Summary The vulnerabilities in the OpenSSL Security releases of Jun 21 2022 do not affect any active Node.js release lines. Analysis Our assessment of the security advisory is: The 1c_rehash script allows command injection (CVE-2022-2068) Node.js doesn’t use or ship the 1c_rehash script. Therefore, Node.js is not affected Contact and Read more…
Summary The OpenSSL Security releases of May 3 2022 affects Node.js 17.x and 18.x but highest serverity is “Low” Analysis Our assessment of the security advisory is: The 1c_rehash script allows command injection (CVE-2022-1292) Node.js doesn’t use or ship the 1c_rehash script. Therefore, Node.js is not affected 1OCSP_basic_verify may incorrectly Read more…
Summary The Node.js project may be releasing new versions across all of its supported release lines late next week to incorporate upstream patches from OpenSSL. Please read on for full details. OpenSSL The OpenSSL project announced this week that they will be releasing versions 3.0.2 and 1.1.1n on the 15th Read more…
Summary The Node.js project will release new versions of the 12.x, 14.x, 16.x, and 17.x releases lines on or shortly after Monday, January 10th, 2021 in order to address: Three medium severity issues One low severity issue Impact The 17.x release line of Node.js is vulnerable to three medium severity Read more…
Summary The Node.js project will release new versions of the 12.x, 14.x, and 16.x releases lines on or shortly after Tuesday October 12th, 2021 in order to address: Two medium severity issues Impact The 16.x release line of Node.js is vulnerable to two medium severity issues. The 14.x release line Read more…
Summary The Node.js project will release new versions of 12.x, and 14.x releases lines on or shortly after Tuesday August 31th, 2021 in order to address: Three high severity issues, and two moderate severity issues. Impact The 14.x release line of Node.js is vulnerable to three high severity issues, and Read more…
Summary The Node.js project will release new versions of all supported release lines on or shortly after Wednesday August 11th, 2021 in order to address: Two high severity issues and one low severity issue. Impact The 16.x release line of Node.js is vulnerable to two high severity issues and one Read more…
Security releases available Updates are now available for v16.x, v14.x, and v12.x Node.js release lines for the following issue. We normally like to give advance notice and provide releases in which the only changes are security fixes, but since this vulnerability was already public we felt it was more important Read more…
Summary The Node.js project will release new versions of all supported release lines on or shortly after Thursday, July 1st, 2021. One High severity issue, and three Medium severity issues Impact The 16.x release line of Node.js is vulnerable to two medium severity issues. The 14.x release line of Node.js Read more…
Summary The Node.js project will release new versions of all supported release lines on or shortly after Tuesday, April 6th, 2021. Three High severity issues Impact The 15.x release line of Node.js is vulnerable to two high severity issues. The 14.x release line of Node.js is vulnerable to three high Read more…
