Notable Changes Vulnerabilties Fixed: CVE-2021-3450 : OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt ... more
Notable Changes Vulnerabilities fixed: CVE-2021-3450 : OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt ... more
Notable Changes Vulerabilties fixed: CVE-2021-3450 : OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt ... more
Notable Changes Vulnerabilities fixed: CVE-2021-3450 : OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt ... more
Summary The Node.js project will release new versions of all supported release lines on or shortly after Tuesday, April 6th, 2021. Three High severity issues Impact The 15.x release line of Node.js is vulnerable to two high severity issues. The 14.x release ... more
Notable Changes buffer : implement btoa and atob (James M Snell) #37529 deps : upgrade npm to 7.7.6 (Ruy Adorno) #37968 This update adds workspaces support to npm run and npm exec doc : add legacy status to stability index (James M Snell) #37784 add ... more
Notable changes The legacy HTTP parser is runtime deprecated The legacy HTTP parser, selected by the --http-parser=legacy command line option, is deprecated with the pending End-of-Life of Node.js 10.x (where it is the only HTTP parser implementation ... more
Notable Changes crypto : add optional callback to crypto.sign and crypto.verify (Filip Skokan) #37500 support JWK objects in create*Key (Filip Skokan) #37254 deps : switch openssl to quictls/openssl (James M Snell) #37601 update to [email protected]... more
Notable changes Vulnerabilities fixed: CVE-2021-22883 : HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an 'unknownProtocol' ... more
Notable changes Vulnerabilities fixed: CVE-2021-22883 : HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an 'unknownProtocol' ... more
Notable changes Vulnerabilities fixed: CVE-2021-22883 : HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an 'unknownProtocol' ... more
Notable changes Vulnerabilities fixed: CVE-2021-22883 : HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an 'unknownProtocol' ... more
Summary The Node.js project will release new versions of all supported release lines on or shortly after Tuesday, February 23th, 2021. One Critical serverity issue One High serverity issue One Low serverity issue Impact The 15.x release line of Node.js ... more
Notable changes The update to npm 6.14.11 has been relanded so that npm correctly reports its version. Commits [ 953a85035d ] - crypto : fix crash when calling digest after piping (Tobias Nießen) #28251 [ fe2c98003e ] - deps : upgrade npm to 6.14.11 ... more
Notable Changes deps : upgrade npm to 6.14.11 (Ruy Adorno) #37173 V8: backport dfcf1e86fac0 (Michaël Zasso) #37245 Note : Node.js is not believed to be vulnerable to CVE-2021-21148. stream,zlib : do not use _stream_* anymore (Matteo Collina) #36618 Commits ... more
Notable changes Release keys have been synchronized with the main branch. deps : upgrade npm to 6.14.11 (Darcy Clarke) #36838 Commits [ cc6b69557a ] - deps : upgrade npm to 6.14.11 (Darcy Clarke) #36838 [ aefb66528a ] - doc : update contact information ... more
Notable changes Vulnerabilities fixed: CVE-2020-8265 : use-after-free in TLSWrap (High) Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite ... more
Notable changes This is a security release. Vulnerabilities fixed: CVE-2020-8265 : use-after-free in TLSWrap (High) Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write ... more
Notable Changes Vulnerabilities fixed: CVE-2020-1971 : OpenSSL - EDIPARTYNAME NULL pointer de-reference (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20201208.txt ... more
Notable changes This is a security release. Vulnerabilities fixed: CVE-2020-8265 : use-after-free in TLSWrap (High) Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write ... more
Notable Changes Extended support for AbortSignal in child_process and stream The following APIs now support an AbortSignal in their options object: child_process.spawn() Calling .abort() on the corresponding AbortController is similar to calling .kill() ... more
Notable Changes Node.js v14.15.2 included a commit that has caused reported breakages when cloning request objects. This release reverts the commit that introduced the behaviour change. See https://github.com/nodejs/node/issues/36550 for more details. ... more
Summary The Node.js project will release new versions of all supported release lines on or shortly after Monday January 4th, 2021. These releases will fix: Two high severity issues One low severity issue Impact The 15.x release line of Node.js is vulnerable ... more