Pre-release announce

Summary

The Node.js project will release new versions of the 14.x, 16.x, 18.x and 19.x
releases lines on or shortly after, Tuesday February 14 2023 in order to address:

  • 2 low severity issues.
  • 2 medium severity issues.
  • 1 high severity issues.
  • OpenSSL security updates for which the highest vulnerability severity is high. You
    can read more about this update in the
    OpenSSL security advisory.

Impact

The 19.x release line of Node.js is vulnerable to 2 low severity issues, 2 medium severity issues and 1 high severity issue and the OpenSSL vulnerabilities.

The 18.x release line of Node.js is vulnerable to 2 low severity issues, 2 medium severity issues and 1 high severity issue and the OpenSSL vulnerabilities.

The 16.x release line of Node.js is vulnerable to 2 low severity issues, 2 medium severity issues, and 1 high severity issue and the OpenSSL vulnerabilities.

The 14.x release line of Node.js is vulnerable to 1 low severity issue, and 1 high severity issue and the OpenSSL vulnerabilities.

Release timing

Releases will be available on, or shortly after, Tuesday February 14 2023.

Contact and future updates

The current Node.js security policy can be found at https://nodejs.org/en/security/. Please follow the process outlined in https://github.com/nodejs/node/blob/master/SECURITY.md if you wish to report a vulnerability in Node.js.

Subscribe to the low-volume announcement-only nodejs-sec mailing list at https://groups.google.com/forum/#!forum/nodejs-sec to stay up to date on security vulnerabilities and security-related releases of Node.js and the projects maintained in the nodejs GitHub organization.

Categories: Vulnerability

0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *