Node v14.17.2 (LTS)
Notable ChangesVulnerabilities fixed: CVE-2021-22918: libuv upgrade - Out of bounds read (Medium) Node.js is vulnerable to out-of-bounds read in libuv's uv__idna_toascii() function which is used to...
View ArticleNode v12.22.3 (LTS)
Notable ChangesNode.js 12.22.2 introduced a regression in the Windows installer on non-English locales that is being fixed in this release. There is no need to download this release if you are not...
View ArticleNode v14.17.3 (LTS)
Notable ChangesNode.js 14.17.2 introduced a regression in the Windows installer on non-English locales that is being fixed in this release. There is no need to download this release if you are not...
View ArticleNode v16.4.2 (Current)
Notable ChangesNode.js 16.4.1 introduced a regression in the Windows installer on non-English locales that is being fixed in this release. There is no need to download this release if you are not using...
View ArticleNode v16.5.0 (Current)
Notable ChangesExperimental Web Streams APINode.js now exposes an experimental implementation of the Web Streams API. While it is experimental, the API is not exposed on the global object and is only...
View ArticleJuly 2021 Security Releases
Security releases availableUpdates are now available for v16.x, v14.x, and v12.x Node.js release lines for the following issue. We normally like to give advance notice and provide releases in which the...
View ArticleNode v12.22.4 (LTS)
Notable Changes CVE-2021-22930: Use after free on close http2 on stream canceling (High) Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory...
View ArticleNode v14.17.4 (LTS)
Notable Changes CVE-2021-22930: Use after free on close http2 on stream canceling (High) Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory...
View ArticleNode v16.6.0 (Current)
Notable ChangesSay hello to V8 9.2The V8 engine is updated to version 9.2.230.21. It notably introduces the new Array.prototype.at method: const array = [1, 2, 3]; console.log(array.at(-1)); // Prints:...
View ArticleNode v16.6.1 (Current)
Notable Changes Updated npm to 7.20.3 (npm team) #39579 Reverted an ABI-breaking change from V8 9.2 that could impact some native modules (Michaël Zasso) #39624 Fixed a bug in error handling known to...
View ArticleAugust 2021 Security Releases
SummaryThe Node.js project will release new versions of all supported release lines on or shortly after Wednesday August 11th, 2021 in order to address: Two high severity issues and one low severity...
View ArticleNode v12.22.5 (LTS)
Notable Changes CVE-2021-3672/CVE-2021-22931: Improper handling of untypical characters in domain names (High) Node.js was vulnerable to Remote Code Execution, XSS, application crashes due to missing...
View ArticleNode v14.17.5 (LTS)
Notable Changes CVE-2021-3672/CVE-2021-22931: Improper handling of untypical characters in domain names (High) Node.js was vulnerable to Remote Code Execution, XSS, application crashes due to missing...
View ArticleNode v16.6.2 (Current)
Notable Changes CVE-2021-3672/CVE-2021-22931: Improper handling of untypical characters in domain names (High) Node.js was vulnerable to Remote Code Execution, XSS, application crashes due to missing...
View ArticleNode v16.7.0 (Current)
Notable Changes fs: experimental: add recursive cp method (Benjamin Coe) #39372 Commits [a80c989306] - async_hooks: merge resource_symbol with owner_symbol (Darshan Sen) #38468 [69a2a6b6c3] -...
View ArticleNode v16.8.0 (Current)
Notable Changes [2e90b10f35] - doc: deprecate type coercion for dns.lookup options (Antoine du Hamel) #38906 [a6d50a18a0] - (SEMVER-MINOR) stream: add stream.Duplex.from utility (Robert Nagy) #39519...
View ArticleAugust 31 2021 Security Releases
SummaryThe Node.js project will release new versions of 12.x, and 14.x releases lines on or shortly after Tuesday August 31th, 2021 in order to address: Three high severity issues, and two moderate...
View ArticleNode v12.22.6 (LTS)
Notable ChangesThese are vulnerabilities in the node-tar, arborist, and npm cli modules which are related to the initial reports and subsequent remediation of node-tar vulnerabilities CVE-2021-32803...
View ArticleNode v14.17.6 (LTS)
Notable ChangesThese are vulnerabilities in the node-tar, arborist, and npm cli modules which are related to the initial reports and subsequent remediation of node-tar vulnerabilities CVE-2021-32803...
View ArticleNode v16.9.0 (Current)
Notable ChangesCorepackNode.js now includes Corepack, a script that acts as a bridge between Node.js projects and the package managers they are intended to be used with during development. In practical...
View Article