Bu doküman ingilizce dokümana göre eski olabilir. Son güncellemeler için lütfen İngilizce Dokümanı. ziyaret edin
Node.js vulnerabilities directly affect Express. Therefore keep a watch on Node.js vulnerabilities and make sure you are using the latest stable version of Node.js.
The list below enumerates the Express vulnerabilities that were fixed in the specified version update.
NOTE: If you believe you have discovered a security vulnerability in Express, please see Security Policies and Procedures.
qs has been updated to address a vulnerability, but this issue does not impact Express. Updating to 4.15.2 is a good practice, but not required to address the vulnerability.express.static, res.sendfile, and res.sendFileexpress.static (advisory, CVE-2015-1164).express.static (advisory , CVE-2014-6394).fds in certain situations that affect express.static and res.sendfile. Malicious requests could cause fds to leak and eventually lead to EMFILE errors and server unresponsiveness.Express 3.x IS END-OF-LIFE AND NO LONGER MAINTAINED
Known and unknown security and performance issues in 3.x have not been addressed since the last update (1 August, 2015). It is highly recommended to use the latest version of Express.
If you are unable to upgrade past 3.x, please consider Commercial Support Options.
express.static, res.sendfile, and res.sendFileexpress.static (advisory, CVE-2015-1164).express.static.fds in certain situations that affect express.static and res.sendfile. Malicious requests could cause fds to leak and eventually lead to EMFILE errors and server unresponsiveness.