feat: port upstream security fixes by ostridm · Pull Request #30 · NeuraLegion/multer

ostridm · 2026-02-23T12:49:06Z

All security-relevant commits from upstream/main (expressjs/multer) were reviewed:

Commit	Description	Action
`e081d48`	`fix(cve): bump busboy to fix CVE-2022-24434`	Already mitigated — fork replaced `busboy` with `@fastify/busboy` entirely
`35a3272`	`Fixes #1233 — handle missing field names`	Ported
`37241f8`	`Fix out-of-band error event from busboy`	Ported
`2c8505f`	`drain stream / improve error handling / v2.0.0`	Partially ported — drain and req error listener already present in fork; `removeAllListeners` timing fix ported
`adfeaf6`	`improve error handling (v2.0.1/2.0.2)`	Not applicable — targets `make-middleware.js` which does not exist in fork (middleware was fully rewritten)

github-actions · 2026-02-23T12:50:52Z

🎉 This PR is included in version 3.3.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

feat: backport upstream security fixes

6acd1c3

ostridm requested a review from sapozhnikovay February 23, 2026 12:49

ostridm self-assigned this Feb 23, 2026

ostridm added the Type: enhancement New feature or request. label Feb 23, 2026

ostridm enabled auto-merge (squash) February 23, 2026 12:49

sapozhnikovay approved these changes Feb 23, 2026

View reviewed changes

ostridm merged commit 5855308 into master Feb 23, 2026
2 checks passed

ostridm deleted the feat/backport-upstream-security-fixes branch February 23, 2026 12:50

Provide feedback