[GH-ISSUE #18] socket.io@2.4.1 has a security issue #7

New issue

Closed

opened 2026-05-23 08:38:10 -06:00 by gitea-mirror · 3 comments

gitea-mirror commented 2026-05-23 08:38:10 -06:00

Owner

Copy link

Originally created by @andywillis on GitHub (May 13, 2022).
Original GitHub issue: https://github.com/appy-one/acebase-server/issues/18

Originally assigned to: @appy-one on GitHub.

acebase-server@1.10.0 requires engine.io@~3.5.0 via a transitive dependency on socket.io@2.4.1

The current version of socket.io is v4.5.0 which would probably fix it. YMMV tho.

Looking forward to using this for my new project. Good luck!

Originally created by @andywillis on GitHub (May 13, 2022). Original GitHub issue: https://github.com/appy-one/acebase-server/issues/18 Originally assigned to: @appy-one on GitHub. > acebase-server@1.10.0 requires engine.io@~3.5.0 via a transitive dependency on socket.io@2.4.1 The current version of socket.io is v4.5.0 which would probably fix it. YMMV tho. Looking forward to using this for my new project. Good luck!

gitea-mirror closed this issue 2026-05-23 08:38:11 -06:00

gitea-mirror commented 2026-05-23 08:38:14 -06:00

Author

Owner

Copy link

@appy-one commented on GitHub (May 13, 2022):

Thanks Andy, I'll investigate this

<!-- gh-comment-id:1125717636 --> @appy-one commented on GitHub (May 13, 2022): Thanks Andy, I'll investigate this

gitea-mirror commented 2026-05-23 08:38:15 -06:00

Author

Owner

Copy link

@appy-one commented on GitHub (May 13, 2022):

I've updated socket.io to v4.5 in this commit. I've briefly tested if it works with current clients that still use 2.x, appears to work. Will do some more testing next week. If you'd like to test yourself in the mean time, please do!

<!-- gh-comment-id:1126185032 --> @appy-one commented on GitHub (May 13, 2022): I've updated socket.io to v4.5 in [this commit](https://github.com/appy-one/acebase-server/commit/bd5446873ba533a9c7ca9cd496ae5682b7dc3444). I've briefly tested if it works with current clients that still use 2.x, appears to work. Will do some more testing next week. If you'd like to test yourself in the mean time, please do!

gitea-mirror commented 2026-05-23 08:38:17 -06:00

Author

Owner

Copy link

@appy-one commented on GitHub (Jun 6, 2022):

I published v1.11.0 last week, which now uses Socket.IO v4.5. I thoroughly tested with current clients, let me know if you run into unexpected behavior.

<!-- gh-comment-id:1147497223 --> @appy-one commented on GitHub (Jun 6, 2022): I published [v1.11.0](https://github.com/appy-one/acebase-server/releases/tag/v1.11.0) last week, which now uses Socket.IO v4.5. I thoroughly tested with current clients, let me know if you run into unexpected behavior. [](https://twitter.com/intent/tweet?button=&url=https://github.com/appy-one/acebase&text=I'm+using+@AcebaseRealtime+in+my+project+to+make+my+life+easier!&button=) [](https://github.com/appy-one/acebase#contributing) [](https://github.com/sponsors/appy-one)

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

dependabot/npm_and_yarn/socket.io-4.6.2

dependabot/npm_and_yarn/braces-3.0.3

dependabot/npm_and_yarn/express-4.19.2

dependencies/acebase-1.24.2/acebase-core-1.22.3

dependencies/acebase

fix/tsc-node-16-module-resolution

v1.19.0

v1.18.2

v1.18.0

v1.17.0

v1.16.2

v1.16.1

v1.16.0

v1.15.2

v1.15.1

v1.15.0

v1.14.0

v1.13.3

v1.13.2

v1.13.1

v1.13.0

v1.12.0

v1.11.0

v1.10.1

Labels

Clear labels   

bug

  

enhancement

  

feature request

  

pull-request

Mirrored from GitHub Pull Request

  

types

No labels

bug

enhancement

feature request

pull-request

types

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/acebase-server#7

No description provided.