Not a zero-day — already fixed in v1.5.3. Documenting a silent security fix from commit d67f418.\n\n- Finding: WebSocket mask keys generated with math/rand instead of crypto/rand (CWE-338)\n- Fix: v1.5.3 (2024-06-14)\n- Advisory: https://github.com/canolgun-commits/websocket/security/advisories/GHSA-w67g-5rqw-f597\n- Tool: bounty-hunter v6.0
Not a zero-day — already fixed in v1.5.3. Documenting a silent security fix from commit d67f418.\n\n- Finding: WebSocket mask keys generated with math/rand instead of crypto/rand (CWE-338)\n- Fix: v1.5.3 (2024-06-14)\n- Advisory: https://github.com/canolgun-commits/websocket/security/advisories/GHSA-w67g-5rqw-f597\n- Tool: bounty-hunter v6.0