Notable changes The following CVEs are fixed in this release: CVE-2022-43548: DNS rebinding in –inspect via invalid octal IP address (Medium) More detailed information on each of the vulnerabilities can be found in November 2022 Security Releases blog post. Commits [ 19ffddd7098 ] – inspector: harden IP address validation again Read more…
Notable changes The following CVEs are fixed in this release: CVE-2022-43548: DNS rebinding in –inspect via invalid octal IP address (Medium) More detailed information on each of the vulnerabilities can be found in November 2022 Security Releases blog post. Commits [ 12b433af094 ] – inspector: harden IP address validation again Read more…
Notable changes deps: update corepack to 0.14.2 (Node.js GitHub Bot) #44775 src: add –openssl-shared-config option (Daniel Bevenius) #43124 Commits [ 1773f587912 ] – deps: cherry-pick libuv/libuv@3a7b955 (Ben Noordhuis) #43950 [ 1a1dea66956 ] – deps: cherry-pick libuv/libuv@abb109f (Ben Noordhuis) #43950 [ 198c49d81f5 ] – deps: update corepack to 0.14.2 (Node.js GitHub Read more…
Notable Changes This release marks the transition of Node.js 18.x into Long Term Support (LTS) with the codename ‘Hydrogen’. The 18.x release line now moves into “Active LTS” and will remain so until October 2023. After that time, it will move into “Maintenance” until end of life in April 2025. Read more…
Notable Changes Deprecations and Removals [ 17dd2f41c73 ] – (SEMVER-MAJOR) module: runtime deprecate exports double slash maps (Guy Bedford) #44495 [ 1ada2d053ae ] – (SEMVER-MAJOR) process: runtime deprecate coercion to integer in 1process.exit() (Daeyeon Jeong) #44711 HTTP(S)/1.1 KeepAlive by default Starting with this release, Node.js sets 1keepAlive to true by Read more…
Notable changes watch mode (experimental) Running in ‘watch’ mode using 1node –watch restarts the process when an imported file is changed. Contributed by Moshe Atlow in #44366 Other notable changes fs: (SEMVER-MINOR) add 1FileHandle.prototype.readLines (Antoine du Hamel) #42590 http: (SEMVER-MINOR) add writeEarlyHints function to ServerResponse (Wing) #44180 http2: (SEMVER-MINOR) make Read more…
Notable changes [ 11cc050eaa8 ] – (SEMVER-MINOR) assert: add 1getCalls and 1reset to callTracker (Moshe Atlow) #44191 [ 1e5c9975f11 ] – (SEMVER-MINOR) crypto: allow zero-length secret KeyObject (Filip Skokan) #44201 [ 1317cd051ce ] – (SEMVER-MINOR) crypto: allow zero-length IKM in HKDF and in webcrypto PBKDF2 (Filip Skokan) #44201 [ 1f80bdc5ef3 Read more…
Notable changes doc: (SEMVER-MINOR) deprecate modp1, modp2, and modp5 groups (Tobias Nießen) #44588 add legendecas to TSC list (Michael Dawson) #44662 move 1policy docs to the 1permissions scope (Rafael Gonzaga) #44222 gyp: libnode for ios app embedding (chexiongsheng) #44210 http: (SEMVER-MINOR) throw error on content-length mismatch (sidwebworks) #44588 stream: (SEMVER-MINOR) Read more…
Notable changes The following CVEs are fixed in this release: CVE-2022-32212: DNS rebinding in –inspect on macOS (High) Insufficient fix for macOS devices on v18.5.0 CVE-2022-32222: Node 18 reads openssl.cnf from /home/iojs/build/ upon startup on MacOS (Medium) CVE-2022-32213: HTTP Request Smuggling – Flawed Parsing of Transfer-Encoding (Medium) Insufficient fix on Read more…
This is a security release. Notable changes The following CVEs are fixed in this release: CVE-2022-32212: DNS rebinding in –inspect on macOS (High) CVE-2022-32213: bypass via obs-fold mechanic (Medium) CVE-2022-35255: Weak randomness in WebCrypto keygen CVE-2022-35256: HTTP Request Smuggling – Incorrect Parsing of Header Fields (Medium) More detailed information on Read more…
