Add Deno WebSocket fixed release reference#8593
Draft
cookesan wants to merge 2 commits into
Draft
Conversation
2a73f05 to
26c1822
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
CVE-2026-55517toGHSA-x2qc-cmh9-f4hf.v2.7.5fixed release references.Validation
GHSA-x2qc-cmh9-f4hfand its alias isCVE-2026-55517.deno, fixed in2.7.5, with vulnerable range<= 2.7.4.denoland/deno#32594is merged as commit0ee75392669d26bc1e051ecd5bdc90b1997ad963and appears in thev2.7.4...v2.7.5compare.v2.7.5release notes include the WebSocket non-ASCII response header fix and reference PR32594.v2.7.4source tag has the WebSocket response headerto_str().unwrap()markers and lacks the non-ASCII regression test, whilev2.7.5replaces those unwraps with fallible header handling and includes the non-ASCII WebSocket regression test.denoversions2.7.4and2.7.5; downloaded artifacts match crates.io SHA-256 checksums853c7758280f48dd5455dbea0cb6af353e04c9159d2d4ce2624feda5d600aefeand711d420c34f9d79b4683662c99af12062751722dbddedfce194166b357499faa.CVE-2026-55517, with statusAnalyzed, source identifiersecurity-advisories@github.com, and published timestamp2026-06-23T18:18:09.787.32594,v2.7.5release, and package URL, return HTTP 200 with a standard browser user agent.jq emptyandgit diff --check.