April 2021 Security Releases

Summary The Node.js project will release new versions of all supported release lines on or shortly after Tuesday, April 6th, 2021. Three High severity issues Impact The 15.x release line of Node.js is vulnerable to two high severity issues. The 14.x release line of Node.js is vulnerable to three high Read more…

February 2021 Security Releases

Summary The Node.js project will release new versions of all supported release lines on or shortly after Tuesday, February 23th, 2021. One Critical serverity issue One High serverity issue One Low serverity issue Impact The 15.x release line of Node.js is vulnerable to one critical severity issue, one high severity Read more…

June 2018 Security Releases

(Update 12-June-2018) Security releases available Summary Updates are now available for all active Node.js release lines. These include the fix for the vulnerabilities identified in the initial announcement (below). We recommend that all users upgrade as soon as possible. Downloads & release details Node.js 10.4.1 (Current) Node.js 9.11.2 Node.js 8.11.3 Read more…

March 2018 Security Releases

(Update 28-March-2018) Security releases available Summary Updates are now available for all active Node.js release lines. These include the fix for the vulnerabilities identified in the initial announcement (below). In addition to the vulnerabilities in the initial announcement, we have also included a fix for a vulnerability in the Node.js Read more…

Meltdown and Spectre – Impact On Node.js

Summary Project zero has recently announced some new attacks that have received a lot of attention: https://googleprojectzero.blogspot.ca/2018/01/reading-privileged-memory-with-side.html. The risk from these attacks to systems running Node.js resides in the systems in which your Node.js applications run, as opposed to the Node.js runtime itself. The trust model for Node.js assumes you Read more…

OpenSSL update, 1.0.2m

(Update 8-Nov-2017) Node.js Releases Releases were made available for active lines yesterday, each including the OpenSSL 1.0.2m update. As we have not categorized these strictly as security releases they also contain other minor fixes and additions as per our regular release procedures. While we don’t consider OpenSSL 1.0.2m a critical Read more…

DOS security vulnerability, October 2017

(Update 24-October-2017) Releases available Summary Updates are now available for all active Node.js release lines. These include the fix for the vulnerability identified in the initial announcement. We recommend that all users upgrade as soon as possible. Downloads Node.js v8 (Current) Node.js v6 (LTS “Boron”) Node.js v4 (LTS “Argon”) Node.js-specific Read more…

January 2021 Security Releases

(Update 4-Jan-2021) Security releases available Updates are now available for v10,x, v12.x, v14.x and v15.x Node.js release lines for the following issues. In addition to the vulnerabilities listed below, these releases also include an update to npm in order to resolve an issue that was reported against npm by security Read more…