Notable changes Vulnerabilities fixed: CVE-2020-8265: use-after-free in TLSWrap (High) Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first Read more…
Notable Changes Vulnerabilities fixed: CVE-2020-1971: OpenSSL – EDIPARTYNAME NULL pointer de-reference (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20201208.txt CVE-2020-8265: use-after-free in TLSWrap (High) Affected Node.js versions Read more…
Notable changes This is a security release. Vulnerabilities fixed: CVE-2020-8265: use-after-free in TLSWrap (High) Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly Read more…
Notable changes This is a security release. Vulnerabilities fixed: CVE-2020-8265: use-after-free in TLSWrap (High) Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly Read more…
Notable Changes child_process: add ‘overlapped’ stdio flag (Thiago Padilha) #29412 support AbortSignal in fork (Benjamin Gruenbaum) #36603 crypto: implement basic secure heap support (James M Snell) #36779 fixup bug in keygen error handling (James M Snell) #36779 introduce X509Certificate API Read more…
Notable changes buffer: introduce Blob (James M Snell) #36811 add base64url encoding option (Filip Skokan) #36952 doc: add @iansu to collaborators (Ian Sutherland) #36951 add @RaisinTen to collaborators (Darshan Sen) #36998 add @miladfarca to collaborators (Milad Fa) #36934 fs: allow Read more…
Notable changes Release keys have been synchronized with the main branch. deps: upgrade npm to 6.14.11 (Darcy Clarke) #36838 Commits [ 1cc6b69557a ] – deps: upgrade npm to 6.14.11 (Darcy Clarke) #36838 [ 1aefb66528a ] – doc: update contact information Read more…
Notable Changes [ 1110063d694 ] – (SEMVER-MINOR) crypto: add generatePrime/checkPrime (James M Snell) #36997 [ 153a0bdff47 ] – (SEMVER-MINOR) crypto: experimental (Ed/X)25519/(Ed/X)448 support (James M Snell) #36879 [ 103460432af ] – deps: upgrade npm to 7.5.0 (Ruy Adorno) #37117 This Read more…
Path Validation Vulnerability (Updated 29-September-2017 – CVE assigned) The Node.js project released a new version of 8.x this week which incorporates a security fix. Impact Version 8.5.0 of Node.js is vulnerable. 4.x and 6.x versions are NOT vulnerable. Downloads Node.js Read more…
(Update 24-October-2017) Releases available Summary Updates are now available for all active Node.js release lines. These include the fix for the vulnerability identified in the initial announcement. We recommend that all users upgrade as soon as possible. Downloads Node.js v8 Read more…
