Update SVR.JS to 3.15.0 and introduce SVR.JS LTS

This commit is contained in:
Dorian Niemiec 2024-05-06 12:49:57 +02:00
parent 9f250a4dce
commit 5381106d1f
4 changed files with 20 additions and 4 deletions

View file

@ -4,6 +4,18 @@ excerpt: Learn more about changes introduced in various SVR.JS versions.
date: 2023-12-21 17:10:14
---
## SVR.JS 3.14.16 LTS
* Prevented DoS attacks performed with forward proxy HTTP requests with malformed URLs.
## SVR.JS 3.15.0
* Changed URL parser from wrapper over WHATWG URL parser to custom regex-based URL parser.
* Optimized server code.
* Redesigned default error pages.
* Removed blocking file system calls from the directory listing function.
* Replaced _path.extname()_ function with regex-based function.
## SVR.JS 3.14.15
* Fixed crashes related to the request ID generation.

View file

@ -1612,7 +1612,7 @@ Extension of resource defined in the request.
Parsed _Url_ object created by _url.parse()_ method (includes parsed query string).
SVR.JS 3.3.1 and newer include hostname of the server (it uses wrapper over WHATWG URL API), older versions don't.
SVR.JS 3.3.1 and newer include hostname of the server (3.3.1 to 3.14.x use wrapper over WHATWG URL API; 3.15.0 and newer use custom URL parser), older versions don't.
#### _search_

View file

@ -3,7 +3,7 @@ title: Main page
date: 2024-01-21 19:41:01
layout: index-page
sitemap: false
svrjsversion: 3.14.15
svrjsversion: 3.15.0
---
<section class="hero">
<div class="hero-content-column">
@ -13,11 +13,11 @@ svrjsversion: 3.14.15
<p>Host a webpage, run server-side JavaScript, use mods to expand server functionality, or use it as a forward or reverse proxy &mdash; all in SVR.JS! SVR.JS is a web server that runs on top of Node.JS, thus enabling server-side JavaScript on webpages. SVR.JS also has an integrated log viewer, log highlighter, and user management tool. SVR.JS can run not only on Node.JS but also in Bun (experimental support).</p>
</div>
<div class="maindownloads" id="command-tab-other">
<a href="https://downloads.svrjs.org/svr.js.3.14.15.zip" class="styled-button">Download SVR.JS 3.14.15</a>
<a href="https://downloads.svrjs.org/svr.js.3.15.0.zip" class="styled-button">Download SVR.JS 3.15.0</a>
<div class="download-separator">
<br />
</div>
<a class="styled-button styled-button-disabled">No supported LTS version</a>
<a href="https://downloads.svrjs.org/svr.js.3.14.16.zip" class="styled-button">Download SVR.JS 3.14.16 LTS</a>
</div>
<div class="otherdls">
<a href="https://downloads.svrjs.org/installer">

View file

@ -9,6 +9,10 @@ If you find a security issue with SVR.JS, report it as soon as possible to _vuln
## SVR.JS
### Fixed in SVR.JS 3.15.0 and in SVR.JS 3.14.16 LTS
* An attacker could send a HTTP forward proxy request with malformed URL not using CONNECT method to possibly crash the server.
### Fixed in SVR.JS 3.13.0 and in SVR.JS 3.4.41 LTS
* An attacker could use user name with newlines on HTTP authentication to inject false log entries. (introduced in SVR.JS 3.0.0)