oven-sh · Jarred-Sumner · May 21, 2026 · May 20, 2026 · May 20, 2026 · May 20, 2026
@@ -378,6 +378,17 @@ declare module "bun" {
        * @default true
        */
       prepare?: boolean | undefined;
+
+      /**
+       * MySQL only. Allow the client to request the server's RSA public key
+       * during `caching_sha2_password` / `sha256_password` authentication when
+       * the connection is not protected by TLS. Disabled by default because a
+       * network attacker can substitute their own key and recover the
+       * plaintext password. Enable only for trusted local connections, or use
+       * TLS instead.
+       * @default false
+       */
+      allowPublicKeyRetrieval?: boolean | undefined;
     }
 
     /**

diff --git a/packages/bun-uws/src/HttpParser.h b/packages/bun-uws/src/HttpParser.h
@@ -750,6 +750,12 @@ namespace uWS
                     /* Error: invalid chars in field name */
                     return HttpParserResult::error(HTTP_ERROR_400_BAD_REQUEST, HTTP_PARSER_ERROR_INVALID_HEADER_TOKEN);
                 }
+                /* RFC 9112 5.1: field-name is a non-empty token. An empty name would also
+                 * collide with the end-of-headers sentinel and hide later headers from the
+                 * Content-Length / Transfer-Encoding request-smuggling checks. */
+                if (headers->key.length() == 0) {
+                    return HttpParserResult::error(HTTP_ERROR_400_BAD_REQUEST, HTTP_PARSER_ERROR_INVALID_HEADER_TOKEN);
+                }
                 postPaddedBuffer++;
 
                 preliminaryValue = postPaddedBuffer;

diff --git a/packages/bun-uws/src/HttpResponse.h b/packages/bun-uws/src/HttpResponse.h
@@ -257,7 +257,9 @@ struct HttpResponse : public AsyncSocket<SSL> {
 
         /* Note: OpenSSL can be used here to speed this up somewhat */
         char secWebSocketAccept[29] = {};
-        WebSocketHandshake::generate(secWebSocketKey.data(), secWebSocketAccept);
+        char secWebSocketKeyBuffer[24] = {};
+        secWebSocketKey.copy(secWebSocketKeyBuffer, 24);
+        WebSocketHandshake::generate(secWebSocketKeyBuffer, secWebSocketAccept);
 
         writeStatus("101 Switching Protocols")
             ->writeHeader("Upgrade", "websocket")

diff --git a/src/bundler/options.rs b/src/bundler/options.rs
@@ -2596,10 +2596,23 @@ pub(crate) fn path_template_print<W: bun_io::Write>(
         };
 
         match field {
-            PlaceholderField::Dir => PathTemplate::write_replacing_slashes_on_windows(
-                writer,
-                if !dir.is_empty() { dir } else { b"." },
-            )?,
+            PlaceholderField::Dir => {
+                if dir.is_empty() {
+                    writer.write_all(b".")?;
+                } else {
+                    // Sanitize leading `..` segments so `[dir]` cannot place output
+                    // above outdir when a source resolves outside `root`.
+                    let mut d: &[u8] = dir;
+                    while matches!(d, [b'.', b'.', b'/' | b'\\', ..]) {
+                        PathTemplate::write_replacing_slashes_on_windows(writer, b"_.._/")?;
+                        d = &d[3..];
+                    }
+                    PathTemplate::write_replacing_slashes_on_windows(
+                        writer,
+                        if d == b".." { b"_.._" } else { d },
+                    )?;
+                }
+            }
             PlaceholderField::Name => {
                 PathTemplate::write_replacing_slashes_on_windows(writer, name)?
             }

diff --git a/src/css/css_parser.rs b/src/css/css_parser.rs
@@ -634,6 +634,8 @@ pub fn parse_until_after<T, C>(
     result
 }
 
+const MAX_NESTING_DEPTH: u32 = 512;
+
 fn parse_nested_block<T>(
     parser: &mut Parser,
     parsefn: impl FnOnce(&mut Parser) -> CssResult<T>,
@@ -646,6 +648,14 @@ fn parse_nested_block<T>(
         )
     });
 
+    parser.input.nesting_depth += 1;
+    if parser.input.nesting_depth > MAX_NESTING_DEPTH {
+        parser.input.nesting_depth -= 1;
+        let err = parser.new_custom_error(ParserError::maximum_nesting_depth);
+        consume_until_end_of_block(block_type, &mut parser.input.tokenizer);
+        return Err(err);
+    }
+
     let closing_delimiter = match block_type {
         BlockType::CurlyBracket => Delimiters::CLOSE_CURLY_BRACKET,
         BlockType::SquareBracket => Delimiters::CLOSE_SQUARE_BRACKET,
@@ -663,6 +673,7 @@ fn parse_nested_block<T>(
     }
     parser.stop_before = saved_stop_before;
     consume_until_end_of_block(block_type, &mut parser.input.tokenizer);
+    parser.input.nesting_depth -= 1;
     result
 }
 
@@ -4201,6 +4212,7 @@ impl Delimiters {
 pub struct ParserInput<'a> {
     pub tokenizer: Tokenizer<'a>,
     pub cached_token: Option<CachedToken>,
+    pub nesting_depth: u32,
 }
 
 impl<'a> ParserInput<'a> {
@@ -4216,6 +4228,7 @@ impl<'a> ParserInput<'a> {
         ParserInput {
             tokenizer: Tokenizer::init_with_arena(code, arena),
             cached_token: None,
+            nesting_depth: 0,
         }
     }
 }

diff --git a/src/glob/matcher.rs b/src/glob/matcher.rs
@@ -37,6 +37,12 @@ struct Brace {
 }
 type BraceStack = BoundedArray<Brace, 10>;
 
+/// Upper bound on brace-branch alternatives explored per `match` call. Sequential
+/// brace groups multiply (`{a,b}{c,d}` = 4 alternatives), so without a cap an
+/// adversarial pattern of ten sequential 10-way groups would explore 10^10
+/// alternatives. Patterns that exceed this budget fail to match.
+const BRACE_BRANCH_BUDGET: u32 = 10_000;
+
 // PORT NOTE: made `pub` — Zig leaks this private type through `pub fn match`; Rust forbids private-in-public.
 #[derive(Copy, Clone, Eq, PartialEq)]
 pub enum MatchResult {
@@ -141,7 +147,15 @@ pub fn r#match(glob: &[u8], path: &[u8]) -> MatchResult {
 
     // PORT NOTE: `BraceStack.init(0) catch unreachable` — zero-length init cannot fail.
     let mut brace_stack = BraceStack::default();
-    let matched = glob_match_impl(&mut state, glob, 0, path, &mut brace_stack);
+    let mut brace_budget = BRACE_BRANCH_BUDGET;
+    let matched = glob_match_impl(
+        &mut state,
+        glob,
+        0,
+        path,
+        &mut brace_stack,
+        &mut brace_budget,
+    );
 
     // TODO: consider just returning a bool
     // return matched != negated;
@@ -170,6 +184,7 @@ fn glob_match_impl(
     glob_start: u32,
     path: &[u8],
     brace_stack: &mut BraceStack,
+    brace_budget: &mut u32,
 ) -> bool {
     'main_loop: while (state.glob_index as usize) < glob.len()
         || (state.path_index as usize) < path.len()
@@ -348,7 +363,7 @@ fn glob_match_impl(
                                     continue 'main_loop;
                                 }
                             }
-                            return match_brace(state, glob, path, brace_stack);
+                            return match_brace(state, glob, path, brace_stack, brace_budget);
                         }
                         b',' => {
                             if state.brace_depth > 0 {
@@ -412,7 +427,13 @@ fn glob_match_impl(
     true
 }
 
-fn match_brace(state: &mut State, glob: &[u8], path: &[u8], brace_stack: &mut BraceStack) -> bool {
+fn match_brace(
+    state: &mut State,
+    glob: &[u8],
+    path: &[u8],
+    brace_stack: &mut BraceStack,
+    brace_budget: &mut u32,
+) -> bool {
     let mut brace_depth: i16 = 0;
     let mut in_brackets = false;
 
@@ -441,6 +462,7 @@ fn match_brace(state: &mut State, glob: &[u8], path: &[u8], brace_stack: &mut Br
                             open_brace_index,
                             branch_index,
                             brace_stack,
+                            brace_budget,
                         ) {
                             return true;
                         }
@@ -457,6 +479,7 @@ fn match_brace(state: &mut State, glob: &[u8], path: &[u8], brace_stack: &mut Br
                         open_brace_index,
                         branch_index,
                         brace_stack,
+                        brace_budget,
                     ) {
                         return true;
                     }
@@ -485,7 +508,13 @@ fn match_brace_branch(
     open_brace_index: u32,
     branch_index: u32,
     brace_stack: &mut BraceStack,
+    brace_budget: &mut u32,
 ) -> bool {
+    if *brace_budget == 0 {
+        return false;
+    }
+    *brace_budget -= 1;
+
     // exceeded brace depth
     let Ok(()) = brace_stack.push(Brace {
         open_brace_idx: open_brace_index,
@@ -499,7 +528,14 @@ fn match_brace_branch(
     branch_state.glob_index = branch_index;
     branch_state.brace_depth = u8::try_from(brace_stack.len()).expect("int cast");
 
-    let matched = glob_match_impl(&mut branch_state, glob, branch_index, path, brace_stack);
+    let matched = glob_match_impl(
+        &mut branch_state,
+        glob,
+        branch_index,
+        path,
+        brace_stack,
+        brace_budget,
+    );
 
     let _ = brace_stack.pop();
 

diff --git a/src/http/lib.rs b/src/http/lib.rs
@@ -3104,6 +3104,17 @@ impl<'a> HTTPClient<'a> {
             ) {
                 Ok(r) => r,
                 Err(picohttp::ParseResponseError::ShortRead) => {
+                    // `MAX_HTTP_HEADER_SIZE` (default 16 KB) is the *server*/
+                    // request-side knob (Node `--max-http-header-size`); reusing
+                    // it here rejects legitimate responses with large
+                    // `Location`/`Set-Cookie` headers. The intent is to bound
+                    // `response_message_buffer` growth, so use a generous fixed
+                    // cap independent of that knob.
+                    const MAX_RESPONSE_HEADER_BUFFER: usize = 1024 * 1024;
+                    if to_read!().len() > MAX_RESPONSE_HEADER_BUFFER {
+                        self.close_and_fail::<IS_SSL>(err!(ResponseHeadersTooLarge), socket);
+                        return;
+                    }
                     self.handle_short_read::<IS_SSL>(incoming_data, socket, needs_move);
                     return;
                 }

diff --git a/src/http_jsc/websocket_client.rs b/src/http_jsc/websocket_client.rs
@@ -52,6 +52,11 @@ pub type Socket<const SSL: bool> = NewSocketHandler<SSL>;
 const STACK_FRAME_SIZE: usize = 1024;
 /// Minimum message size to compress (RFC 7692 recommendation)
 const MIN_COMPRESS_SIZE: usize = 860;
+/// Maximum buffered inbound message size (128 MB). A server that declares a
+/// larger frame, or whose continuation fragments accumulate past this, fails
+/// the connection with close code 1009 instead of growing `receive_buffer`
+/// without bound.
+const MAX_RECEIVE_MESSAGE_LENGTH: usize = 128 * 1024 * 1024;
 #[derive(bun_ptr::CellRefCounted)]
 #[ref_count(destroy = Self::deinit)]
 pub struct WebSocket<const SSL: bool> {
@@ -946,6 +951,16 @@ impl<const SSL: bool> WebSocket<SSL> {
                     }
                 }
                 ReceiveState::NeedBody => {
+                    if self
+                        .receive_buffer
+                        .readable_length()
+                        .saturating_add(receive_body_remain)
+                        > MAX_RECEIVE_MESSAGE_LENGTH
+                    {
+                        self.terminate(ErrorCode::MessageTooBig);
+                        terminated = true;
+                        break;
+                    }
                     let to_consume = receive_body_remain.min(data.len());
 
                     let consumed = self.consume(

diff --git a/src/http_jsc/websocket_client/WebSocketUpgradeClient.rs b/src/http_jsc/websocket_client/WebSocketUpgradeClient.rs
@@ -1332,7 +1332,7 @@ impl<const SSL: bool> HTTPClient<SSL> {
                         header.name(),
                         b"Sec-WebSocket-Version",
                     ) {
-                        if !strings::eql_comptime_ignore_len(header.value(), b"13") {
+                        if !strings::eql_comptime(header.value(), b"13") {
                             // SAFETY: no `&mut Self` is live across this call.
                             unsafe { Self::terminate(this, ErrorCode::InvalidWebsocketVersion) };
                             return;

diff --git a/src/http_types/URLPath.rs b/src/http_types/URLPath.rs
@@ -98,13 +98,13 @@ pub fn parse(possibly_encoded_pathname_: &[u8]) -> Result<URLPath, bun_core::Err
         decoded_pathname = decoded_storage.as_deref().unwrap();
     }
 
-    let mut question_mark_i: i16 = -1;
-    let mut period_i: i16 = -1;
+    let mut question_mark_i: i32 = -1;
+    let mut period_i: i32 = -1;
 
-    let mut first_segment_end: i16 = i16::MAX;
-    let mut last_slash: i16 = -1;
+    let mut first_segment_end: i32 = i32::MAX;
+    let mut last_slash: i32 = -1;
 
-    let mut i: i16 = i16::try_from(decoded_pathname.len()).expect("int cast") - 1;
+    let mut i: i32 = i32::try_from(decoded_pathname.len()).expect("int cast") - 1;
 
     while i >= 0 {
         let c = decoded_pathname[usize::try_from(i).expect("int cast")];

diff --git a/src/install/bin.rs b/src/install/bin.rs
@@ -740,11 +740,18 @@ pub type Context = PriorityQueueContext;
 
 // https://github.com/npm/npm-normalize-package-bin/blob/574e6d7cd21b2f3dee28a216ec2053c2551f7af9/lib/index.js#L38
 pub fn normalized_bin_name(name: &[u8]) -> &[u8] {
-    if let Some(i) = name
+    let name = match name
         .iter()
         .rposition(|&b| b == b'/' || b == b'\\' || b == b':')
     {
-        return &name[i + 1..];
+        Some(i) => &name[i + 1..],
+        None => name,
+    };
+
+    // npm's `join('/', key).slice(1)` collapses `.`/`..` to empty; do the same
+    // so the `.bin/<name>` destination cannot resolve outside `.bin/`.
+    if name == b"." || name == b".." {
+        return b"";
     }
 
     name

diff --git a/src/install/lockfile/bun.lock.rs b/src/install/lockfile/bun.lock.rs
@@ -2483,13 +2483,34 @@ pub fn parse_into_binary_lockfile(
                     };
 
                     pkg.meta.integrity = Integrity::parse(integrity_str);
+                    if !integrity_str.is_empty() && !pkg.meta.integrity.tag.is_supported() {
+                        // Surface — don't fail — for npm parity (`npm install`
+                        // proceeds on a malformed lockfile integrity, treating
+                        // it as absent). The download path still applies any
+                        // registry-supplied integrity, so this only loses the
+                        // *lockfile* pin.
+                        log.add_warning(
+                            Some(source),
+                            integrity_expr.loc,
+                            b"Unsupported or malformed integrity hash; ignoring",
+                        );
+                        pkg.meta.integrity = Integrity::default();
+                    }
                 }
                 ResolutionTag::LocalTarball | ResolutionTag::RemoteTarball => {
                     // integrity is optional for tarball deps (backward compat)
                     if i < (pkg_info.len_u32() as usize) {
                         let integrity_expr = pkg_info.at(i);
                         if let Some(integrity_str) = integrity_expr.as_utf8_string_literal() {
                             pkg.meta.integrity = Integrity::parse(integrity_str);
+                            if !integrity_str.is_empty() && !pkg.meta.integrity.tag.is_supported() {
+                                log.add_warning(
+                                    Some(source),
+                                    integrity_expr.loc,
+                                    b"Unsupported or malformed integrity hash; ignoring",
+                                );
+                                pkg.meta.integrity = Integrity::default();
+                            }
                         }
                     }
                 }
@@ -2508,6 +2529,11 @@ pub fn parse_into_binary_lockfile(
                         return Err(ParseError::InvalidPackageInfo);
                     };
 
+                    if !crate::repository::is_safe_resolved_tag(bun_tag_str) {
+                        log.add_error(Some(source), bun_tag.loc, b"Invalid git dependency tag");
+                        return Err(ParseError::InvalidPackageInfo);
+                    }
+
                     let resolved = sbuf!(lockfile).append(bun_tag_str)?;
                     if tag == ResolutionTag::Git {
                         res.git_mut().resolved = resolved;
@@ -2520,6 +2546,14 @@ pub fn parse_into_binary_lockfile(
                         let integrity_expr = pkg_info.at(i);
                         if let Some(integrity_str) = integrity_expr.as_utf8_string_literal() {
                             pkg.meta.integrity = Integrity::parse(integrity_str);
+                            if !integrity_str.is_empty() && !pkg.meta.integrity.tag.is_supported() {
+                                log.add_warning(
+                                    Some(source),
+                                    integrity_expr.loc,
+                                    b"Unsupported or malformed integrity hash; ignoring",
+                                );
+                                pkg.meta.integrity = Integrity::default();
+                            }
                         }
                     }
                 }