Node.js

News from 2020

22 Sep Node v14.12.0 (Current)
- deps:
  - update to uvwasi 0.0.11 (Colin Ihrig) #35104
- n-api:
  - create N-API version 7 (Gabriel Schulhof) #35199
  - add more property defaults (Gerhard Stoebich) #35214
Read more...
15 Sep September 2020 Security Releases

Updates are now available for v10,x, v12.x and v14.x Node.js release lines for the following issues.
Affected Node.js versions converted carriage returns in HTTP request headers to a hyphen before parsing. This can lead to HTTP Request Smuggling as it is a non-standard interpretation of the header.
Read more...
15 Sep Node v12.18.4 (LTS)
This is a security release.
Vulnerabilities fixed:
- CVE-2020-8201: HTTP Request Smuggling due to CR-to-Hyphen conversion (High).
- CVE-2020-8252: fs.realpath.native on may cause buffer overflow (Medium).
- [2ea6d255f8] - deps: libuv: cherry-pick 0e6e8620 (cjihrig) nodejs-private/node-private#221
- [65415049af] - deps: update llhttp to 2.1.2 (Fedor Indutny) nodejs-private/node-private#219
- [edad52e243] - test: modify tests to support the latest llhttp (Fedor Indutny) nodejs-private/node-private#219
Read more...
15 Sep Node v14.11.0 (Current)
This is a security release.
Vulnerabilities fixed:
- CVE-2020-8251: Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests (Critical).
- CVE-2020-8201: HTTP Request Smuggling due to CR-to-Hyphen conversion (High).
Read more...
15 Sep Node v10.22.1 (LTS)
This is a security release.
Vulnerabilities fixed:
- CVE-2020-8252: fs.realpath.native on may cause buffer overflow (Medium).
- [57badcf93e] - deps: libuv: cherry-pick 0e6e8620 (Colin Ihrig) libuv/libuv#2966
Read more...
10 Sep Node v14.10.1 (Current)
Node.js 14.10.0 included a streams regression with async generators and a docs rendering regression that are being fixed in this release.
- [3c92f93b44] - doc: restore color for visited links (Rich Trott) #35108
- [0f94c6b4e4] - Revert "stream: simpler and faster Readable async iterator" (Richard Lau)
Read more...
08 Sep Node v14.10.0 (Current)
- [2ab33c58ae] - (SEMVER-MINOR) buffer: also alias BigUInt methods (Anna Henningsen) #34960
- [44d89a9faa] - (SEMVER-MINOR) crypto: add randomInt function (Oli Lalonde) #34600
- [8aac42caf2] - (SEMVER-MINOR) perf_hooks: add idleTime and event loop util (Trevor Norris) #34938
- [4bb40078da] - (SEMVER-MINOR) stream: simpler and faster Readable async iterator (Robert Nagy) #34035
- [ffae5f3809] - (SEMVER-MINOR) stream: save error in state (Robert Nagy) #34103
Read more...
27 Aug Node v14.9.0 (Current)
- build: set --v8-enable-object-print by default (Mary Marchini) #34705
- deps:
  - upgrade to libuv 1.39.0 (cjihrig) #34915
  - upgrade npm to 6.14.8 (Ruy Adorno) #34834
  - V8: cherry-pick e06ace6b5cdb (Anna Henningsen) #34673
- n-api: handle weak no-finalizer refs correctly (Gabriel Schulhof) #34839
- tools: add debug entitlements for macOS 10.15+ (Gabriele Greco) #34378
Read more...
11 Aug Node v14.8.0 (Current)
- [16aa927216] - (SEMVER-MINOR) async_hooks: add AsyncResource.bind utility (James M Snell) #34574
- [dc49561e8d] - deps: update to uvwasi 0.0.10 (Colin Ihrig) #34623
- [6cd1c41604] - doc: add Ricky Zhou to collaborators (rickyes) #34676
- [f0a41b2530] - doc: add release key for Ruy Adorno (Ruy Adorno) #34628
- [10dd7a0eda] - doc: add DerekNonGeneric to collaborators (Derek Lewis) #34602
- [62bb2e757f] - (SEMVER-MINOR) module: unflag Top-Level Await (Myles Borins) #34558
- [8cc9e5eb52] - (SEMVER-MINOR) n-api: support type-tagging objects (Gabriel Schulhof) #28237
- [e89ec46ba9] - (SEMVER-MINOR) n-api,src: provide asynchronous cleanup hooks (Anna Henningsen) #34572
Read more...
29 Jul Node v14.7.0 (Current)
- deps:
  - upgrade npm to 6.14.7 (claudiahdz) #34468
- dgram:
  - (SEMVER-MINOR) add IPv6 scope id suffix to received udp6 dgrams (Pekka Nikander) #14500
- src:
  - (SEMVER-MINOR) allow preventing SetPromiseRejectCallback (Shelley Vohr) #34387
  - (SEMVER-MINOR) allow setting a dir for all diagnostic output (AshCripps) #33584
- worker:
  - (SEMVER-MINOR) make MessagePort inherit from EventTarget (Anna Henningsen) #34057
- zlib:
  - switch to lazy init for zlib streams (Andrey Pechkurov) #34048
- New Collaborators:
  - add rexagod to collaborators (Pranshu Srivastava) #34457
  - add AshCripps to collaborators (AshCripps) #34494
  - add HarshithaKP to collaborators (Harshitha K P) #34417
  - add release key for Richard Lau (Richard Lau) #34397
Read more...
22 Jul Node v12.18.3 (LTS)
21 Jul Node v14.6.0 (Current)
21 Jul Node v10.22.0 (LTS)
30 Jun Node v14.5.0 (Current)
30 Jun Node v12.18.2 (LTS)
17 Jun Node v12.18.1 (LTS)
02 Jun Node v10.21.0 (LTS)
02 Jun Node v12.18.0 (LTS)
02 Jun Node v14.4.0 (Current)
02 Jun June 2020 Security Releases
26 May Node v12.17.0 (LTS)
19 May Node v14.3.0 (Current)
05 May Node v14.2.0 (Current)
30 Apr Node v13.14.0 (Current)
29 Apr Node v14.1.0 (Current)
28 Apr Node v12.16.3 (LTS)
22 Apr Node v14.0.0 (Current)
21 Apr OpenSSL security releases do not require Node.js security releases
14 Apr Node v13.13.0 (Current)
12 Apr Node v10.20.1 (LTS)
08 Apr Node v12.16.2 (LTS)
08 Apr Node v10.20.0 (LTS)
03 Apr Changes to Release Schedule
26 Mar Node v13.12.0 (Current)
12 Mar Node v13.11.0 (Current)
05 Mar Node v13.10.1 (Current)
04 Mar Node v13.10.0 (Current)
18 Feb Node v13.9.0 (Current)
18 Feb Node v12.16.1 (LTS)
11 Feb Node v12.16.0 (LTS)
06 Feb February 2020 Security Releases
06 Feb Node v13.8.0 (Current)
06 Feb Node v12.15.0 (LTS)
06 Feb Node v10.19.0 (LTS)
21 Jan Node v13.7.0 (Current)
09 Jan Node v10.18.1 (LTS)
07 Jan Node v13.6.0 (Current)
07 Jan Node v12.14.1 (LTS)