Node v15.14.0 (Current)

Notable Changes Vulnerabilties Fixed: CVE-2021-3450 : OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt ... more

Node v12.22.1 (LTS)

Notable Changes Vulnerabilities fixed: CVE-2021-3450 : OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt ... more

Node v10.24.1 (LTS)

Notable Changes Vulerabilties fixed: CVE-2021-3450 : OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt ... more

Node v14.16.1 (LTS)

Notable Changes Vulnerabilities fixed: CVE-2021-3450 : OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt ... more

April 2021 Security Releases

Summary The Node.js project will release new versions of all supported release lines on or shortly after Tuesday, April 6th, 2021. Three High severity issues Impact The 15.x release line of Node.js is vulnerable to two high severity issues. The 14.x release ... more

Node v15.13.0 (Current)

Notable Changes buffer : implement btoa and atob (James M Snell) #37529 deps : upgrade npm to 7.7.6 (Ruy Adorno) #37968 This update adds workspaces support to npm run and npm exec doc : add legacy status to stability index (James M Snell) #37784 add ... more

Node v12.22.0 (LTS)

Notable changes The legacy HTTP parser is runtime deprecated The legacy HTTP parser, selected by the --http-parser=legacy command line option, is deprecated with the pending End-of-Life of Node.js 10.x (where it is the only HTTP parser implementation ... more

Node v15.12.0 (Current)

Notable Changes crypto : add optional callback to crypto.sign and crypto.verify (Filip Skokan) #37500 support JWK objects in create*Key (Filip Skokan) #37254 deps : switch openssl to quictls/openssl (James M Snell) #37601 update to [email protected] ... more

Node v15.11.0 (Current)

Notable Changes [ a3e3156b52 ] - (SEMVER-MINOR) crypto : make FIPS related options always awailable (Vít Ondruch) #36341 [ 9ba5c0f9ba ] - (SEMVER-MINOR) errors : remove experimental from --enable-source-maps (Benjamin Coe) #37362 Commits [ d039e6fa80 ... more

Node v15.10.0 (Current)

Notable changes Vulnerabilities fixed: CVE-2021-22883 : HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an 'unknownProtocol' ... more

Node v12.21.0 (LTS)

Notable changes Vulnerabilities fixed: CVE-2021-22883 : HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an 'unknownProtocol' ... more

Node v14.16.0 (LTS)

Notable changes Vulnerabilities fixed: CVE-2021-22883 : HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an 'unknownProtocol' ... more

Node v10.24.0 (LTS)

Notable changes Vulnerabilities fixed: CVE-2021-22883 : HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an 'unknownProtocol' ... more

February 2021 Security Releases

Summary The Node.js project will release new versions of all supported release lines on or shortly after Tuesday, February 23th, 2021. One Critical serverity issue One High serverity issue One Low serverity issue Impact The 15.x release line of Node.js ... more

Node v15.9.0 (Current)

Notable Changes crypto : add keyObject.export() 'jwk' format option (Filip Skokan) #37081 deps : upgrade to libuv 1.41.0 (Colin Ihrig) #37360 doc : add dmabupt to collaborators (Xu Meng) #37377 refactor fs docs structure (James M Snell) #37170 fs : add ... more

Node v12.20.2 (LTS)

Notable changes deps : upgrade npm to 6.14.11 (Ruy Adorno) #37173 Commits [ e8a4e560ea ] - async_hooks : fix leak in AsyncLocalStorage exit (Stephen Belanger) #35779 [ 427968d266 ] - deps : upgrade npm to 6.14.11 (Ruy Adorno) #37173 [ cd9a8106be ] - ... more

Node v10.23.3 (LTS)

Notable changes The update to npm 6.14.11 has been relanded so that npm correctly reports its version. Commits [ 953a85035d ] - crypto : fix crash when calling digest after piping (Tobias Nießen) #28251 [ fe2c98003e ] - deps : upgrade npm to 6.14.11 ... more

Node v14.15.5 (LTS)

Notable Changes deps : upgrade npm to 6.14.11 (Ruy Adorno) #37173 V8: backport dfcf1e86fac0 (Michaël Zasso) #37245 Note : Node.js is not believed to be vulnerable to CVE-2021-21148. stream,zlib : do not use _stream_* anymore (Matteo Collina) #36618 Commits ... more

Node v15.8.0 (Current)

Notable Changes [ 110063d694 ] - (SEMVER-MINOR) crypto : add generatePrime/checkPrime (James M Snell) #36997 [ 53a0bdff47 ] - (SEMVER-MINOR) crypto : experimental (Ed/X)25519/(Ed/X)448 support (James M Snell) #36879 [ 03460432af ] - deps : upgrade npm ... more

Node v10.23.2 (LTS)

Notable changes Release keys have been synchronized with the main branch. deps : upgrade npm to 6.14.11 (Darcy Clarke) #36838 Commits [ cc6b69557a ] - deps : upgrade npm to 6.14.11 (Darcy Clarke) #36838 [ aefb66528a ] - doc : update contact information ... more

Node v15.7.0 (Current)

Notable changes buffer : introduce Blob (James M Snell) #36811 add base64url encoding option (Filip Skokan) #36952 doc : add @iansu to collaborators (Ian Sutherland) #36951 add @RaisinTen to collaborators (Darshan Sen) #36998 add @miladfarca to collaborators ... more

Node v15.6.0 (Current)

Notable Changes child_process : add 'overlapped' stdio flag (Thiago Padilha) #29412 support AbortSignal in fork (Benjamin Gruenbaum) #36603 crypto : implement basic secure heap support (James M Snell) #36779 fixup bug in keygen error handling (James ... more

Node v15.5.1 (Current)

Notable changes Vulnerabilities fixed: CVE-2020-8265 : use-after-free in TLSWrap (High) Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite ... more

Node v10.23.1 (LTS)

Notable changes This is a security release. Vulnerabilities fixed: CVE-2020-8265 : use-after-free in TLSWrap (High) Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write ... more

Node v14.15.4 (LTS)

Notable Changes Vulnerabilities fixed: CVE-2020-1971 : OpenSSL - EDIPARTYNAME NULL pointer de-reference (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20201208.txt ... more

Node v12.20.1 (LTS)

Notable changes This is a security release. Vulnerabilities fixed: CVE-2020-8265 : use-after-free in TLSWrap (High) Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write ... more

Node v15.5.0 (Current)

Notable Changes Extended support for AbortSignal in child_process and stream The following APIs now support an AbortSignal in their options object: child_process.spawn() Calling .abort() on the corresponding AbortController is similar to calling .kill() ... more

Node v14.15.3 (LTS)

Notable Changes Node.js v14.15.2 included a commit that has caused reported breakages when cloning request objects. This release reverts the commit that introduced the behaviour change. See https://github.com/nodejs/node/issues/36550 for more details. ... more

Node v14.15.2 (LTS)

Notable Changes deps : upgrade npm to 6.14.9 (Myles Borins) #36450 update acorn to v8.0.4 (Michaël Zasso) #35791 doc : add release key for Danielle Adams (Danielle Adams) #35545 http2 : check write not scheduled in scope destructor (David Halls) #36241 ... more

January 2021 Security Releases

Summary The Node.js project will release new versions of all supported release lines on or shortly after Monday January 4th, 2021. These releases will fix: Two high severity issues One low severity issue Impact The 15.x release line of Node.js is vulnerable ... more