News

Notable Changes crypto: update certdata to NSS 3.56 (Shelley Vohr) https://github.com/nodejs/node/pull/35546 deps: update llhttp to 2.1.3 (Fedor Indutny) https://github.com/nodejs/node/pull/35435 (SEMVER-MINOR) upgrade to libuv 1.40.0 (Colin Ihrig) https://github.com/nodejs/node/pull/35333 doc: add aduh95 to collaborators (Antoine du Hamel) https://github.com/nodejs/node/pull/35542 fs: (SEMVER-MINOR) add .ref() and .unref() methods to watcher classes (rickyes) https://github.com/nodejs/node/pull/33134 http: (SEMVER-MINOR) Read more…

Notable Changes [ 1110063d694 ] – (SEMVER-MINOR) crypto: add generatePrime/checkPrime (James M Snell) #36997 [ 153a0bdff47 ] – (SEMVER-MINOR) crypto: experimental (Ed/X)25519/(Ed/X)448 support (James M Snell) #36879 [ 103460432af ] – deps: upgrade npm to 7.5.0 (Ruy Adorno) #37117 This update adds a new 1npm diff command. [ 12c7ad38c75 ] Read more…

Notable changes Release keys have been synchronized with the main branch. deps: upgrade npm to 6.14.11 (Darcy Clarke) #36838 Commits [ 1cc6b69557a ] – deps: upgrade npm to 6.14.11 (Darcy Clarke) #36838 [ 1aefb66528a ] – doc: update contact information for @BethGriggs (Beth Griggs) #35451 [ 108931481d8 ] – doc: Read more…

Notable changes buffer: introduce Blob (James M Snell) #36811 add base64url encoding option (Filip Skokan) #36952 doc: add @iansu to collaborators (Ian Sutherland) #36951 add @RaisinTen to collaborators (Darshan Sen) #36998 add @miladfarca to collaborators (Milad Fa) #36934 fs: allow 1position parameter to be a 1BigInt in read and readSync Read more…

Notable Changes child_process: add ‘overlapped’ stdio flag (Thiago Padilha) #29412 support AbortSignal in fork (Benjamin Gruenbaum) #36603 crypto: implement basic secure heap support (James M Snell) #36779 fixup bug in keygen error handling (James M Snell) #36779 introduce X509Certificate API (James M Snell) #36804 implement randomuuid (James M Snell) #36729 Read more…

Notable changes This is a security release. Vulnerabilities fixed: CVE-2020-8265: use-after-free in TLSWrap (High) Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method Read more…

Notable changes This is a security release. Vulnerabilities fixed: CVE-2020-8265: use-after-free in TLSWrap (High) Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method Read more…

Notable Changes Vulnerabilities fixed: CVE-2020-1971: OpenSSL – EDIPARTYNAME NULL pointer de-reference (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20201208.txt CVE-2020-8265: use-after-free in TLSWrap (High) Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. Read more…