Node v16.3.0 (Current)

Notable Changes cli : add -C alias for --conditions flag (Guy Bedford) #38755 deps : add workspaces support to npm install commands (Ruy Adorno) #38750 Commits [ 4e58ec4aa6 ] - benchmark : output JSON-compatible numbers (Michaël Zasso) #38778 [ 7a9d0fd5a9 ... more

Node v16.2.0 (Current)

Notable Changes [ 36b948560c ] - (SEMVER-MINOR) async_hooks : use new v8::Context PromiseHook API (Stephen Belanger) #36394 [ c0deeeacb2 ] - lib : support setting process.env.TZ on windows (James M Snell) #38642 [ 4c4902748c ] - (SEMVER-MINOR) module ... more

Node v14.17.0 (LTS)

Notable Changes Diagnostics channel (experimental module) diagnostics_channel is a new experimental module that provides an API to create named channels to report arbitrary message data for diagnostics purposes. The module was initially introduced in ... more

Node v16.1.0 (Current)

Notable Changes [ 8a90f55a05 ] - (SEMVER-MINOR) fs : allow no-params fsPromises fileHandle read (Nitzan Uziely) #38287 Commits [ 28e16488cf ] - async_hooks,doc : replace process.stdout.fd with 1 (Darshan Sen) #38382 [ cbab7ec6e5 ] - benchmark : avoid ... more

Node v16.0.0 (Current)

Notable Changes Deprecations and Removals (SEMVER-MAJOR) fs : remove permissive rmdir recursive (Antoine du Hamel) #37216 (SEMVER-MAJOR) fs : runtime deprecate rmdir recursive option (Antoine du Hamel) #37302 (SEMVER-MAJOR) lib : runtime deprecate access ... more

Node v15.14.0 (Current)

Notable Changes Vulnerabilties Fixed: CVE-2021-3450 : OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt ... more

Node v12.22.1 (LTS)

Notable Changes Vulnerabilities fixed: CVE-2021-3450 : OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt ... more

Node v10.24.1 (LTS)

Notable Changes Vulerabilties fixed: CVE-2021-3450 : OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt ... more

Node v14.16.1 (LTS)

Notable Changes Vulnerabilities fixed: CVE-2021-3450 : OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt ... more

April 2021 Security Releases

Summary The Node.js project will release new versions of all supported release lines on or shortly after Tuesday, April 6th, 2021. Three High severity issues Impact The 15.x release line of Node.js is vulnerable to two high severity issues. The 14.x release ... more

Node v15.13.0 (Current)

Notable Changes buffer : implement btoa and atob (James M Snell) #37529 deps : upgrade npm to 7.7.6 (Ruy Adorno) #37968 This update adds workspaces support to npm run and npm exec doc : add legacy status to stability index (James M Snell) #37784 add ... more

Node v12.22.0 (LTS)

Notable changes The legacy HTTP parser is runtime deprecated The legacy HTTP parser, selected by the --http-parser=legacy command line option, is deprecated with the pending End-of-Life of Node.js 10.x (where it is the only HTTP parser implementation ... more

Node v15.12.0 (Current)

Notable Changes crypto : add optional callback to crypto.sign and crypto.verify (Filip Skokan) #37500 support JWK objects in create*Key (Filip Skokan) #37254 deps : switch openssl to quictls/openssl (James M Snell) #37601 update to [email protected] ... more

Node v15.11.0 (Current)

Notable Changes [ a3e3156b52 ] - (SEMVER-MINOR) crypto : make FIPS related options always awailable (Vít Ondruch) #36341 [ 9ba5c0f9ba ] - (SEMVER-MINOR) errors : remove experimental from --enable-source-maps (Benjamin Coe) #37362 Commits [ d039e6fa80 ... more

Node v15.10.0 (Current)

Notable changes Vulnerabilities fixed: CVE-2021-22883 : HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an 'unknownProtocol' ... more

Node v12.21.0 (LTS)

Notable changes Vulnerabilities fixed: CVE-2021-22883 : HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an 'unknownProtocol' ... more

Node v14.16.0 (LTS)

Notable changes Vulnerabilities fixed: CVE-2021-22883 : HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an 'unknownProtocol' ... more

Node v10.24.0 (LTS)

Notable changes Vulnerabilities fixed: CVE-2021-22883 : HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an 'unknownProtocol' ... more

February 2021 Security Releases

Summary The Node.js project will release new versions of all supported release lines on or shortly after Tuesday, February 23th, 2021. One Critical serverity issue One High serverity issue One Low serverity issue Impact The 15.x release line of Node.js ... more

Node v15.9.0 (Current)

Notable Changes crypto : add keyObject.export() 'jwk' format option (Filip Skokan) #37081 deps : upgrade to libuv 1.41.0 (Colin Ihrig) #37360 doc : add dmabupt to collaborators (Xu Meng) #37377 refactor fs docs structure (James M Snell) #37170 fs : add ... more

Node v12.20.2 (LTS)

Notable changes deps : upgrade npm to 6.14.11 (Ruy Adorno) #37173 Commits [ e8a4e560ea ] - async_hooks : fix leak in AsyncLocalStorage exit (Stephen Belanger) #35779 [ 427968d266 ] - deps : upgrade npm to 6.14.11 (Ruy Adorno) #37173 [ cd9a8106be ] - ... more

Node v10.23.3 (LTS)

Notable changes The update to npm 6.14.11 has been relanded so that npm correctly reports its version. Commits [ 953a85035d ] - crypto : fix crash when calling digest after piping (Tobias Nießen) #28251 [ fe2c98003e ] - deps : upgrade npm to 6.14.11 ... more

Node v14.15.5 (LTS)

Notable Changes deps : upgrade npm to 6.14.11 (Ruy Adorno) #37173 V8: backport dfcf1e86fac0 (Michaël Zasso) #37245 Note : Node.js is not believed to be vulnerable to CVE-2021-21148. stream,zlib : do not use _stream_* anymore (Matteo Collina) #36618 Commits ... more

Node v15.8.0 (Current)

Notable Changes [ 110063d694 ] - (SEMVER-MINOR) crypto : add generatePrime/checkPrime (James M Snell) #36997 [ 53a0bdff47 ] - (SEMVER-MINOR) crypto : experimental (Ed/X)25519/(Ed/X)448 support (James M Snell) #36879 [ 03460432af ] - deps : upgrade npm ... more

Node v10.23.2 (LTS)

Notable changes Release keys have been synchronized with the main branch. deps : upgrade npm to 6.14.11 (Darcy Clarke) #36838 Commits [ cc6b69557a ] - deps : upgrade npm to 6.14.11 (Darcy Clarke) #36838 [ aefb66528a ] - doc : update contact information ... more

Node v15.7.0 (Current)

Notable changes buffer : introduce Blob (James M Snell) #36811 add base64url encoding option (Filip Skokan) #36952 doc : add @iansu to collaborators (Ian Sutherland) #36951 add @RaisinTen to collaborators (Darshan Sen) #36998 add @miladfarca to collaborators ... more

Node v15.6.0 (Current)

Notable Changes child_process : add 'overlapped' stdio flag (Thiago Padilha) #29412 support AbortSignal in fork (Benjamin Gruenbaum) #36603 crypto : implement basic secure heap support (James M Snell) #36779 fixup bug in keygen error handling (James ... more

Node v15.5.1 (Current)

Notable changes Vulnerabilities fixed: CVE-2020-8265 : use-after-free in TLSWrap (High) Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite ... more

Node v10.23.1 (LTS)

Notable changes This is a security release. Vulnerabilities fixed: CVE-2020-8265 : use-after-free in TLSWrap (High) Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write ... more

Node v14.15.4 (LTS)

Notable Changes Vulnerabilities fixed: CVE-2020-1971 : OpenSSL - EDIPARTYNAME NULL pointer de-reference (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20201208.txt ... more