Summary The Node.js project will release new versions of the 14.x, 16.x, 18.x, 19.x releases lines on or shortly after Thursday, November 3, 2022 in order to address: One medium severity issues. Two high severity issues that affect OpenSSL as per secadv/20221101.txt These security releases are driven by the OpenSSL Read more…
Summary The Node.js project may be releasing new versions across all of its supported release lines in the first week of November to incorporate upstream patches from OpenSSL. Please read on for full details. OpenSSL The OpenSSL project announced will release OpenSSL 3.0.7 on the 1th of November 2022 between Read more…
Summary The vulnerability in the OpenSSL Security release of Oct 11 2022 does not affect any active Node.js release lines, as well as the zlib vulnerability (CVE-2022-37434) patched on the zlib Security release of Oct 13 2022, does not affect Node.js. Analysis OpenSSL Our assessment of the security advisory is: Read more…
Summary The Node.js project will release new versions of the 14.x, 16.x, and 18.x releases lines on or shortly after Thursday, September 22nd, 2022 in order to address: Three medium severity issues. One high severity issues. Impact The 18.x release line of Node.js is vulnerable to four medium severity issues Read more…
Summary The Node.js project will release new versions of the 14.x, 16.x, and 18.x releases lines on or shortly after Tuesday, July 5th, 2022 in order to address: Three medium severity issues. Two high severity issues. Impact The 18.x release line of Node.js is vulnerable to three medium severity issues Read more…
Summary The vulnerabilities in the OpenSSL Security releases of Jun 21 2022 do not affect any active Node.js release lines. Analysis Our assessment of the security advisory is: The 1c_rehash script allows command injection (CVE-2022-2068) Node.js doesn’t use or ship the 1c_rehash script. Therefore, Node.js is not affected Contact and Read more…
Summary The OpenSSL Security releases of May 3 2022 affects Node.js 17.x and 18.x but highest serverity is “Low” Analysis Our assessment of the security advisory is: The 1c_rehash script allows command injection (CVE-2022-1292) Node.js doesn’t use or ship the 1c_rehash script. Therefore, Node.js is not affected 1OCSP_basic_verify may incorrectly Read more…
Summary The Node.js project may be releasing new versions across all of its supported release lines late next week to incorporate upstream patches from OpenSSL. Please read on for full details. OpenSSL The OpenSSL project announced this week that they will be releasing versions 3.0.2 and 1.1.1n on the 15th Read more…
Summary The Node.js project will release new versions of the 12.x, 14.x, 16.x, and 17.x releases lines on or shortly after Monday, January 10th, 2021 in order to address: Three medium severity issues One low severity issue Impact The 17.x release line of Node.js is vulnerable to three medium severity Read more…
Summary The Node.js project will release new versions of the 12.x, 14.x, and 16.x releases lines on or shortly after Tuesday October 12th, 2021 in order to address: Two medium severity issues Impact The 16.x release line of Node.js is vulnerable to two medium severity issues. The 14.x release line Read more…
