diff --git a/AUTHORS.md b/AUTHORS.md index d314f4df6..abe53c940 100644 --- a/AUTHORS.md +++ b/AUTHORS.md @@ -65,5 +65,6 @@ - Tom Snelling (tomsnelling8@gmail.com) - Cas_ (6506529+ThaUnknown@users.noreply.github.com) - Arsène Fougerouse (arsene582@gmail.com) +- Brad Marsden (silentbot1@gmail.com) #### Generated by tools/update-authors.sh. diff --git a/CHANGELOG.md b/CHANGELOG.md index 3175bee9f..6db842162 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,10 @@ +## [11.0.2](https://github.com/webtorrent/bittorrent-tracker/compare/v11.0.1...v11.0.2) (2024-03-12) + + +### Bug Fixes + +* **parse-http:** ignore announcements from peers with invalid announcement ports. ([#513](https://github.com/webtorrent/bittorrent-tracker/issues/513)) ([fe75272](https://github.com/webtorrent/bittorrent-tracker/commit/fe75272d51653e626583689081afb0b7aeadb84f)) + ## [11.0.1](https://github.com/webtorrent/bittorrent-tracker/compare/v11.0.0...v11.0.1) (2024-01-16) diff --git a/lib/server/parse-http.js b/lib/server/parse-http.js index a6ba6a568..97b46e307 100644 --- a/lib/server/parse-http.js +++ b/lib/server/parse-http.js @@ -22,7 +22,7 @@ export default function (req, opts) { params.peer_id = bin2hex(params.peer_id) params.port = Number(params.port) - if (!params.port) throw new Error('invalid port') + if (!params.port || params.port <= 0 || params.port > 65535) throw new Error('invalid port') params.left = Number(params.left) if (Number.isNaN(params.left)) params.left = Infinity diff --git a/package.json b/package.json index 120195eee..f04ef3dc0 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "bittorrent-tracker", "description": "Simple, robust, BitTorrent tracker (client & server) implementation", - "version": "11.0.1", + "version": "11.0.2", "author": { "name": "WebTorrent LLC", "email": "feross@webtorrent.io", @@ -56,7 +56,7 @@ "magnet-uri": "7.0.5", "semantic-release": "21.1.2", "standard": "*", - "tape": "5.7.3", + "tape": "5.7.5", "undici": "^5.27.0", "webtorrent-fixtures": "2.0.2", "wrtc": "0.4.7"