Skip to main content

Integrated Upstream PRs

UDMODZ Edition maintains compatibility with the core repository while applying critical upstream PRs (Pull Requests) to optimize connection stability, memory management, and security.


🛡️ PR #2682: Active Login for Existing Sessions

  • Issue: Recurring reconnects for existing sessions sometimes resulted in passive logins being rejected by the WhatsApp server with response code 428.
  • Solution: Forces passive: false in generateLoginNode. This ensures connection handshakes are actively handled for linked devices.

  • Issue: Empty registration notices sent during companion pairing caused uncaught errors or empty session records.
  • Solution: Adds checks to skip empty registration nodes in messages-recv.ts if reference, ephemeral, or identity buffers are missing.

🧠 PR #2666: Shared AsyncLocalStorage Singleton (Heap Leak Fix)

  • Issue: In vanilla Baileys, creating multiple sockets or re-initiating connection instances caused severe memory leaks. Each socket instance spawned a new AsyncLocalStorage object, which permanently captured references to pending Node.js asynchronous resource contexts.
  • Solution: Refactored transaction management in src/Utils/auth-utils.ts to utilize a single process-wide AsyncLocalStorage instance. Store isolation is maintained using unique token symbols.

🔒 PR #2665: Bounds Checking in Binary Node Decoders

  • Issue: Buffer boundary overflows occurred during decoding when reading sub-integers from small binary node payloads.
  • Solution: Implements bounds validation in getBinaryNodeChildUInt inside src/WABinary/generic-utils.ts to confirm buff.length >= length prior to invoking buffer converters.

🆔 PR #2661: LID Migration Updates

  • Issue: Mappings between phone numbers and WhatsApp internal LIDs became stale, resulting in delivery failures and cryptographic session conflicts.
  • Solution: Parses refresh_lid: 'true' parameters on message ACKs, queries updated LIDs with cache bypass enabled, migrates active cryptographic session stores, and emits the 'lid-migration.update' event.

🔑 PR #2689: Shortcake Companion Linking Protocol

  • Issue: Linking was interrupted when WhatsApp's newer passkey-based companion validation challenges were presented to headless clients.
  • Solution: Adds support for companion-side WebAuthn assertions, ephemeral X25519 DH handshakes, commitment verification codes, and AES-GCM pairing envelopes.