Buy Hosting

Is socket.uid reliably secure?

NodeBB Development

Suggested Topics

  • julianJ

    Critical Security Vulnerability (for versions v2.0.0 and anything older than 1.19.8)

    NodeBB Development
    3 Votes
    1 Posts
    147 Views
    julianJ

    Hello all,

    We are notifying you today about a security vulnerability that was present in older versions of NodeBB. We were notified of these vulnerabilities on 25 May 2022, and have patched and released fixed versions of NodeBB, v2.0.1 and v1.19.8, three days later, on 28 May.

    The specifics of this vulnerability are available upon request, but they are considered critical and affect the security of any site running an affected version of NodeBB. Admins are urged to upgrade to these patched versions as soon as possible.

    Alternatively, the following changesets can be cherry-picked into your installation of NodeBB in lieu of a full upgrade:

    v2.x https://github.com/NodeBB/NodeBB/commit/e802fab87f94a13f397f04cfe6068f2f7ddf7888 v1.19.x https://github.com/NodeBB/NodeBB/commit/81e3c1ba488d03371a5ce8d0ebb5c5803026e0f9

    As always, the NodeBB team is available at your disposal to answer any questions or provide assistance in implementing these changesets.

    For more information on the security vulnerability, please visit the GitHub Security Advisory page for this disclosure
  • BriB

    MongoDB reliability called into question?

    NodeBB Development
    0 Votes
    7 Posts
    3k Views
    scottalanmillerS

    @Bri said in MongoDB reliability called into question?:

    Something else I've been looking at are graph databases like Neo4j and Arango, and now I'm kind of anticipating that you're going to tell me that it's in the same boat (i.e. old tech with a new name)

    Nope, old with still with the old name 🙂 Graph databases are known to go back to at least 1969.

  • L

    How to receive NodeBB server notification from external web socket client

    NodeBB Development
    0 Votes
    9 Posts
    4k Views
    L

    @julian said:

    I'm unfamiliar with C#, and we don't handle socket establishing on our end, we just let the socket.io library handle it.

    Perhaps you can get a better idea by investigating the source code of this project? http://socketio4net.codeplex.com/

    Hi Julian,
    I am using that only. Can you provide some help on how can I connect using Chrome Web socket plugin, I mean what URL to use? That might clarify my query.

    My objective of using C# is that I want to see whether I can get notifications from outside without logging into my local NodeBB application.

    Thanks!

  • D

    Security logging?

    NodeBB Development
    0 Votes
    3 Posts
    2k Views
    D

    Yeah, events.js seems like it should contain the functionality for this. It currently only logs UID, but a lot of those functions should probably log the IP of the triggering party as well.

    It seems like the only way to do that is to have IP be a parameter for most of those calls. That's a little tedious.

    my fantasy: events are logged to the db as well as flatfile, have severity/importance levels, contain as much info as possible about who triggered it if the logging fn is passed a socket or request object, there's hooks for events of high severity, by default sends email or notification to admins when high-sev occurs

  • julianJ

    Socket.io v1.0 released!

    NodeBB Development
    4 Votes
    10 Posts
    6k Views
    TannerT

    Sounds like great news, looking forward to seeing NodeBB bloom using it 🙂

Copyright © 2023 NodeBB | Contributors