Notable Changes
Vulnerabilities fixed:
- CVE-2021-3450: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High)
- This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
- Impacts:
- All versions of the 15.x, 14.x, 12.x and 10.x releases lines
- CVE-2021-3449: OpenSSL - NULL pointer deref in signature_algorithms processing (High)
- This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
- Impacts:
- All versions of the 15.x, 14.x, 12.x and 10.x releases lines
- CVE-2020-7774: npm upgrade - Update y18n to fix Prototype-Pollution (High)
- This is a vulnerability in the y18n npm module which may be exploited by prototype pollution. You can read more about it in https://github.com/advisories/GHSA-c4w7-xm78-47vh
- Impacts:
- All versions of the 14.x, 12.x and 10.x releases lines
Commits
- [
c947f1a0e1
] - deps: upgrade npm to 6.14.12 (Ruy Adorno) #37918
- [
51a753c06f
] - deps: update archs files for OpenSSL-1.1.1k (Tobias Nießen) #37939
- [
c85a519b48
] - deps: upgrade openssl sources to 1.1.1k (Tobias Nießen) #37939
Windows 32-bit Installer: https://nodejs.org/dist/v12.22.1/node-v12.22.1-x86.msi
Windows 64-bit Installer: https://nodejs.org/dist/v12.22.1/node-v12.22.1-x64.msi
Windows 32-bit Binary: https://nodejs.org/dist/v12.22.1/win-x86/node.exe
Windows 64-bit Binary: https://nodejs.org/dist/v12.22.1/win-x64/node.exe
macOS 64-bit Installer: https://nodejs.org/dist/v12.22.1/node-v12.22.1.pkg
macOS 64-bit Binary: https://nodejs.org/dist/v12.22.1/node-v12.22.1-darwin-x64.tar.gz
Linux 64-bit Binary: https://nodejs.org/dist/v12.22.1/node-v12.22.1-linux-x64.tar.xz
Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v12.22.1/node-v12.22.1-linux-ppc64le.tar.xz
Linux s390x 64-bit Binary: https://nodejs.org/dist/v12.22.1/node-v12.22.1-linux-s390x.tar.xz
AIX 64-bit Binary: https://nodejs.org/dist/v12.22.1/node-v12.22.1-aix-ppc64.tar.gz
SmartOS 64-bit Binary: https://nodejs.org/dist/v12.22.1/node-v12.22.1-sunos-x64.tar.xz
ARMv7 32-bit Binary: https://nodejs.org/dist/v12.22.1/node-v12.22.1-linux-armv7l.tar.xz
ARMv8 64-bit Binary: https://nodejs.org/dist/v12.22.1/node-v12.22.1-linux-arm64.tar.xz
Source Code: https://nodejs.org/dist/v12.22.1/node-v12.22.1.tar.gz
Other release files: https://nodejs.org/dist/v12.22.1/
Documentation: https://nodejs.org/docs/v12.22.1/api/
SHASUMS
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
696f48b080915eb08e2ae24349a32ce56520483ac982fb51cce4876b82ab1bf5 node-v12.22.1-aix-ppc64.tar.gz
9cbade90e2e89feba674b1841573e6f0329e6ba4bd3ecc1f5e0c5c6785db6dc0 node-v12.22.1-darwin-x64.tar.gz
de5e317580732530961d83b0fb9b2c370d222bd0c5a1b331900e9ddc0fdfe086 node-v12.22.1-darwin-x64.tar.xz
9355a0af101ccba1ae90c3f1f3d71ed821934c875462a76f8b65a6f7ee7293fd node-v12.22.1-headers.tar.gz
f6db5ceaf820a2899712baeccb2a09950ab3bf8d4c0d893d672aeba54c1f4162 node-v12.22.1-headers.tar.xz
917c582b7f7ae5ff8b2d97e05d00598011f9fbfcc4f76952da3ed477405c9c1a node-v12.22.1-linux-arm64.tar.gz
65145e6c2aa047ee5f83aadf9546116a6da70c21a649ed5f24dce412d2c202dc node-v12.22.1-linux-arm64.tar.xz
1bc056e1fef1c83059235d927edea2c1a2eee91ce654f45369a2af95c041e198 node-v12.22.1-linux-armv7l.tar.gz
4ae8e0d3dee7273ed8e07f80b74b05fc16a5562a42c13c9971d595b7ece4de71 node-v12.22.1-linux-armv7l.tar.xz
38d42033a10b535eb0285ccf7b7f2e6511bcb6f383c4620a53071d3b8f929d03 node-v12.22.1-linux-ppc64le.tar.gz
f85a1a9f5476d35aec37d8052330d3d3d8e216276881181b06505758119c2c3b node-v12.22.1-linux-ppc64le.tar.xz
8fbf03069c758ff544110d04713d10136ce1b48a4bf2378ec17e1035a0b6a5f1 node-v12.22.1-linux-s390x.tar.gz
c24dedddedf1a6aaff4ef40c2196f8f3c2cf99702c0be2ce6f77f740919f7dbf node-v12.22.1-linux-s390x.tar.xz
d315c5dea4d96658164cdb257bd8dbb5e44bdd2a7c1d747841f06515f23a0042 node-v12.22.1-linux-x64.tar.gz
8b537282c222ae4a40e019a52f769ca27b6640699bdde1510375e8d72da7d041 node-v12.22.1-linux-x64.tar.xz
5b1b527e3087a2de2529f5079a0b53fcc8a4909830d43156feae6b6d31c7680a node-v12.22.1.pkg
00ac4e9b87eb7c50cfd7a3811e7a160b2d078c6dd063fd57c8d8844310fdbc38 node-v12.22.1-sunos-x64.tar.gz
6ae1f81151092296ec4b26b18c57aefc57b53d8f9fdd94fe60efd8fa68379f2a node-v12.22.1-sunos-x64.tar.xz
6023f1f8f03f9780c75e6eca9d372b8411a83757c0389c51baee1c7242afd702 node-v12.22.1.tar.gz
dd650df7773a6ed3e390320ba51ef33cba6499f0e9397709ea3d1debdcbcb989 node-v12.22.1.tar.xz
465100b7be0835048810978b957667ad193faa68728cfb0e02bffcaafe575795 node-v12.22.1-win-x64.7z
0cf3545c1ff9717bf3196eed6a423d878709ed4560125fdc29b42bd80ee661c3 node-v12.22.1-win-x64.zip
1f3dcf6707e7afeeae767f8146789540518ddb8ad974c56fda6fd2486170e5b9 node-v12.22.1-win-x86.7z
832bd047d3709e4229d1cc95d04391aceb991a5c957b8efd395e01f51832a774 node-v12.22.1-win-x86.zip
02f53b3530a0310b1076db801770803527c63f724b56c22d6a0625c12a03c982 node-v12.22.1-x64.msi
8192400d6fc7083b8bf049613c046923e8c24dd913a18189be9fe77be4c1c8c4 node-v12.22.1-x86.msi
d872b1b906cfc5ecffa69fb0a673ae60d0df772cb3e6646e32273afd4ffe923c win-x64/node.exe
28e5c24831deedbf4fb8a9560f2c4f95205479c589f54a9a53ec346f6a5cf8bf win-x64/node.lib
17cb8ad34c2584b22f9e8f9bf57e4c22fc985154b97af3ef24b7d5d34300642f win-x64/node_pdb.7z
fedcb273459441a94df6575b9df92dc2df360d001cc226a00f85cc9ad8c97874 win-x64/node_pdb.zip
6f02a21ff1218ac70a0d6c14c217e9d1c8a8a9130a1b087f959ba32deb35be70 win-x86/node.exe
8bbcf3b9305b83f54bd80f8ec19d4e237841bde5bfaeb2aec708c36daa6435f6 win-x86/node.lib
a22c1bdd4caebc7e498ea56c74fba08698f508f2e1953ab8c6086488f61af1b2 win-x86/node_pdb.7z
0b91ea5635cf1ec14b587e715578905dabdaa6aec3d6ed522a6b44bbe64c3a95 win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEDv/hvO/ZyE49CYFSkzsB9AtcqUYFAmBsvTAACgkQkzsB9Atc
qUZvLAf+JAApgWIpHzTzH0zgYyIsd4Pb7xX4hghwuEOAciHGFBaHaLOklXjEYpX+
Xq7GsTtmtrB9cpAZGvK5bsF18Kq0NMOI6a2z9nYriO/4MmxJboP6/y48t978/MJi
ZooGZ6jLO1hRKsg6vljrXrMQoCUD4ejNUuDDto50FZHWOBMqdczDBrF9vx6fMlsy
IJALPDzGjxzNMFLitS2gzgv4VI8K1xoDr+bpxVSUQ1IVGIFtxNt3dIyGDGmM6A6M
U3uHPMDlk2u0Q16sD+Iydo1cmDvMnqHrTTXeSSUKjnWv/apg+h8CMgjnyrLZGn7p
efnxlKizKdfEpMiA2FOW3BKbYSd59Q==
=kAxw
-----END PGP SIGNATURE-----