Node v15.6.0 (Current)

Notable Changes child_process : add 'overlapped' stdio flag (Thiago Padilha) #29412 support AbortSignal in fork (Benjamin Gruenbaum) #36603 crypto : implement basic secure heap support (James M Snell) #36779 fixup bug in keygen error handling (James ... more

Node v15.5.1 (Current)

Notable changes Vulnerabilities fixed: CVE-2020-8265 : use-after-free in TLSWrap (High) Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite ... more

Node v10.23.1 (LTS)

Notable changes This is a security release. Vulnerabilities fixed: CVE-2020-8265 : use-after-free in TLSWrap (High) Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write ... more

Node v14.15.4 (LTS)

Notable Changes Vulnerabilities fixed: CVE-2020-1971 : OpenSSL - EDIPARTYNAME NULL pointer de-reference (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20201208.txt ... more

Node v12.20.1 (LTS)

Notable changes This is a security release. Vulnerabilities fixed: CVE-2020-8265 : use-after-free in TLSWrap (High) Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write ... more

Node v15.5.0 (Current)

Notable Changes Extended support for AbortSignal in child_process and stream The following APIs now support an AbortSignal in their options object: child_process.spawn() Calling .abort() on the corresponding AbortController is similar to calling .kill() ... more

Node v14.15.3 (LTS)

Notable Changes Node.js v14.15.2 included a commit that has caused reported breakages when cloning request objects. This release reverts the commit that introduced the behaviour change. See https://github.com/nodejs/node/issues/36550 for more details. ... more

Node v14.15.2 (LTS)

Notable Changes deps : upgrade npm to 6.14.9 (Myles Borins) #36450 update acorn to v8.0.4 (Michaël Zasso) #35791 doc : add release key for Danielle Adams (Danielle Adams) #35545 http2 : check write not scheduled in scope destructor (David Halls) #36241 ... more

January 2021 Security Releases

Summary The Node.js project will release new versions of all supported release lines on or shortly after Monday January 4th, 2021. These releases will fix: Two high severity issues One low severity issue Impact The 15.x release line of Node.js is vulnerable ... more

Node v15.4.0 (Current)

Notable Changes child_processes : add AbortSignal support (Benjamin Gruenbaum) #36308 deps : update ICU to 68.1 (Michaël Zasso) #36187 events : support signal in EventTarget (Benjamin Gruenbaum) #36258 graduate Event, EventTarget, AbortController (James ... more

Node v12.20.0 (LTS)

Notable Changes crypto : update certdata to NSS 3.56 (Shelley Vohr) https://github.com/nodejs/node/pull/35546 deps : update llhttp to 2.1.3 (Fedor Indutny) https://github.com/nodejs/node/pull/35435 (SEMVER-MINOR) upgrade to libuv 1.40.0 (Colin Ihrig) ... more

Node v15.3.0 (Current)

Notable Changes [ 6349b1d673 ] - (SEMVER-MINOR) dns : add a cancel() method to the promise Resolver (Szymon Marczak) #33099 [ 9ce9b016e6 ] - (SEMVER-MINOR) events : add max listener warning for EventTarget (James M Snell) #36001 [ 8390f8a86b ] - (SEMVER-MINOR) ... more

Node v12.19.1 (LTS)

Notable changes This is a security release. Vulnerabilities fixed: CVE-2020-8277 : Denial of Service through DNS request (High). A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial ... more

Node v14.15.1 (LTS)

Notable changes This is a security release. Vulnerabilities fixed: CVE-2020-8277 : Denial of Service through DNS request (High). A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial ... more

Node v15.2.1 (Current)

Notable changes This is a security release. Vulnerabilities fixed: CVE-2020-8277 : Denial of Service through DNS request (High). A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial ... more

November 2020 Security Releases

Summary The Node.js project will release new versions of 15.x, 14.x and 12.x on or shortly after Monday, November 16th, 2020. These releases will fix: One high severity issue Impact The 15.x release line of Node.js is vulnerable to one high severity issue. ... more

Node v15.2.0 (Current)

Notable changes events : getEventListeners static (Benjamin Gruenbaum) #35991 fs : support abortsignal in writeFile (Benjamin Gruenbaum) #35993 add support for AbortSignal in readFile (Benjamin Gruenbaum) #35911 stream : fix thrown object reference (Gil ... more

Node v15.1.0 (Current)

Notable Changes Diagnostics channel (experimental module) diagnostics_channel is a new experimental module that provides an API to create named channels to report arbitrary message data for diagnostics purposes. With diagnostics_channel , Node.js core ... more

Node v14.15.0 (LTS)

Notable Changes This release marks the transition of Node.js 14.x into Long Term Support (LTS) with the codename 'Fermium'. The 14.x release line now moves into "Active LTS" and will remain so until October 2021. After that time, it will move ... more

Node v10.23.0 (LTS)

Notable changes deps : upgrade npm to 6.14.8 (Ruy Adorno) #34834 n-api : create N-API version 7 (Gabriel Schulhof) #35199 expose napi_build_version variable (NickNaso) #27835 tools : add debug entitlements for macOS 10.15+ (Gabriele Greco) #34378 Commits ... more

Node v15.0.1 (Current)

Notable changes crypto : fix regression on randomFillSync (James M Snell) #35723 This fixes issue https://github.com/nodejs/node/issues/35722. deps : upgrade npm to 7.0.3 (Ruy Adorno) #35724 doc : add release key for Danielle Adams (Danielle Adams) #35545 ... more

Node v15.0.0 (Current)

Notable Changes Deprecations and Removals [ a11788736a ] - (SEMVER-MAJOR) build : remove --build-v8-with-gn configure option (Yang Guo) #27576 [ 89428c7a2d ] - (SEMVER-MAJOR) build : drop support for VS2017 (Michaël Zasso) #33694 [ c25cf34ac1 ] - (SEMVER-MAJOR) ... more

Node v14.14.0 (Current)

Notable Changes [ 7e7afc5186 ] - crypto : update certdata to NSS 3.56 (Shelley Vohr) #35546 [ 8877430530 ] - doc : add aduh95 to collaborators (Antoine du Hamel) #35542 [ 1610728d7c ] - (SEMVER-MINOR) fs : add rm method (Ian Sutherland) #35494 [ 6ff152cc67 ... more

Node v14.13.1 (Current)

Notable Changes fs : remove experimental from rmdir recursive (Benjamin Coe) #35171 Commits [ f36476d9d6 ] - build : fix CQ after latest ncu release (Mary Marchini) #35468 [ 7dc6b2fac7 ] - build : add support for section ordering (Gabriel Schulhof) #35272 ... more

Node v12.19.0 (LTS)

Notable Changes [ d065334d42 ] - (SEMVER-MINOR) module : package "imports" field (Guy Bedford) #34117 [ b9d0f73c7c ] - (SEMVER-MINOR) n-api : create N-API version 7 (Gabriel Schulhof) #35199 [ 53c9975673 ] - (SEMVER-MINOR) crypto : add randomInt ... more

Node v14.13.0 (Current)

Notable Changes [ 19b95a7fa9 ] - (SEMVER-MINOR) deps : upgrade to libuv 1.40.0 (Colin Ihrig) #35333 [ f551f52f83 ] - (SEMVER-MINOR) module : named exports for CJS via static analysis (Guy Bedford) #35249 [ 505731871e ] - (SEMVER-MINOR) module : exports ... more

Node v14.12.0 (Current)

Notable changes deps : update to uvwasi 0.0.11 (Colin Ihrig) #35104 n-api : create N-API version 7 (Gabriel Schulhof) #35199 add more property defaults (Gerhard Stoebich) #35214 Commits [ 5229ffadcf ] - buffer : adjust validation to account for buffer.kMaxLength ... more

Node v12.18.4 (LTS)

Notable Changes This is a security release. Vulnerabilities fixed: CVE-2020-8201 : HTTP Request Smuggling due to CR-to-Hyphen conversion (High). CVE-2020-8252 : fs.realpath.native on may cause buffer overflow (Medium). Commits [ 2ea6d255f8 ] - deps : ... more

Node v10.22.1 (LTS)

Notable changes This is a security release. Vulnerabilities fixed: CVE-2020-8252 : fs.realpath.native on may cause buffer overflow (Medium). Commits [ 57badcf93e ] - deps : libuv: cherry-pick 0e6e8620 (Colin Ihrig) libuv/libuv#2966 Windows 32-bit Installer: ... more

Node v14.11.0 (Current)

Notable Changes This is a security release. Vulnerabilities fixed: CVE-2020-8251 : Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests (Critical). CVE-2020-8201 : HTTP Request Smuggling due to CR-to-Hyphen conversion ... more