(Update 8-Nov-2017) Node.js Releases Releases were made available for active lines yesterday, each including the OpenSSL 1.0.2m update. As we have not categorized these strictly as security releases they also contain other minor fixes and additions as per our regular Read more…
(Update 7-December-2017) Security releases available Summary Updates are now available for all active Node.js release lines. These include the fix for the vulnerability identified in the initial announcement. In addition the updates for 8.X and 9.X include a fix for Read more…
Summary Project zero has recently announced some new attacks that have received a lot of attention: https://googleprojectzero.blogspot.ca/2018/01/reading-privileged-memory-with-side.html. The risk from these attacks to systems running Node.js resides in the systems in which your Node.js applications run, as opposed to the Read more…
(Update 28-March-2018) Security releases available Summary Updates are now available for all active Node.js release lines. These include the fix for the vulnerabilities identified in the initial announcement (below). In addition to the vulnerabilities in the initial announcement, we have Read more…
(Update 12-June-2018) Security releases available Summary Updates are now available for all active Node.js release lines. These include the fix for the vulnerabilities identified in the initial announcement (below). We recommend that all users upgrade as soon as possible. Downloads Read more…
(Update 16-August-2018) Security releases available Summary Updates are now available for all active Node.js release lines. These include upgrades for OpenSSL and fixes for the vulnerabilities identified in the initial announcement (below). We recommend that all users upgrade as soon Read more…
(Update 27-November-2018) Security releases available Summary Updates are now available for all active Node.js release lines. These include fixes for the vulnerabilities identified in the initial announcement (below). They also include upgrades of Node.js 6 and 8 to OpenSSL 1.0.2q, Read more…
(Update 28-February-2018) Security releases available Summary Updates are now available for all active Node.js release lines. In addition to fixes for security flaws in Node.js, they also include upgrades of Node.js 6 and 8 to OpenSSL 1.0.2r which contains a Read more…
Node.js, as well as many other implementations of HTTP/2, have been found vulnerable to Denial of Service attacks. See https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md for more information. Updates are now available for all active Node.js release lines, including Linux ARMv6 builds for Node.js 8.x Read more…
Summary The Node.js project may be releasing new versions across all of its supported release lines early next week to incorporate upstream patches from OpenSSL. Please read on for full details. OpenSSL The OpenSSL project announced this week that they Read more…
