Summary The Node.js project will release new versions of 12.x, and 14.x releases lines on or shortly after Tuesday August 31th, 2021 in order to address: Three high severity issues, and two moderate severity issues. Impact The 14.x release line of Node.js is vulnerable to three high severity issues, and Read more…
Summary The Node.js project will release new versions of all supported release lines on or shortly after Wednesday August 11th, 2021 in order to address: Two high severity issues and one low severity issue. Impact The 16.x release line of Node.js is vulnerable to two high severity issues and one Read more…
Security releases available Updates are now available for v16.x, v14.x, and v12.x Node.js release lines for the following issue. We normally like to give advance notice and provide releases in which the only changes are security fixes, but since this vulnerability was already public we felt it was more important Read more…
Summary The Node.js project will release new versions of all supported release lines on or shortly after Thursday, July 1st, 2021. One High severity issue, and three Medium severity issues Impact The 16.x release line of Node.js is vulnerable to two medium severity issues. The 14.x release line of Node.js Read more…
Summary The Node.js project will release new versions of all supported release lines on or shortly after Tuesday, April 6th, 2021. Three High severity issues Impact The 15.x release line of Node.js is vulnerable to two high severity issues. The 14.x release line of Node.js is vulnerable to three high Read more…
Summary The Node.js project will release new versions of all supported release lines on or shortly after Tuesday, February 23th, 2021. One Critical serverity issue One High serverity issue One Low serverity issue Impact The 15.x release line of Node.js is vulnerable to one critical severity issue, one high severity Read more…
(Update 12-June-2018) Security releases available Summary Updates are now available for all active Node.js release lines. These include the fix for the vulnerabilities identified in the initial announcement (below). We recommend that all users upgrade as soon as possible. Downloads & release details Node.js 10.4.1 (Current) Node.js 9.11.2 Node.js 8.11.3 Read more…
(Update 28-March-2018) Security releases available Summary Updates are now available for all active Node.js release lines. These include the fix for the vulnerabilities identified in the initial announcement (below). In addition to the vulnerabilities in the initial announcement, we have also included a fix for a vulnerability in the Node.js Read more…
Summary Project zero has recently announced some new attacks that have received a lot of attention: https://googleprojectzero.blogspot.ca/2018/01/reading-privileged-memory-with-side.html. The risk from these attacks to systems running Node.js resides in the systems in which your Node.js applications run, as opposed to the Node.js runtime itself. The trust model for Node.js assumes you Read more…
(Update 7-December-2017) Security releases available Summary Updates are now available for all active Node.js release lines. These include the fix for the vulnerability identified in the initial announcement. In addition the updates for 8.X and 9.X include a fix for a low severity buffer vulnerability as describe below. We recommend Read more…
