SVR.JS has set up its GitHub mirror for SVR.JS itself and SVR.JS installer.

Visit SVR.JS organization on GitHub

Read More

Path traversal attacks may cause your sensitive data to be leaked. This attack relies on adding “../“ or similar sequences, so the application accesses files outside their specified root.

WARNING: We’re not responsible for damage caused by path traversal attacks! Malicious hacking is a computer crime and you may face legal consequences! This post is meant to gain awareness about path traversal attacks and give a way to prevent those vulnerabilities.

The impact of path traversal attacks

Path traversal attacks may cause leakage of:

• Application code and data
• Credentials for the application
• Sensitive operating system files
• Other sensitive data

Read More

IMPORTANT! Update Node.JS to 18.20.1, 20.12.1, 21.7.2 or newer!

Older versions of Node.JS had a CVE-2024-27982 vulnerability, which involves placing a space before Content-Length header, enabling attackers to smuggle in a second request.

The original vulnerability description:

The team has identified a vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.

Future SVR.JS versions will warn you about this vulnerability in server logs, if you’re running affected versions of Node.JS.

Read More

April Fools! Our new SVR.JS SimpleServe web server was a joke! We’re still developing SVR.JS web server!

Download SVR.JS

Read More

SVR.JS has decided completely rewriting a web server under the name of SimpleServe!

Right now, SVR.JS SimpleServe only supports static file serving, the port, wwwroot and exposeServerVersion, but it will later have more features.

It doesn’t support many of SVR.JS features yet, such as directory listing, URL rewriting or support for SVR.JS mods.

The project itself is open-source, just like SVR.JS itself! You can contribute to it!

SVR.JS is not discontinued though…

Read More

We are excited to announce that we have decided to take a bold step towards openness and transparency by open-sourcing our website and blog. This move signifies our commitment to fostering collaboration, innovation, and community involvement.

If you see any problems with the website code and know how to fix them, you don’t need to contact the SVR.JS webmaster and wait for it to fix the website. You can just fix the errors and submit your patches for us! We will appreciate your contributions!

We invite you to join us on this exciting journey as we embark on a new chapter of collaboration and discovery. Together, let’s harness the potential of open source to create a brighter future for all.

Stay tuned for more updates and opportunities to get involved. Together, we can make a difference!

Links to website repositories:

Read More

IMPORTANT! Update Node.JS to 18.19.1, 20.11.1, 21.6.2 or newer!

Older versions of Node.JS had a CVE-2024-22019 vulnerability, which involves sending specially constructed HTTP request with chunked encoding, which leads to resource exhaustion and denial of service (DoS).

The original vulnerability description:

A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits.

Future SVR.JS versions will warn you about this vulnerability in server logs, if you’re running affected versions of Node.JS.

Read More

If you want to set up your own version control for a project, but prefer not to host it on a Git hosting service (like GitHub), you can run your own Git server to store your code and act as a central repository for all of collaborators.

Why host your own Git server?

You may run your own Git server, if you don’t want to store your code on someone else’s servers. You may need to have full control of your version control infrastructure.

Also, if you’re using a Git hosting service, there are some restrictions that may not be ideal. For example, GitHub doesn’t allow files above 100 MB, which may be a critical problem for projects with large files. Running your own Git server may allow these larger files.

Initializing Git repositories

Read More

Git is a popular distributed version control system (VCS), often used for collaborative software development. It is created in 2005 by Linus Torvalds for use in developing his Linux kernel and it is maintained by Junio Hamano since then.

As of 2022, nearly 95% of software developers use Git as their primary version control system. There are many popular Git repository hosting services, including GitHub, GitLab, Bitbucket and Sourceforge.

This post will guide you through git commands.

Initializing a repository with git init

If you want to initalize an empty Git repository, you can use git init command like this:

Read More

SVR.JS - a web server software running on Node.JS can now connect to FastCGI (Fast Common Gateway Interface) servers through GreenRhombus mod! We have specifically implemented the responder role of FastCGI.
FastCGI (Fast Common Gateway Interface) is an binary interface between web server and web applications. It aims to reduce overhead related to spawning new processes (as it was in CGI), allowing a web server to process more requests at the time.
We did switch from PHP-CGI and RedBrick to PHP-FPM and GreenRhombus on our SVR.JS Forum. Before the switch, the server responded within 300ms. After the switch it is only 100ms! We have tested from our premises though.

Download GreenRhombus on SVR.JS mods page
See the notes

Read More