Impact What kind of vulnerability is it? Who is impacted? Anyone who might have used Soketi with the cluster driver (or through PM2). Patches Has the problem been patched? What versions should users upgrade to? Get the latest version of Soketi. Workarounds Is there a way for users to fix or remediate the vulnerability without upgrading? None. It's advised to upgrade to the latest version. References Are there any links …
Impact What kind of vulnerability is it? Who is impacted? colors package caused zalgo-like output (see https://github.com/soketi/soketi/issues/276, https://github.com/Marak/colors.js/issues/289), breaking the servers. Only NPM users that recently upgraded or installed the NPM package are affected. Docker users seem to not be affected as the dependencies were bundled at the time of the build, which were tested. Patches Has the problem been patched? What versions should users upgrade to? Latest patch. 0.26.1 …
Impact What kind of vulnerability is it? Who is impacted? There was a wrong behavior when reading POST requests, making the server crash if it couldn't read the body. In case a POST request was sent to any endpoint of the server with an empty body, even unauthenticated with the Pusher Protocol, it would simply just crash the server for trying to send a response after the request closed. All …