Node v14.21.2 (LTS)

Notable Changes OpenSSL 1.1.1s This update is a bugfix release and does not address any security vulnerabilities. Root certificates updated to NSS 3.85 Certificates added: Autoridad de Certificacion Firmaprofesional CIF A62634068 Certainly Root E1 Certainly ... more

Node v16.19.0 (LTS)

Notable Changes OpenSSL 1.1.1s This update is a bugfix release and does not address any security vulnerabilities. Root certificates updated to NSS 3.85 Certificates added: Autoridad de Certificacion Firmaprofesional CIF A62634068 Certainly Root E1 Certainly ... more

Node v19.2.0 (Current)

Notable changes Time zone update Time zone data has been updated to 2022f. This includes changes to Daylight Savings Time (DST) for Fiji and Mexico. For more information, see https://mm.icann.org/pipermail/tz-announce/2022-October/000075.html. Other ... more

Node v19.1.0 (Current)

Notable changes Support function mocking on Node.js test runner The node:test module supports mocking during testing via a top-level mock object. test('spies on an object method', (t) => { const number = { value: 5, add(a) { return this.value + a; ... more

Node v18.12.1 (LTS)

Notable changes The following CVEs are fixed in this release: CVE-2022-3602 : X.509 Email Address 4-byte Buffer Overflow (High) CVE-2022-3786 : X.509 Email Address Variable Length Buffer Overflow (High) CVE-2022-43548 : DNS rebinding in --inspect via ... more

Node v19.0.1 (Current)

Notable changes The following CVEs are fixed in this release: CVE-2022-3602 : X.509 Email Address 4-byte Buffer Overflow (High) CVE-2022-3786 : X.509 Email Address Variable Length Buffer Overflow (High) CVE-2022-43548 : DNS rebinding in --inspect via ... more

Node v14.21.1 (LTS)

Notable changes The following CVEs are fixed in this release: CVE-2022-43548 : DNS rebinding in --inspect via invalid octal IP address (Medium) More detailed information on each of the vulnerabilities can be found in November 2022 Security Releases blog ... more

Node v16.18.1 (LTS)

Notable changes The following CVEs are fixed in this release: CVE-2022-43548 : DNS rebinding in --inspect via invalid octal IP address (Medium) More detailed information on each of the vulnerabilities can be found in November 2022 Security Releases blog ... more

Nov 3 2022 Security Releases

Summary The Node.js project will release new versions of the 14.x, 16.x, 18.x, 19.x releases lines on or shortly after Thursday, November 3, 2022 in order to address: One medium severity issues. Two high severity issues that affect OpenSSL as per secadv/20221101.txt ... more

Node v14.21.0 (LTS)

Notable changes deps : update corepack to 0.14.2 (Node.js GitHub Bot) #44775 src : add --openssl-shared-config option (Daniel Bevenius) #43124 Commits [ 773f587912 ] - deps : cherry-pick libuv/[email protected] (Ben Noordhuis) #43950 [ a1dea66956 ] - deps ... more

OpenSSL november security release

Summary The Node.js project may be releasing new versions across all of its supported release lines in the first week of November to incorporate upstream patches from OpenSSL. Please read on for full details. OpenSSL The OpenSSL project announced will ... more

Node v18.12.0 (LTS)

Notable Changes This release marks the transition of Node.js 18.x into Long Term Support (LTS) with the codename 'Hydrogen'. The 18.x release line now moves into "Active LTS" and will remain so until October 2023. After that time, it will move ... more

OpenSSL and zlib update assessment, and Node.js Assessment workflow

Summary The vulnerability in the OpenSSL Security release of Oct 11 2022 does not affect any active Node.js release lines, as well as the zlib vulnerability (CVE-2022-37434) patched on the zlib Security release of Oct 13 2022, does not affect Node.js. ... more

Node.js 19 is now available!

We’re excited to announce that Node.js 19 was released today! Highlights include the update of the V8 JavaScript engine to 10.7, and HTTP(s)/1.1 KeepAlive enabled by default. Node.js 19 will replace Node.js 18 as our ‘Current’ release line when Node.js ... more

Node v19.0.0 (Current)

Notable Changes Deprecations and Removals [ 7dd2f41c73 ] - (SEMVER-MAJOR) module : runtime deprecate exports double slash maps (Guy Bedford) #44495 [ ada2d053ae ] - (SEMVER-MAJOR) process : runtime deprecate coercion to integer in process.exit() (Daeyeon ... more

Node v18.11.0 (Current)

Notable changes watch mode (experimental) Running in 'watch' mode using node --watch restarts the process when an imported file is changed. Contributed by Moshe Atlow in #44366 Other notable changes fs : (SEMVER-MINOR) add FileHandle.prototype.readLines ... more

Node v16.18.0 (LTS)

Notable changes [ 1cc050eaa8 ] - (SEMVER-MINOR) assert : add getCalls and reset to callTracker (Moshe Atlow) #44191 [ e5c9975f11 ] - (SEMVER-MINOR) crypto : allow zero-length secret KeyObject (Filip Skokan) #44201 [ 317cd051ce ] - (SEMVER-MINOR) crypto ... more

Node v18.10.0 (Current)

Notable changes doc : (SEMVER-MINOR) deprecate modp1, modp2, and modp5 groups (Tobias Nießen) #44588 add legendecas to TSC list (Michael Dawson) #44662 move policy docs to the permissions scope (Rafael Gonzaga) #44222 gyp : libnode for ios app embedding ... more

Node v18.9.1 (Current)

Notable changes The following CVEs are fixed in this release: CVE-2022-32212 : DNS rebinding in --inspect on macOS (High) Insufficient fix for macOS devices on v18.5.0 CVE-2022-32222 : Node 18 reads openssl.cnf from /home/iojs/build/ upon startup on ... more

Node v14.20.1 (LTS)

Notable changes The following CVEs are fixed in this release: CVE-2022-32212 : DNS rebinding in --inspect on macOS (High) CVE-2022-32213 : bypass via obs-fold mechanic (Medium) CVE-2022-35256 : HTTP Request Smuggling Due to Incorrect Parsing of Header ... more

Node v16.17.1 (LTS)

This is a security release. Notable changes The following CVEs are fixed in this release: CVE-2022-32212 : DNS rebinding in --inspect on macOS (High) CVE-2022-32213 : bypass via obs-fold mechanic (Medium) CVE-2022-35255 : Weak randomness in WebCrypto ... more

September 22nd 2022 Security Releases

Summary The Node.js project will release new versions of the 14.x, 16.x, and 18.x releases lines on or shortly after Thursday, September 22nd, 2022 in order to address: Three medium severity issues. One high severity issues. Impact The 18.x release line ... more

Node v18.9.0 (Current)

Notable changes doc add daeyeon to collaborators (Daeyeon Jeong) #44355 lib (SEMVER-MINOR) add diagnostics channel for process and worker (theanarkh) #44045 os (SEMVER-MINOR) add machine method (theanarkh) #44416 report (SEMVER-MINOR) expose report public ... more

Node v18.8.0 (Current)

Notable changes bootstrap: implement run-time user-land snapshots via --build-snapshot and --snapshot-blob This patch introduces --build-snapshot and --snapshot-blob options for creating and using user land snapshots. To generate a snapshot using snapshot.js ... more

Node v16.17.0 (LTS)

Notable Changes Experimental command-line argument parser API Adds util.parseArgs helper for higher level command-line argument parsing. Contributed by Benjamin Coe, John Gee, Darcy Clarke, Joe Sepi, Kevin Gibbons, Aaron Casanova, Jessica Nahulan, and ... more

Node v18.7.0 (Current)

Notable changes doc : add F3n67u to collaborators (Feng Yu) #43953 deprecate coercion to integer in process.exit (Daeyeon Jeong) #43738 (SEMVER-MINOR) deprecate diagnostics_channel object subscribe method (Stephen Belanger) #42714 events : (SEMVER-MINOR) ... more

Node v18.6.0 (Current)

Notable Changes Experimental ESM Loader Hooks API Node.js ESM Loader hooks now support multiple custom loaders, and composition is achieved via "chaining": foo-loader calls bar-loader calls qux-loader (a custom loader must now signal a short ... more

Node v14.20.0 (LTS)

Notable Changes [ 8e8aef836c ] - (SEMVER-MAJOR) src,deps,build,test : add OpenSSL config appname (Daniel Bevenius) #43124 [ 98965b137d ] - deps : upgrade openssl sources to 1.1.1q (RafaelGSS) #43686 Commits [ b93e048bf6 ] - deps : update archs files ... more

Node v18.5.0 (Current)

Notable Changes [ 3f0c3e142d ] - (SEMVER-MAJOR) src,deps,build,test : add OpenSSL config appname (Daniel Bevenius) #43124 [ 9578158ff8 ] - (SEMVER-MAJOR) src,doc,test : add --openssl-shared-config option (Daniel Bevenius) #43124 Node.js now reads nodejs_conf ... more

Node v16.16.0 (LTS)

Notable changes deps : upgrade openssl sources to OpenSSL_1_1_1q (RafaelGSS) #43692 src : add OpenSSL config appname (Daniel Bevenius) #43124 Commits [ 2303fd3fe5 ] - deps : update archs files for OpenSSL-1.1.1q (RafaelGSS) #43692 [ b219a63c28 ] - deps ... more