Vulnerability

Pre-release announce Summary The Node.js project will release new versions of the 14.x, 16.x, 18.x and 19.x releases lines on or shortly after, Tuesday February 14 2023 in order to address: 2 low severity issues. 2 medium severity issues. 1 high severity issues. OpenSSL security updates for which the highest Read more…

Summary The vulnerability in the OpenSSL Security Advisory of Dec 13 2022 do not affect any active Node.js release lines. Analysis Our assessment of the security advisory is: X.509 Policy Constraints Double Locking (CVE-2022-3996) Node.js doesn’t call OpenSSL as a separate process (so the possibility to use the 1-policy flag Read more…

Summary The Node.js project will release new versions of the 14.x, 16.x, 18.x, 19.x releases lines on or shortly after Thursday, November 3, 2022 in order to address: One medium severity issues. Two high severity issues that affect OpenSSL as per secadv/20221101.txt These security releases are driven by the OpenSSL Read more…