Node v17.4.0 (Current)

Notable Changes [ 1ef6f98c2e3 ] – (SEMVER-MINOR) child_process: add support for URL to 1cp.fork (Antoine du Hamel) #41225 [ 1d62fe315c2 ] – (SEMVER-MINOR) crypto: alias webcrypto.subtle and webcrypto.getRandomValues on crypto (James M Snell) #41266 [ 1fcb37e9ce5 ] – doc: add Mesteery to collaborators (Mestery) #41543 [ 14079fc42b7 ] – (SEMVER-MINOR) Read more…

Node v16.13.2 (LTS)

Notable changes Improper handling of URI Subject Alternative Names (Medium)(CVE-2021-44531) Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js was accepting URI SAN types, which PKIs are often not defined to use. Additionally, Read more…

Node v14.18.3 (LTS)

Notable changes Improper handling of URI Subject Alternative Names (Medium)(CVE-2021-44531) Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js was accepting URI SAN types, which PKIs are often not defined to use. Additionally, Read more…

Node v17.3.1 (Current)

Notable changes Improper handling of URI Subject Alternative Names (Medium)(CVE-2021-44531) Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js was accepting URI SAN types, which PKIs are often not defined to use. Additionally, Read more…

Node v12.22.9 (LTS)

Notable changes Improper handling of URI Subject Alternative Names (Medium)(CVE-2021-44531) Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js was accepting URI SAN types, which PKIs are often not defined to use. Additionally, Read more…

Node v17.3.0 (Current)

Notable changes OpenSSL-3.0.1 OpenSSL-3.0.1 contains a fix for CVE-2021-4044: Invalid handling of X509_verify_cert() internal errors in libssl (Moderate). This is a vulnerability in OpenSSL that may be exploited through Node.js. More information can be read here: https://www.openssl.org/news/secadv/20211214.txt. Contributed by Richard Lau #41177. Other Notable Changes lib: make AbortSignal cloneable/transferable (James Read more…

Node v12.22.8 (LTS)

Notable Changes This release contains a c-ares update to fix a regression introduced in Node.js 12.22.5 resolving CNAME records containing underscores #39780. Root certificates have been updated to those from Mozilla’s Network Security Services 3.71 #40281. Commits [ 12d42295d2a ] – build: pin macOS GitHub runner to macos-10.15 (Richard Lau) Read more…

Node v16.13.1 (LTS)

Notable Changes [ 1c14eb2325d ] – deps: upgrade npm to 8.1.2 (npm team) #40643 [ 1a901b6c53c ] – deps: update c-ares to 1.18.1 (Richard Lau) #40660 This release contains a c-ares update to fix a regression introduced in Node.js v16.6.2 resolving CNAME records containing underscores (#39780). [ 1755c08573f ] – Read more…

Node v17.2.0 (Current)

Notable Changes [ 106916490af ] – (SEMVER-MINOR) async_hooks: expose async_wrap providers (Rafael Gonzaga) #40760 [ 1371ee64c92 ] – (SEMVER-MINOR) deps: update V8 to 9.6.180.14 (Michaël Zasso) #40488 [ 1675c210b04 ] – (SEMVER-MINOR) lib: add reason to AbortSignal (James M Snell) #40807 [ 10de2850680 ] – (SEMVER-MINOR) src: add x509.fingerprint512 to Read more…

Node v14.18.2 (LTS)

Notable changes This release contains a c-ares update to fix a regression introduced in Node.js 14.17.5 resolving CNAME records containing underscores #39780. Also included are commits to allow Node.js 14 to continue to build and pass tests on our Jenkins CI, including adding Python 3.10 to the list of allowable Read more…