News from 2020
-
Node v13.9.0 (Current)
- async_hooks
- add executionAsyncResource (Matteo Collina) #30959
- crypto
- test
- skip keygen tests on arm systems (Tobias Nießen) #31178
- perf_hooks
- add property flags to GCPerformanceEntry (Kirill Fomichev) #29547
- process
- report ArrayBuffer memory in
memoryUsage()(Anna Henningsen) #31550
- report ArrayBuffer memory in
- readline
- make tab size configurable (Ruben Bridgewater) #31318
- report
- add support for Workers (Anna Henningsen) #31386
- worker
- add ability to take heap snapshot from parent thread (Anna Henningsen) #31569
- added new collaborators
- add ronag to collaborators (Robert Nagy) #31498
- async_hooks
-
Node v12.16.1 (LTS)
Node.js 12.16.0 included 6 regressions that are being fixed in this release
Accidental Unflagging of Self Resolving Modules:
12.16.0 included a large update to the ESM implementation. One of the new features, Self Referential Modules, was accidentally released without requiring the
--experimental-modulesflag. This release is being made to appropriately flag the feature. - Node v12.16.0 (LTS)
-
February 2020 Security Releases
Updates are now available for all active Node.js release lines for the following issues.
Affected Node.js versions can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system.
-
Node v13.8.0 (Current)
This is a security release.
Vulnerabilities fixed:
- CVE-2019-15606: HTTP header values do not have trailing OWS trimmed.
- CVE-2019-15605: HTTP request smuggling using malformed Transfer-Encoding header.
- CVE-2019-15604: Remotely trigger an assertion on a TLS server with a malformed certificate string.
-
Node v12.15.0 (LTS)
This is a security release.
Vulnerabilities fixed:
- CVE-2019-15606: HTTP header values do not have trailing OWS trimmed.
- CVE-2019-15605: HTTP request smuggling using malformed Transfer-Encoding header.
- CVE-2019-15604: Remotely trigger an assertion on a TLS server with a malformed certificate string.
-
Node v10.19.0 (LTS)
This is a security release.
Vulnerabilities fixed:
- CVE-2019-15606: HTTP header values do not have trailing OWS trimmed.
- CVE-2019-15605: HTTP request smuggling using malformed Transfer-Encoding header.
- CVE-2019-15604: Remotely trigger an assertion on a TLS server with a malformed certificate string.
-
Node v13.7.0 (Current)
- deps:
- module
- process:
- allow monitoring uncaughtException (Gerhard Stoebich) #31257
- Added new collaborators:
- GeoffreyBooth - Geoffrey Booth. #31306
- Node v10.18.1 (LTS)
-
Node v13.6.0 (Current)
- assert:
- Implement
assert.match()andassert.doesNotMatch()(Ruben Bridgewater) #30929
- Implement
- events:
- fs:
- Allow overriding
fsfor streams (Robert Nagy) #29083
- Allow overriding
- perf_hooks:
- Move
perf_hooksout of experimental (legendecas) #31101
- Move
- repl:
- Implement ZSH-like reverse-i-search (Ruben Bridgewater) #31006
- tls:
- Add PSK (pre-shared key) support (Denys Otrishko) #23188
- assert:
- Node v12.14.1 (LTS)