News from 2021
-
Node v16.13.0 (LTS)
This release marks the transition of Node.js 16.x into Long Term Support (LTS) with the codename 'Gallium'. The 16.x release line now moves into "Active LTS" and will remain so until October 2022. After that time, it will move into "Maintenance" until end of life in April 2024.
-
Node v17.0.1 (Current)
Fixed distribution for native addon builds
This release fixes an issue introduced in Node.js v17.0.0, where some V8 headers were missing from the distributed tarball, making it impossible to build native addons. These headers are now included. #40526
- Node v16.12.0 (Current)
-
Node v17.0.0 (Current)
Deprecations and Removals
- [
f182b9b29f] - (SEMVER-MAJOR) dns: runtime deprecate type coercion ofdns.lookupoptions (Antoine du Hamel) #39793 - [
4b030d0573] - doc: deprecate (doc-only) http abort related (dr-js) #36670 - [
36e2ffe6dc] - (SEMVER-MAJOR) module: subpath folder mappings EOL (Guy Bedford) #40121 - [
64287e4d45] - (SEMVER-MAJOR) module: runtime deprecate trailing slash patterns (Guy Bedford) #40117
- [
-
October 12th 2021 Security Releases
Updates are now available for the v16.x, v14.x, and v12.x Node.js release lines for the following issues.
The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at CVE-2021-22959 after publication.
-
Node v12.22.7 (LTS)
- CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
- The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at CVE-2021-22959 after publication.
- CVE-2021-22960: HTTP Request Smuggling when parsing the body (Medium)
- The parse ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. More details will be available at CVE-2021-22960 after publication.
- CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
-
Node v14.18.1 (LTS)
- CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
- The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at CVE-2021-22959 after publication.
- CVE-2021-22960: HTTP Request Smuggling when parsing the body (Medium)
- The parse ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. More details will be available at CVE-2021-22960 after publication.
- CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
-
Node v16.11.1 (Current)
- CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
- The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at CVE-2021-22959 after publication.
- CVE-2021-22960: HTTP Request Smuggling when parsing the body (Medium)
- The parse ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. More details will be available at CVE-2021-22960 after publication.
- CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
- Node v16.11.0 (Current)
-
Retiring the Node.js Community Committee
tl;dr: we're going to be retiring the Node.js Community Committee, moving our existing Initiatives to exist under the Node.js Technical Steering Committee (TSC).
From the Community Committee's side, we've seen a convergence of our initiatives' goals with the goals of the work that is generally under the TSC. Further, we've seen a decline in the number of people who can consistently dedicate the necessary amount of time/energy. As such, separation between the TSC and Community Committee has become more of a barrier to accomplishing our collective goals rather than the helpful and necessary construct it once was.
- Node v14.18.0 (LTS)
- Node v16.10.0 (Current)
- Node v16.9.1 (Current)
- Node v16.9.0 (Current)
- August 31 2021 Security Releases
- Node v14.17.6 (LTS)
- Node v12.22.6 (LTS)
- Node v16.8.0 (Current)
- Node v16.7.0 (Current)
- Node v16.6.2 (Current)
- Node v14.17.5 (LTS)
- Node v12.22.5 (LTS)
- August 2021 Security Releases
- Node v16.6.1 (Current)
- Node v16.6.0 (Current)
- Node v14.17.4 (LTS)
- Node v12.22.4 (LTS)
- July 2021 Security Releases
- Node v16.5.0 (Current)
- Node v16.4.2 (Current)
- Node v14.17.3 (LTS)
- Node v12.22.3 (LTS)
- July 2021 Security Releases
- Node v14.17.2 (LTS)
- Node v12.22.2 (LTS)
- Node v16.4.1 (Current)
- Node v16.4.0 (Current)
- Node v14.17.1 (LTS)
- Node v16.3.0 (Current)
- Node v16.2.0 (Current)
- Node v14.17.0 (LTS)
- Node v16.1.0 (Current)
- Node v16.0.0 (Current)
- April 2021 Security Releases
- Node v15.14.0 (Current)
- Node v14.16.1 (LTS)
- Node v12.22.1 (LTS)
- Node v10.24.1 (LTS)
- Node v15.13.0 (Current)
- Node v12.22.0 (LTS)
- Node v15.12.0 (Current)
- Node v15.11.0 (Current)
- February 2021 Security Releases
- Node v14.16.0 (LTS)
- Node v12.21.0 (LTS)
- Node v15.10.0 (Current)
- Node v10.24.0 (LTS)
- Node v15.9.0 (Current)
- Node v12.20.2 (LTS)
- Node v10.23.3 (LTS)
- Node v14.15.5 (LTS)
- Node v15.8.0 (Current)
- Node v10.23.2 (LTS)
- Node v15.7.0 (Current)
- Node v15.6.0 (Current)
- January 2021 Security Releases
- Node v12.20.1 (LTS)
- Node v10.23.1 (LTS)
- Node v14.15.4 (LTS)
- Node v15.5.1 (Current)