News from 2020

• 22 Dec Node v15.5.0 (Current)

  OpenSSL-1.1.1i

  OpenSSL-1.1.1i contains a fix for CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High). This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20201208.txt

  Read more...

• 17 Dec Node v14.15.3 (LTS)

  Node.js v14.15.2 included a commit that has caused reported breakages when cloning request objects. This release reverts the commit that introduced the behaviour change. See https://github.com/nodejs/node/issues/36550 for more details.

  • [4264d9aa67] - Revert "http: lazy create IncomingMessage.headers" (Beth Griggs) #36553

  Read more...

• 15 Dec Node v14.15.2 (LTS)
  • deps:
    • upgrade npm to 6.14.9 (Myles Borins) #36450
    • update acorn to v8.0.4 (Michaël Zasso) #35791
  • doc: add release key for Danielle Adams (Danielle Adams) #35545
  • http2: check write not scheduled in scope destructor (David Halls) #36241
  • stream: fix regression on duplex end (Momtchil Momtchev) #35941

  Read more...

• 09 Dec Node v15.4.0 (Current)
  • child_processes:
    • add AbortSignal support (Benjamin Gruenbaum) #36308
  • deps:
    • update ICU to 68.1 (Michaël Zasso) #36187
  • events:
    • support signal in EventTarget (Benjamin Gruenbaum) #36258
    • graduate Event, EventTarget, AbortController (James M Snell) #35949
  • http:
    • enable call chaining with setHeader() (pooja d.p) #35924
  • module:
    • add isPreloading indicator (James M Snell) #36263
  • stream:
    • support abort signal (Benjamin Gruenbaum) #36061
    • add FileHandle support to Read/WriteStream (Momtchil Momtchev) #35922
  • worker:
    • add experimental BroadcastChannel (James M Snell) #36271

  Read more...

• 24 Nov Node v12.20.0 (LTS)
  • crypto:
    • update certdata to NSS 3.56 (Shelley Vohr) https://github.com/nodejs/node/pull/35546
  • deps:
    • update llhttp to 2.1.3 (Fedor Indutny) https://github.com/nodejs/node/pull/35435
    • (SEMVER-MINOR) upgrade to libuv 1.40.0 (Colin Ihrig) https://github.com/nodejs/node/pull/35333
  • doc:
    • add aduh95 to collaborators (Antoine du Hamel) https://github.com/nodejs/node/pull/35542
  • fs:
    • (SEMVER-MINOR) add .ref() and .unref() methods to watcher classes (rickyes) https://github.com/nodejs/node/pull/33134
  • http:
    • (SEMVER-MINOR) added scheduling option to http agent (delvedor) https://github.com/nodejs/node/pull/33278
  • module:
    • (SEMVER-MINOR) exports pattern support (Guy Bedford) https://github.com/nodejs/node/pull/34718
    • (SEMVER-MINOR) named exports for CJS via static analysis (Guy Bedford) https://github.com/nodejs/node/pull/35249
  • n-api:
    • (SEMVER-MINOR) add more property defaults (Gerhard Stoebich) https://github.com/nodejs/node/pull/35214
  • src:
    • (SEMVER-MINOR) move node_contextify to modern THROW_ERR_* (James M Snell) https://github.com/nodejs/node/pull/35470
    • (SEMVER-MINOR) move node_process to modern THROW_ERR* (James M Snell) https://github.com/nodejs/node/pull/35472
    • (SEMVER-MINOR) expose v8::Isolate setup callbacks (Shelley Vohr) https://github.com/nodejs/node/pull/35512

  Read more...

• 24 Nov Node v15.3.0 (Current)
  • [6349b1d673] - (SEMVER-MINOR) dns: add a cancel() method to the promise Resolver (Szymon Marczak) #33099
  • [9ce9b016e6] - (SEMVER-MINOR) events: add max listener warning for EventTarget (James M Snell) #36001
  • [8390f8a86b] - (SEMVER-MINOR) http: add support for abortsignal to http.request (Benjamin Gruenbaum) #36048
  • [9c6be3cc90] - (SEMVER-MINOR) http2: allow setting the local window size of a session (Yongsheng Zhang) #35978
  • [15ff155c12] - (SEMVER-MINOR) lib: add throws option to fs.f/l/statSync (Andrew Casey) #33716
  • [85c85d368a] - (SEMVER-MINOR) path: add path/posix and path/win32 alias modules (ExE Boss) #34962
  • [d1baae3640] - (SEMVER-MINOR) readline: add getPrompt to get the current prompt (Mattias Runge-Broberg) #33675
  • [5729478509] - (SEMVER-MINOR) src: add loop idle time in diagnostic report (Gireesh Punathil) #35940
  • [baa87c1a7d] - (SEMVER-MINOR) util: add util/types alias module (ExE Boss) #34055

  Read more...

• 16 Nov Node v12.19.1 (LTS)

  This is a security release.

  Vulnerabilities fixed:

  • CVE-2020-8277: Denial of Service through DNS request (High). A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service by getting the application to resolve a DNS record with a larger number of responses.

  Read more...

• 16 Nov Node v14.15.1 (LTS)

  This is a security release.

  Vulnerabilities fixed:

  • CVE-2020-8277: Denial of Service through DNS request (High). A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service by getting the application to resolve a DNS record with a larger number of responses.

  Read more...

• 16 Nov Node v15.2.1 (Current)

  This is a security release.

  Vulnerabilities fixed:

  • CVE-2020-8277: Denial of Service through DNS request (High). A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of service by getting the application to resolve a DNS record with a larger number of responses.

  Read more...

• 16 Nov November 2020 Security Releases

  Updates are now available for v12.x, v14.x and v15.x Node.js release lines for the following issues.

  A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of service by getting the application to resolve a DNS record with a larger number of responses.

  Read more...

• 10 Nov Node v15.2.0 (Current)
• 04 Nov Node v15.1.0 (Current)
• 27 Oct Node v14.15.0 (LTS)
• 27 Oct Node v10.23.0 (LTS)
• 21 Oct Node v15.0.1 (Current)
• 20 Oct Node v15.0.0 (Current)
• 16 Oct Node v14.14.0 (Current)
• 07 Oct Node v14.13.1 (Current)
• 06 Oct Node v12.19.0 (LTS)
• 29 Sep Node v14.13.0 (Current)
• 22 Sep Node v14.12.0 (Current)
• 15 Sep September 2020 Security Releases
• 15 Sep Node v12.18.4 (LTS)
• 15 Sep Node v14.11.0 (Current)
• 15 Sep Node v10.22.1 (LTS)
• 10 Sep Node v14.10.1 (Current)
• 08 Sep Node v14.10.0 (Current)
• 27 Aug Node v14.9.0 (Current)
• 11 Aug Node v14.8.0 (Current)
• 29 Jul Node v14.7.0 (Current)
• 22 Jul Node v12.18.3 (LTS)
• 21 Jul Node v14.6.0 (Current)
• 21 Jul Node v10.22.0 (LTS)
• 30 Jun Node v14.5.0 (Current)
• 30 Jun Node v12.18.2 (LTS)
• 17 Jun Node v12.18.1 (LTS)
• 02 Jun Node v10.21.0 (LTS)
• 02 Jun Node v12.18.0 (LTS)
• 02 Jun Node v14.4.0 (Current)
• 02 Jun June 2020 Security Releases
• 26 May Node v12.17.0 (LTS)
• 19 May Node v14.3.0 (Current)
• 05 May Node v14.2.0 (Current)
• 30 Apr Node v13.14.0 (Current)
• 29 Apr Node v14.1.0 (Current)
• 28 Apr Node v12.16.3 (LTS)
• 22 Apr Node v14.0.0 (Current)
• 21 Apr OpenSSL security releases do not require Node.js security releases
• 14 Apr Node v13.13.0 (Current)
• 12 Apr Node v10.20.1 (LTS)
• 08 Apr Node v12.16.2 (LTS)
• 08 Apr Node v10.20.0 (LTS)
• 03 Apr Changes to Release Schedule
• 26 Mar Node v13.12.0 (Current)
• 12 Mar Node v13.11.0 (Current)
• 05 Mar Node v13.10.1 (Current)
• 04 Mar Node v13.10.0 (Current)
• 18 Feb Node v13.9.0 (Current)
• 18 Feb Node v12.16.1 (LTS)
• 11 Feb Node v12.16.0 (LTS)
• 06 Feb February 2020 Security Releases
• 06 Feb Node v13.8.0 (Current)
• 06 Feb Node v12.15.0 (LTS)
• 06 Feb Node v10.19.0 (LTS)
• 21 Jan Node v13.7.0 (Current)
• 09 Jan Node v10.18.1 (LTS)
• 07 Jan Node v13.6.0 (Current)
• 07 Jan Node v12.14.1 (LTS)