News from 2020

• 29 Jul Node v14.7.0 (Current)
  • deps:
    • upgrade npm to 6.14.7 (claudiahdz) #34468
  • dgram:
    • (SEMVER-MINOR) add IPv6 scope id suffix to received udp6 dgrams (Pekka Nikander) #14500
  • src:
    • (SEMVER-MINOR) allow preventing SetPromiseRejectCallback (Shelley Vohr) #34387
    • (SEMVER-MINOR) allow setting a dir for all diagnostic output (AshCripps) #33584
  • worker:
    • (SEMVER-MINOR) make MessagePort inherit from EventTarget (Anna Henningsen) #34057
  • zlib:
    • switch to lazy init for zlib streams (Andrey Pechkurov) #34048
  • New Collaborators:
    • add rexagod to collaborators (Pranshu Srivastava) #34457
    • add AshCripps to collaborators (AshCripps) #34494
    • add HarshithaKP to collaborators (Harshitha K P) #34417
    • add release key for Richard Lau (Richard Lau) #34397

  Read more...

• 22 Jul Node v12.18.3 (LTS)
  • deps:
    • upgrade npm to 6.14.6 (claudiahdz) #34246
    • update node-inspect to v2.0.0 (Jan Krems) #33447
    • uvwasi: cherry-pick 9e75217 (Colin Ihrig) #33521

  Read more...

• 21 Jul Node v14.6.0 (Current)
  • deps:
    • upgrade to libuv 1.38.1 (Colin Ihrig) #34187
    • upgrade npm to 6.14.6 (claudiahdz) #34246
    • (SEMVER-MINOR) update V8 to 8.4.371.19 (Michaël Zasso) #33579
  • module:
    • (SEMVER-MINOR) doc only deprecation of module.parent (Antoine du HAMEL) #32217
    • (SEMVER-MINOR) package "imports" field (Guy Bedford) #34117
  • src:
    • (SEMVER-MINOR) allow embedders to disable esm loader (Shelley Vohr) #34060
  • tls:
    • (SEMVER-MINOR) make 'createSecureContext' honor more options (Mateusz Krawczuk) #33974
  • vm:
    • (SEMVER-MINOR) add run-after-evaluate microtask mode (Anna Henningsen) #34023
  • worker:
    • (SEMVER-MINOR) add option to track unmanaged file descriptors (Anna Henningsen) #34303
  • New Collaborators:
    • add danielleadams to collaborators (Danielle Adams) #34360
    • add ruyadorno to collaborators (Ruy Adorno) #34297
    • add sxa as collaborator (Stewart X Addison) #34338

  Read more...

• 21 Jul Node v10.22.0 (LTS)

  This release was prepared by Richard Lau (@richardlau) and promoted by Beth Griggs (@BethGriggs).

  • deps:
    • upgrade npm to 6.14.6 (claudiahdz) #34246
    • upgrade openssl sources to 1.1.1g (Hassaan Pasha) #32982
  • n-api:
    • add napi_detach_arraybuffer (legendecas) #29768

  Read more...

• 30 Jun Node v14.5.0 (Current)

  V8 engine is updated to version 8.3

  This version includes performance improvements and now allows WebAssembly modules to request memories up to 4GB in size.

  Read more...

• 30 Jun Node v12.18.2 (LTS)
  • deps: V8: backport fb26d0bb1835 (Matheus Marchini) #33573
    • Fixes memory leak in PrototypeUsers::Add
  • src: use symbol to store AsyncWrap resource (Anna Henningsen) #31745
    • Fixes reported memory leak in #33468

  Read more...

• 17 Jun Node v12.18.1 (LTS)
  • deps:
    • V8: cherry-pick 548f6c81d424 (Dominykas Blyžė) #33484
    • update to uvwasi 0.0.9 (Colin Ihrig) #33445
    • upgrade to libuv 1.38.0 (Colin Ihrig) #33446
    • upgrade npm to 6.14.5 (Ruy Adorno) #33239

  Read more...

• 02 Jun Node v10.21.0 (LTS)

  This is a security release.

  Vulnerabilities fixed:

  • CVE-2020-8174: napi_get_value_string_*() allows various kinds of memory corruption (High).
  • CVE-2020-10531: ICU-20958 Prevent SEGV_MAPERR in append (High).
  • CVE-2020-11080: HTTP/2 Large Settings Frame DoS (Low).

  Read more...

• 02 Jun Node v12.18.0 (LTS)

  This is a security release.

  Vulnerabilities fixed:

  • CVE-2020-8172: TLS session reuse can lead to host certificate verification bypass (High).
  • CVE-2020-11080: HTTP/2 Large Settings Frame DoS (Low).
  • CVE-2020-8174: napi_get_value_string_*() allows various kinds of memory corruption (High).

  Read more...

• 02 Jun Node v14.4.0 (Current)

  This is a security release.

  Vulnerabilities fixed:

  • CVE-2020-8172: TLS session reuse can lead to host certificate verification bypass (High).
  • CVE-2020-11080: HTTP/2 Large Settings Frame DoS (Low).
  • CVE-2020-8174: napi_get_value_string_*() allows various kinds of memory corruption (High).

  Read more...

• 02 Jun June 2020 Security Releases
• 26 May Node v12.17.0 (LTS)
• 19 May Node v14.3.0 (Current)
• 05 May Node v14.2.0 (Current)
• 30 Apr Node v13.14.0 (Current)
• 29 Apr Node v14.1.0 (Current)
• 28 Apr Node v12.16.3 (LTS)
• 22 Apr Node v14.0.0 (Current)
• 21 Apr OpenSSL security releases do not require Node.js security releases
• 14 Apr Node v13.13.0 (Current)
• 12 Apr Node v10.20.1 (LTS)
• 08 Apr Node v12.16.2 (LTS)
• 08 Apr Node v10.20.0 (LTS)
• 03 Apr Changes to Release Schedule
• 26 Mar Node v13.12.0 (Current)
• 12 Mar Node v13.11.0 (Current)
• 05 Mar Node v13.10.1 (Current)
• 04 Mar Node v13.10.0 (Current)
• 18 Feb Node v13.9.0 (Current)
• 18 Feb Node v12.16.1 (LTS)
• 11 Feb Node v12.16.0 (LTS)
• 06 Feb February 2020 Security Releases
• 06 Feb Node v13.8.0 (Current)
• 06 Feb Node v12.15.0 (LTS)
• 06 Feb Node v10.19.0 (LTS)
• 21 Jan Node v13.7.0 (Current)
• 09 Jan Node v10.18.1 (LTS)
• 07 Jan Node v13.6.0 (Current)
• 07 Jan Node v12.14.1 (LTS)