Notable Changes Deprecations and Removals (SEMVER-MAJOR) fs: remove permissive rmdir recursive (Antoine du Hamel) #37216 (SEMVER-MAJOR) fs: runtime deprecate rmdir recursive option (Antoine du Hamel) #37302 (SEMVER-MAJOR) lib: runtime deprecate access to process.binding(‘http_parser’) (James M Snell) #37813 (SEMVER-MAJOR) lib: runtime deprecate access to process.binding(‘url’) (James M Snell) #37799 (SEMVER-MAJOR) lib: Read more…
Notable Changes Vulnerabilties Fixed: CVE-2021-3450: OpenSSL – CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt Impacts: All versions of the 15.x, 14.x, 12.x and 10.x releases lines CVE-2021-3449: OpenSSL – NULL Read more…
Notable Changes Vulnerabilities fixed: CVE-2021-3450: OpenSSL – CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt Impacts: All versions of the 15.x, 14.x, 12.x and 10.x releases lines CVE-2021-3449: OpenSSL – NULL Read more…
Notable Changes Vulnerabilities fixed: CVE-2021-3450: OpenSSL – CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt Impacts: All versions of the 15.x, 14.x, 12.x and 10.x releases lines CVE-2021-3449: OpenSSL – NULL Read more…
Notable Changes Vulerabilties fixed: CVE-2021-3450: OpenSSL – CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt Impacts: All versions of the 15.x, 14.x, 12.x and 10.x releases lines CVE-2021-3449: OpenSSL – NULL Read more…
Notable Changes buffer: implement btoa and atob (James M Snell) #37529 deps: upgrade npm to 7.7.6 (Ruy Adorno) #37968 This update adds workspaces support to 1npm run and 1npm exec doc: add legacy status to stability index (James M Snell) #37784 add @linkgoron to collaborators (Nitzan Uziely) #37817 http: add Read more…
Notable changes The legacy HTTP parser is runtime deprecated The legacy HTTP parser, selected by the 1–http-parser=legacy command line option, is deprecated with the pending End-of-Life of Node.js 10.x (where it is the only HTTP parser implementation provided) at the end of April 2021. It will now warn on use Read more…
Notable Changes crypto: add optional callback to crypto.sign and crypto.verify (Filip Skokan) #37500 support JWK objects in create*Key (Filip Skokan) #37254 deps: switch openssl to quictls/openssl (James M Snell) #37601 update to cjs-module-lexer@1.1.0 (Guy Bedford) #37712 fs: improve fsPromises writeFile performance (Nitzan Uziely) #37610 improve fsPromises readFile performance (Nitzan Uziely) Read more…
Notable Changes [ 1a3e3156b52 ] – (SEMVER-MINOR) crypto: make FIPS related options always awailable (Vít Ondruch) #36341 [ 19ba5c0f9ba ] – (SEMVER-MINOR) errors: remove experimental from –enable-source-maps (Benjamin Coe) #37362 Commits [ 1d039e6fa80 ] – assert: refactor to avoid unsafe array iteration (Antoine du Hamel) #37344 [ 1d2e5529e08 ] – Read more…
Notable changes Vulnerabilities fixed: CVE-2021-22883: HTTP2 ‘unknownProtocol’ cause Denial of Service by resource exhaustion Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an ‘unknownProtocol’ are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on Read more…
