2026-03-26 17:21:15
GitHub_M
PUBLISHED
srvx is a universal server based on web standards. Prior to version 0.11.13, a pathname parsing discrepancy in srvxs `FastURL` allows middleware bypass on the Node.js adapter when a raw HTTP request uses an absolute URI with a non-standard scheme (e.g. `file://`). Starting in version 0.11.13, the `FastURL` constructor now deopts to native `URL` for any string not starting with `/`, ensuring consistent pathname resolution.