes

  • do not skip local broadcast when publishAndReturnOffset throws (#5457) (f630158)
Loading

engine.io@6.6.8

20 May 09:33
@darrachequesnedarrachequesne
engine.io@6.6.8
ffe51e2
This commit was signed with the committer’s verified signature. The key has expired.
darrachequesne Damien Arrachequesne
GPG key ID: 544D14663E7F7CF0
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
engine.io@6.6.8

The ws dependency was bumped to ~8.20.1 following CVE-2026-45736.

Note from the ws maintainers:

Although the calculated CVSS severity is medium, the actual severity is believed to be low, as the flaw is only exploitable through misuse that is unlikely in practice.

Bug Fixes

  • clean up resources upon WebTransport handshake failure (f86b95f)

Dependencies

Loading

engine.io-client@6.6.5

20 May 09:34
@darrachequesnedarrachequesne
engine.io-client@6.6.5
8413bce
This commit was signed with the committer’s verified signature. The key has expired.
darrachequesne Damien Arrachequesne
GPG key ID: 544D14663E7F7CF0
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
engine.io-client@6.6.5

The ws dependency was bumped to ~8.20.1 following CVE-2026-45736.

Note from the ws maintainers:

Although the calculated CVSS severity is medium, the actual severity is believed to be low, as the flaw is only exploitable through misuse that is unlikely in practice.

Dependencies

Loading

engine.io@6.6.7

27 Apr 09:24
@darrachequesnedarrachequesne
engine.io@6.6.7
439a8f6
This commit was signed with the committer’s verified signature. The key has expired.
darrachequesne Damien Arrachequesne
GPG key ID: 544D14663E7F7CF0
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
engine.io@6.6.7

Bug Fixes

  • close HTTP requests with invalid content type (fc11285)
  • handle invalid packets when upgrading to WebTransport (1fa1f46)
  • prevent WebTransport connections when a middleware is registered (d1f5aa9)

Dependencies

Loading

socket.io-parser@4.2.6

17 Mar 14:03
@darrachequesnedarrachequesne
socket.io-parser@4.2.6
522edcd
This commit was signed with the committer’s verified signature. The key has expired.
darrachequesne Damien Arrachequesne
GPG key ID: 544D14663E7F7CF0
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
socket.io-parser@4.2.6

This release includes a fix for CVE-2026-33151. Please upgrade as soon as possible.

Bug Fixes

  • add a limit to the number of binary attachments (b25738c)
Loading

socket.io-parser@3.4.4

18 Mar 08:21
@darrachequesnedarrachequesne
socket.io-parser@3.4.4
082b683
This commit was signed with the committer’s verified signature. The key has expired.
darrachequesne Damien Arrachequesne
GPG key ID: 544D14663E7F7CF0
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
socket.io-parser@3.4.4

This release includes a fix for CVE-2026-33151. Please upgrade as soon as possible.

Bug Fixes

  • add a limit to the number of binary attachments (719f9eb)
Loading

socket.io-parser@3.3.5

18 Mar 08:19
@darrachequesnedarrachequesne
socket.io-parser@3.3.5
17bc1d6
This commit was signed with the committer’s verified signature. The key has expired.
darrachequesne Damien Arrachequesne
GPG key ID: 544D14663E7F7CF0
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
socket.io-parser@3.3.5

This release includes a fix for CVE-2026-33151. Please upgrade as soon as possible.

Bug Fixes

  • add a limit to the number of binary attachments (9d39f1f)
Loading

engine.io@6.6.6

10 Mar 10:01
@darrachequesnedarrachequesne
engine.io@6.6.6
84c2fb7
This commit was signed with the committer’s verified signature. The key has expired.
darrachequesne Damien Arrachequesne
GPG key ID: 544D14663E7F7CF0
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
engine.io@6.6.6

Bug Fixes

  • add @types/ws as dependency (#5458) (07cbe15)
  • uws: emit initial_headers and headers events in uServer (#5460) (44ed73f)

Dependencies

Loading

socket.io@4.8.3

18 Mar 08:25
@darrachequesnedarrachequesne
socket.io@4.8.3
9978574
This commit was signed with the committer’s verified signature. The key has expired.
darrachequesne Damien Arrachequesne
GPG key ID: 544D14663E7F7CF0
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
socket.io@4.8.3 Latest
Latest

Bug Fixes

  • do not throw when calling io.close() on a stopped server (9581f9b)

Dependencies

Assets 2
Loading

socket.io-parser@4.2.5

23 Dec 12:33
@darrachequesnedarrachequesne
socket.io-parser@4.2.5
ee9aac3
This commit was signed with the committer’s verified signature. The key has expired.
darrachequesne Damien Arrachequesne
GPG key ID: 544D14663E7F7CF0
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
socket.io-parser@4.2.5

This release contains a bump of debug from ~4.3.1 to ~4.4.1.

Loading