Node v15.11.0 (Current)

Notable Changes [ 1a3e3156b52 ] – (SEMVER-MINOR) crypto: make FIPS related options always awailable (Vít Ondruch) #36341 [ 19ba5c0f9ba ] – (SEMVER-MINOR) errors: remove experimental from –enable-source-maps (Benjamin Coe) #37362 Commits [ 1d039e6fa80 ] – assert: refactor to avoid unsafe array iteration (Antoine du Hamel) #37344 [ 1d2e5529e08 ] – Read more…

Node v12.21.0 (LTS)

Notable changes Vulnerabilities fixed: CVE-2021-22883: HTTP2 ‘unknownProtocol’ cause Denial of Service by resource exhaustion Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an ‘unknownProtocol’ are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on Read more…

Node v15.10.0 (Current)

Notable changes Vulnerabilities fixed: CVE-2021-22883: HTTP2 ‘unknownProtocol’ cause Denial of Service by resource exhaustion Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an ‘unknownProtocol’ are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on Read more…

Node v10.24.0 (LTS)

Notable changes Vulnerabilities fixed: CVE-2021-22883: HTTP2 ‘unknownProtocol’ cause Denial of Service by resource exhaustion Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an ‘unknownProtocol’ are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on Read more…

Node v14.16.0 (LTS)

Notable changes Vulnerabilities fixed: CVE-2021-22883: HTTP2 ‘unknownProtocol’ cause Denial of Service by resource exhaustion Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an ‘unknownProtocol’ are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on Read more…

February 2021 Security Releases

Summary The Node.js project will release new versions of all supported release lines on or shortly after Tuesday, February 23th, 2021. One Critical serverity issue One High serverity issue One Low serverity issue Impact The 15.x release line of Node.js is vulnerable to one critical severity issue, one high severity Read more…

An interview with Ryan Dahl

#376 — February 18, 2021 Read on the Web Node Weekly Avoiding npm Substitution Attacks — Recently there have been some high profile examples of supply chain attacks on popular source code repositories, such as where fake or eponymous packages are published, but you can reduce your attack surface by Read more…

Node v15.9.0 (Current)

Notable Changes crypto: add keyObject.export() ‘jwk’ format option (Filip Skokan) #37081 deps: upgrade to libuv 1.41.0 (Colin Ihrig) #37360 doc: add dmabupt to collaborators (Xu Meng) #37377 refactor fs docs structure (James M Snell) #37170 fs: add fsPromises.watch() (James M Snell) #37179 use a default callback for fs.close() (James M Read more…