SVR.JS has set up its GitHub mirror for SVR.JS itself and SVR.JS installer.
SVR.JS has set up its GitHub mirror for SVR.JS itself and SVR.JS installer.
Path traversal attacks may cause your sensitive data to be leaked. This attack relies on adding “../“ or similar sequences, so the application accesses files outside their specified root.
WARNING: We’re not responsible for damage caused by path traversal attacks! Malicious hacking is a computer crime and you may face legal consequences! This post is meant to gain awareness about path traversal attacks and give a way to prevent those vulnerabilities.
Path traversal attacks may cause leakage of:
IMPORTANT! Update Node.JS to 18.20.1, 20.12.1, 21.7.2 or newer!
Older versions of Node.JS had a CVE-2024-27982 vulnerability, which involves placing a space before Content-Length header, enabling attackers to smuggle in a second request.
The original vulnerability description:
The team has identified a vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.
Future SVR.JS versions will warn you about this vulnerability in server logs, if you’re running affected versions of Node.JS.
April Fools! Our new SVR.JS SimpleServe web server was a joke! We’re still developing SVR.JS web server!
SVR.JS has decided completely rewriting a web server under the name of SimpleServe!
Right now, SVR.JS SimpleServe only supports static file serving, the port
, wwwroot
and exposeServerVersion
, but it will later have more features.
It doesn’t support many of SVR.JS features yet, such as directory listing, URL rewriting or support for SVR.JS mods.
The project itself is open-source, just like SVR.JS itself! You can contribute to it!
SVR.JS is not discontinued though…
We are excited to announce that we have decided to take a bold step towards openness and transparency by open-sourcing our website and blog. This move signifies our commitment to fostering collaboration, innovation, and community involvement.
If you see any problems with the website code and know how to fix them, you don’t need to contact the SVR.JS webmaster and wait for it to fix the website. You can just fix the errors and submit your patches for us! We will appreciate your contributions!
We invite you to join us on this exciting journey as we embark on a new chapter of collaboration and discovery. Together, let’s harness the potential of open source to create a brighter future for all.
Stay tuned for more updates and opportunities to get involved. Together, we can make a difference!
Links to website repositories:
IMPORTANT! Update Node.JS to 18.19.1, 20.11.1, 21.6.2 or newer!
Older versions of Node.JS had a CVE-2024-22019 vulnerability, which involves sending specially constructed HTTP request with chunked encoding, which leads to resource exhaustion and denial of service (DoS).
The original vulnerability description:
A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits.
Future SVR.JS versions will warn you about this vulnerability in server logs, if you’re running affected versions of Node.JS.
If you want to set up your own version control for a project, but prefer not to host it on a Git hosting service (like GitHub), you can run your own Git server to store your code and act as a central repository for all of collaborators.
You may run your own Git server, if you don’t want to store your code on someone else’s servers. You may need to have full control of your version control infrastructure.
Also, if you’re using a Git hosting service, there are some restrictions that may not be ideal. For example, GitHub doesn’t allow files above 100 MB, which may be a critical problem for projects with large files. Running your own Git server may allow these larger files.
Git is a popular distributed version control system (VCS), often used for collaborative software development. It is created in 2005 by Linus Torvalds for use in developing his Linux kernel and it is maintained by Junio Hamano since then.
As of 2022, nearly 95% of software developers use Git as their primary version control system. There are many popular Git repository hosting services, including GitHub, GitLab, Bitbucket and Sourceforge.
This post will guide you through git
commands.
git init
If you want to initalize an empty Git repository, you can use git init
command like this:
SVR.JS - a web server software running on Node.JS can now connect to FastCGI (Fast Common Gateway Interface) servers through GreenRhombus mod! We have specifically implemented the responder role of FastCGI.
FastCGI (Fast Common Gateway Interface) is an binary interface between web server and web applications. It aims to reduce overhead related to spawning new processes (as it was in CGI), allowing a web server to process more requests at the time.
We did switch from PHP-CGI and RedBrick to PHP-FPM and GreenRhombus on our SVR.JS Forum. Before the switch, the server responded within 300ms. After the switch it is only 100ms! We have tested from our premises though.