Releases

Notable Changes Say hello to V8 9.2 The V8 engine is updated to version 9.2.230.21. It notably introduces the new 1Array.prototype.at method (also on Typed Arrays and strings): 1234<span class="token keyword">const</span> array <span class="token operator">=</span> <span class="token punctuation">[</span><span class="token number">1</span><span class="token punctuation">,</span> <span class="token number">2</span><span class="token punctuation">,</span> <span class="token number">3</span><span Read more…

Notable Changes CVE-2021-22930: Use after free on close http2 on stream canceling (High) Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930 This releases also fixes some Read more…

Notable Changes CVE-2021-22930: Use after free on close http2 on stream canceling (High) Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930 Commits [ 1499e56babe ] – Read more…

Notable Changes Experimental Web Streams API Node.js now exposes an experimental implementation of the Web Streams API. While it is experimental, the API is not exposed on the global object and is only accessible using the new 1stream/web core module: 12import { ReadableStream, WritableStream } from <span class="token entity named-entity" Read more…

Notable Changes Node.js 16.4.1 introduced a regression in the Windows installer on non-English locales that is being fixed in this release. There is no need to download this release if you are not using the Windows installer. Commits [ 176e709ec63 ] – win,msi: use localized “Authenticated Users” name (Richard Lau) Read more…

Notable Changes Node.js 14.17.2 introduced a regression in the Windows installer on non-English locales that is being fixed in this release. There is no need to download this release if you are not using the Windows installer. Commits [ 10f00104a2c ] – win,msi: use localized “Authenticated Users” name (Richard Lau) Read more…

Notable Changes Node.js 12.22.2 introduced a regression in the Windows installer on non-English locales that is being fixed in this release. There is no need to download this release if you are not using the Windows installer. Commits [ 1182f86a4d4 ] – win,msi: use localized “Authenticated Users” name (Richard Lau) Read more…

Notable Changes Vulnerabilities fixed: CVE-2021-22918: libuv upgrade – Out of bounds read (Medium) Node.js is vulnerable to out-of-bounds read in libuv’s uv__idna_toascii() function which is used to convert strings to ASCII. This is called by Node’s dns module’s lookup() function and can lead to information disclosures or crashes. You can Read more…

Notable Changes Vulnerabilities fixed: CVE-2021-22918: libuv upgrade – Out of bounds read (Medium) Node.js is vulnerable to out-of-bounds read in libuv’s uv__idna_toascii() function which is used to convert strings to ASCII. This is called by Node’s dns module’s lookup() function and can lead to information disclosures or crashes. You can Read more…

Notable Changes Vulnerabilities fixed: CVE-2021-22918: libuv upgrade – Out of bounds read (Medium) Node.js is vulnerable to out-of-bounds read in libuv’s uv__idna_toascii() function which is used to convert strings to ASCII. This is called by Node’s dns module’s lookup() function and can lead to information disclosures or crashes. You can Read more…