Notable changes Vulnerabilities fixed: CVE-2021-22883: HTTP2 ‘unknownProtocol’ cause Denial of Service by resource exhaustion Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an ‘unknownProtocol’ are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on Read more…
Notable changes Vulnerabilities fixed: CVE-2021-22883: HTTP2 ‘unknownProtocol’ cause Denial of Service by resource exhaustion Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an ‘unknownProtocol’ are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on Read more…
Notable changes Vulnerabilities fixed: CVE-2021-22883: HTTP2 ‘unknownProtocol’ cause Denial of Service by resource exhaustion Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an ‘unknownProtocol’ are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on Read more…
Notable changes Vulnerabilities fixed: CVE-2021-22883: HTTP2 ‘unknownProtocol’ cause Denial of Service by resource exhaustion Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an ‘unknownProtocol’ are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on Read more…
Notable Changes crypto: add keyObject.export() ‘jwk’ format option (Filip Skokan) #37081 deps: upgrade to libuv 1.41.0 (Colin Ihrig) #37360 doc: add dmabupt to collaborators (Xu Meng) #37377 refactor fs docs structure (James M Snell) #37170 fs: add fsPromises.watch() (James M Snell) #37179 use a default callback for fs.close() (James M Read more…
Notable changes deps: upgrade npm to 6.14.11 (Ruy Adorno) #37173 Commits [ 1e8a4e560ea ] – async_hooks: fix leak in AsyncLocalStorage exit (Stephen Belanger) #35779 [ 1427968d266 ] – deps: upgrade npm to 6.14.11 (Ruy Adorno) #37173 [ 1cd9a8106be ] – http: do not loop over prototype in Agent (Michaël Zasso) Read more…
Notable changes The update to npm 6.14.11 has been relanded so that npm correctly reports its version. Commits [ 1953a85035d ] – crypto: fix crash when calling digest after piping (Tobias Nießen) #28251 [ 1fe2c98003e ] – deps: upgrade npm to 6.14.11 (Ruy Adorno) #37173 [ 17b7fb43b8a ] – Revert Read more…
Notable Changes deps: upgrade npm to 6.14.11 (Ruy Adorno) #37173 V8: backport dfcf1e86fac0 (Michaël Zasso) #37245 Note: Node.js is not believed to be vulnerable to CVE-2021-21148. stream,zlib: do not use _stream_* anymore (Matteo Collina) #36618 Commits [ 120b1e6c802 ] – deps: V8: backport dfcf1e86fac0 (Michaël Zasso) #37245 [ 1408c7a65f3 ] Read more…
Notable Changes This release marks the transition of Node.js 14.x into Long Term Support (LTS) with the codename ‘Fermium’. The 14.x release line now moves into “Active LTS” and will remain so until October 2021. After that time, it will move into “Maintenance” until end of life in April 2023. Read more…
Notable changes Vulnerabilities fixed: CVE-2020-8265: use-after-free in TLSWrap (High) Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, Read more…
