Notable Changes OpenSSL 1.1.1s This update is a bugfix release and does not address any security vulnerabilities. Root certificates updated to NSS 3.85 Certificates added: Autoridad de Certificacion Firmaprofesional CIF A62634068 Certainly Root E1 Certainly ... more
Notable Changes OpenSSL 1.1.1s This update is a bugfix release and does not address any security vulnerabilities. Root certificates updated to NSS 3.85 Certificates added: Autoridad de Certificacion Firmaprofesional CIF A62634068 Certainly Root E1 Certainly ... more
Notable changes Time zone update Time zone data has been updated to 2022f. This includes changes to Daylight Savings Time (DST) for Fiji and Mexico. For more information, see https://mm.icann.org/pipermail/tz-announce/2022-October/000075.html. Other ... more
Notable changes Support function mocking on Node.js test runner The node:test module supports mocking during testing via a top-level mock object. test('spies on an object method', (t) => { const number = { value: 5, add(a) { return this.value + a; ... more
Notable changes The following CVEs are fixed in this release: CVE-2022-3602 : X.509 Email Address 4-byte Buffer Overflow (High) CVE-2022-3786 : X.509 Email Address Variable Length Buffer Overflow (High) CVE-2022-43548 : DNS rebinding in --inspect via ... more
Notable changes The following CVEs are fixed in this release: CVE-2022-3602 : X.509 Email Address 4-byte Buffer Overflow (High) CVE-2022-3786 : X.509 Email Address Variable Length Buffer Overflow (High) CVE-2022-43548 : DNS rebinding in --inspect via ... more
Notable changes The following CVEs are fixed in this release: CVE-2022-43548 : DNS rebinding in --inspect via invalid octal IP address (Medium) More detailed information on each of the vulnerabilities can be found in November 2022 Security Releases blog ... more
Notable changes The following CVEs are fixed in this release: CVE-2022-43548 : DNS rebinding in --inspect via invalid octal IP address (Medium) More detailed information on each of the vulnerabilities can be found in November 2022 Security Releases blog ... more
Summary The Node.js project will release new versions of the 14.x, 16.x, 18.x, 19.x releases lines on or shortly after Thursday, November 3, 2022 in order to address: One medium severity issues. Two high severity issues that affect OpenSSL as per secadv/20221101.txt ... more
Summary The Node.js project may be releasing new versions across all of its supported release lines in the first week of November to incorporate upstream patches from OpenSSL. Please read on for full details. OpenSSL The OpenSSL project announced will ... more
Notable Changes This release marks the transition of Node.js 18.x into Long Term Support (LTS) with the codename 'Hydrogen'. The 18.x release line now moves into "Active LTS" and will remain so until October 2023. After that time, it will move ... more
Summary The vulnerability in the OpenSSL Security release of Oct 11 2022 does not affect any active Node.js release lines, as well as the zlib vulnerability (CVE-2022-37434) patched on the zlib Security release of Oct 13 2022, does not affect Node.js. ... more
We’re excited to announce that Node.js 19 was released today! Highlights include the update of the V8 JavaScript engine to 10.7, and HTTP(s)/1.1 KeepAlive enabled by default. Node.js 19 will replace Node.js 18 as our ‘Current’ release line when Node.js ... more
Notable changes watch mode (experimental) Running in 'watch' mode using node --watch restarts the process when an imported file is changed. Contributed by Moshe Atlow in #44366 Other notable changes fs : (SEMVER-MINOR) add FileHandle.prototype.readLines ... more
Notable changes The following CVEs are fixed in this release: CVE-2022-32212 : DNS rebinding in --inspect on macOS (High) Insufficient fix for macOS devices on v18.5.0 CVE-2022-32222 : Node 18 reads openssl.cnf from /home/iojs/build/ upon startup on ... more
Notable changes The following CVEs are fixed in this release: CVE-2022-32212 : DNS rebinding in --inspect on macOS (High) CVE-2022-32213 : bypass via obs-fold mechanic (Medium) CVE-2022-35256 : HTTP Request Smuggling Due to Incorrect Parsing of Header ... more
This is a security release. Notable changes The following CVEs are fixed in this release: CVE-2022-32212 : DNS rebinding in --inspect on macOS (High) CVE-2022-32213 : bypass via obs-fold mechanic (Medium) CVE-2022-35255 : Weak randomness in WebCrypto ... more
Summary The Node.js project will release new versions of the 14.x, 16.x, and 18.x releases lines on or shortly after Thursday, September 22nd, 2022 in order to address: Three medium severity issues. One high severity issues. Impact The 18.x release line ... more
Notable changes doc add daeyeon to collaborators (Daeyeon Jeong) #44355 lib (SEMVER-MINOR) add diagnostics channel for process and worker (theanarkh) #44045 os (SEMVER-MINOR) add machine method (theanarkh) #44416 report (SEMVER-MINOR) expose report public ... more
Notable changes bootstrap: implement run-time user-land snapshots via --build-snapshot and --snapshot-blob This patch introduces --build-snapshot and --snapshot-blob options for creating and using user land snapshots. To generate a snapshot using snapshot.js ... more
Notable Changes Experimental command-line argument parser API Adds util.parseArgs helper for higher level command-line argument parsing. Contributed by Benjamin Coe, John Gee, Darcy Clarke, Joe Sepi, Kevin Gibbons, Aaron Casanova, Jessica Nahulan, and ... more
Notable Changes Experimental ESM Loader Hooks API Node.js ESM Loader hooks now support multiple custom loaders, and composition is achieved via "chaining": foo-loader calls bar-loader calls qux-loader (a custom loader must now signal a short ... more