Opened 5 months ago

Closed 5 months ago

#31101 closed defect (implemented)

Update websocket version in snowflake proxy

Reported by: cohosh Owned by: cohosh
Priority: Medium Milestone:
Component: Circumvention/Snowflake Version:
Severity: Normal Keywords:
Cc: arlolra, cohosh, phw, dcf Actual Points:
Parent ID: Points: .3
Reviewer: Sponsor: Sponsor28

Description (last modified by cohosh)

We should update the node websocket dependency to a newer version.

This involves editing package.json to require the newer version, and testing the result to make sure the proxy code still performs as expected.

This is to defend against a reported DoS vulnerability: https://github.com/websockets/ws/commit/c4fe46608acd61fbf7397eadc47378903f95b78a

Child Tickets

Change History (8)

comment:1 Changed 5 months ago by cohosh

Description: modified (diff)

comment:3 Changed 5 months ago by arlolra

This might looks better as,

"ws": "~3.3.1",

since semver tilde semantics shouldn't introduce any breaking changes.

comment:5 Changed 5 months ago by arlolra

Status: needs_reviewmerge_ready

Crap, I meant to recommend caret (^) semantics instead :(

Anyways, merge away

comment:7 Changed 5 months ago by arlolra

👍

comment:8 Changed 5 months ago by cohosh

Resolution: implemented
Status: merge_readyclosed

merged

Note: See TracTickets for help on using tickets.