Skip to content
  • 4 Votes
    1 Posts
    281 Views
    barisB
    A bug in our socket.io authentication code can result in Cross-Site WebSocket Hijacking (CSWSH) Affected versions <2.8.13 & <3.1.3 We have resolved this in the latest version of NodeBB(2.8.13 & 3.1.3), and the fix has already been rolled out as a patch on all of our hosted customers. The fix is included in the latest 2.8.13 & 3.1.3 releases https://github.com/NodeBB/NodeBB/releases/tag/v2.8.13 https://github.com/NodeBB/NodeBB/releases/tag/v3.1.3