News from 2020
-
Node v15.5.0 (Current)
OpenSSL-1.1.1i
OpenSSL-1.1.1i contains a fix for CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High). This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20201208.txt
-
Node v14.15.3 (LTS)
Node.js v14.15.2 included a commit that has caused reported breakages when cloning request objects. This release reverts the commit that introduced the behaviour change. See https://github.com/nodejs/node/issues/36550 for more details.
- [
4264d9aa67
] - Revert "http: lazy create IncomingMessage.headers" (Beth Griggs) #36553
- [
- Node v14.15.2 (LTS)
-
Node v15.4.0 (Current)
- child_processes:
- add AbortSignal support (Benjamin Gruenbaum) #36308
- deps:
- update ICU to 68.1 (Michaël Zasso) #36187
- events:
- http:
- enable call chaining with setHeader() (pooja d.p) #35924
- module:
- add isPreloading indicator (James M Snell) #36263
- stream:
- worker:
- add experimental BroadcastChannel (James M Snell) #36271
- child_processes:
-
Node v12.20.0 (LTS)
- crypto:
- update certdata to NSS 3.56 (Shelley Vohr) https://github.com/nodejs/node/pull/35546
- deps:
- update llhttp to 2.1.3 (Fedor Indutny) https://github.com/nodejs/node/pull/35435
- (SEMVER-MINOR) upgrade to libuv 1.40.0 (Colin Ihrig) https://github.com/nodejs/node/pull/35333
- doc:
- add aduh95 to collaborators (Antoine du Hamel) https://github.com/nodejs/node/pull/35542
- fs:
- (SEMVER-MINOR) add .ref() and .unref() methods to watcher classes (rickyes) https://github.com/nodejs/node/pull/33134
- http:
- (SEMVER-MINOR) added scheduling option to http agent (delvedor) https://github.com/nodejs/node/pull/33278
- module:
- (SEMVER-MINOR) exports pattern support (Guy Bedford) https://github.com/nodejs/node/pull/34718
- (SEMVER-MINOR) named exports for CJS via static analysis (Guy Bedford) https://github.com/nodejs/node/pull/35249
- n-api:
- (SEMVER-MINOR) add more property defaults (Gerhard Stoebich) https://github.com/nodejs/node/pull/35214
- src:
- (SEMVER-MINOR) move node_contextify to modern THROW_ERR_* (James M Snell) https://github.com/nodejs/node/pull/35470
- (SEMVER-MINOR) move node_process to modern THROW_ERR* (James M Snell) https://github.com/nodejs/node/pull/35472
- (SEMVER-MINOR) expose v8::Isolate setup callbacks (Shelley Vohr) https://github.com/nodejs/node/pull/35512
- crypto:
-
Node v15.3.0 (Current)
- [
6349b1d673
] - (SEMVER-MINOR) dns: add a cancel() method to the promise Resolver (Szymon Marczak) #33099 - [
9ce9b016e6
] - (SEMVER-MINOR) events: add max listener warning for EventTarget (James M Snell) #36001 - [
8390f8a86b
] - (SEMVER-MINOR) http: add support for abortsignal to http.request (Benjamin Gruenbaum) #36048 - [
9c6be3cc90
] - (SEMVER-MINOR) http2: allow setting the local window size of a session (Yongsheng Zhang) #35978 - [
15ff155c12
] - (SEMVER-MINOR) lib: add throws option to fs.f/l/statSync (Andrew Casey) #33716 - [
85c85d368a
] - (SEMVER-MINOR) path: addpath/posix
andpath/win32
alias modules (ExE Boss) #34962 - [
d1baae3640
] - (SEMVER-MINOR) readline: add getPrompt to get the current prompt (Mattias Runge-Broberg) #33675 - [
5729478509
] - (SEMVER-MINOR) src: add loop idle time in diagnostic report (Gireesh Punathil) #35940 - [
baa87c1a7d
] - (SEMVER-MINOR) util: addutil/types
alias module (ExE Boss) #34055
- [
-
Node v12.19.1 (LTS)
This is a security release.
Vulnerabilities fixed:
- CVE-2020-8277: Denial of Service through DNS request (High). A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service by getting the application to resolve a DNS record with a larger number of responses.
-
Node v14.15.1 (LTS)
This is a security release.
Vulnerabilities fixed:
- CVE-2020-8277: Denial of Service through DNS request (High). A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service by getting the application to resolve a DNS record with a larger number of responses.
-
Node v15.2.1 (Current)
This is a security release.
Vulnerabilities fixed:
- CVE-2020-8277: Denial of Service through DNS request (High). A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of service by getting the application to resolve a DNS record with a larger number of responses.
-
November 2020 Security Releases
Updates are now available for v12.x, v14.x and v15.x Node.js release lines for the following issues.
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of service by getting the application to resolve a DNS record with a larger number of responses.
- Node v15.2.0 (Current)
- Node v15.1.0 (Current)
- Node v14.15.0 (LTS)
- Node v10.23.0 (LTS)
- Node v15.0.1 (Current)
- Node v15.0.0 (Current)
- Node v14.14.0 (Current)
- Node v14.13.1 (Current)
- Node v12.19.0 (LTS)
- Node v14.13.0 (Current)
- Node v14.12.0 (Current)
- September 2020 Security Releases
- Node v12.18.4 (LTS)
- Node v14.11.0 (Current)
- Node v10.22.1 (LTS)
- Node v14.10.1 (Current)
- Node v14.10.0 (Current)
- Node v14.9.0 (Current)
- Node v14.8.0 (Current)
- Node v14.7.0 (Current)
- Node v12.18.3 (LTS)
- Node v14.6.0 (Current)
- Node v10.22.0 (LTS)
- Node v14.5.0 (Current)
- Node v12.18.2 (LTS)
- Node v12.18.1 (LTS)
- Node v10.21.0 (LTS)
- Node v12.18.0 (LTS)
- Node v14.4.0 (Current)
- June 2020 Security Releases
- Node v12.17.0 (LTS)
- Node v14.3.0 (Current)
- Node v14.2.0 (Current)
- Node v13.14.0 (Current)
- Node v14.1.0 (Current)
- Node v12.16.3 (LTS)
- Node v14.0.0 (Current)
- OpenSSL security releases do not require Node.js security releases
- Node v13.13.0 (Current)
- Node v10.20.1 (LTS)
- Node v12.16.2 (LTS)
- Node v10.20.0 (LTS)
- Changes to Release Schedule
- Node v13.12.0 (Current)
- Node v13.11.0 (Current)
- Node v13.10.1 (Current)
- Node v13.10.0 (Current)
- Node v13.9.0 (Current)
- Node v12.16.1 (LTS)
- Node v12.16.0 (LTS)
- February 2020 Security Releases
- Node v13.8.0 (Current)
- Node v12.15.0 (LTS)
- Node v10.19.0 (LTS)
- Node v13.7.0 (Current)
- Node v10.18.1 (LTS)
- Node v13.6.0 (Current)
- Node v12.14.1 (LTS)