Notable Changes fs: experimental: add recursive cp method (Benjamin Coe) #39372 Commits [ 1a80c989306 ] – async_hooks: merge resource_symbol with owner_symbol (Darshan Sen) #38468 [ 169a2a6b6c3 ] – bootstrap: call _undestroy() inside _destroy for stdout and stderr (Matteo Collina) #39685 [ 15bc31ea0aa ] – buffer: add endings option, remove Node.js Read more…
Notable Changes CVE-2021-3672/CVE-2021-22931: Improper handling of untypical characters in domain names (High) Node.js was vulnerable to Remote Code Execution, XSS, application crashes due to missing input validation of hostnames returned by Domain Name Servers in the Node.js DNS library which can lead to the output of wrong hostnames (leading to Read more…
Notable Changes CVE-2021-3672/CVE-2021-22931: Improper handling of untypical characters in domain names (High) Node.js was vulnerable to Remote Code Execution, XSS, application crashes due to missing input validation of hostnames returned by Domain Name Servers in the Node.js DNS library which can lead to the output of wrong hostnames (leading to Read more…
Notable Changes CVE-2021-3672/CVE-2021-22931: Improper handling of untypical characters in domain names (High) Node.js was vulnerable to Remote Code Execution, XSS, application crashes due to missing input validation of hostnames returned by Domain Name Servers in the Node.js DNS library which can lead to the output of wrong hostnames (leading to Read more…
Notable Changes Updated npm to 7.20.3 (npm team) #39579 Reverted an ABI-breaking change from V8 9.2 that could impact some native modules (MichaĆ«l Zasso) #39624 Fixed a bug in error handling known to affect at least Webpack and Jest (Guy Bedford) #39593 Commits [ 16c769ccedf ] – build: override python Read more…
Notable Changes Say hello to V8 9.2 The V8 engine is updated to version 9.2.230.21. It notably introduces the new 1Array.prototype.at method (also on Typed Arrays and strings): 1234<span class="token keyword">const</span> array <span class="token operator">=</span> <span class="token punctuation">[</span><span class="token number">1</span><span class="token punctuation">,</span> <span class="token number">2</span><span class="token punctuation">,</span> <span class="token number">3</span><span Read more…
Notable Changes CVE-2021-22930: Use after free on close http2 on stream canceling (High) Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930 This releases also fixes some Read more…
Notable Changes CVE-2021-22930: Use after free on close http2 on stream canceling (High) Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930 Commits [ 1499e56babe ] – Read more…
Notable Changes Experimental Web Streams API Node.js now exposes an experimental implementation of the Web Streams API. While it is experimental, the API is not exposed on the global object and is only accessible using the new 1stream/web core module: 12import { ReadableStream, WritableStream } from <span class="token entity named-entity" Read more…
Notable Changes Node.js 16.4.1 introduced a regression in the Windows installer on non-English locales that is being fixed in this release. There is no need to download this release if you are not using the Windows installer. Commits [ 176e709ec63 ] – win,msi: use localized “Authenticated Users” name (Richard Lau) Read more…
