News from 2020
-
Node v13.12.0 (Current)
The macOS binaries for this release, and future 13.x releases, are now being compiled on macOS 10.15 (Catalina) with Xcode 11 to support package notarization, a requirement for installing on .pkg files on macOS 10.15 and later. Previous builds of Node.js 13.x were compiled on macOS 10.11 (El Capitan) with Xcode 10. As binaries are still being compiled to support a minimum of macOS 10.10 (Yosemite) we do not anticipate this having a negative impact on Node.js 13.x users with older versions of macOS.
-
Node v13.11.0 (Current)
- async_hooks: add sync enterWith to ALS (Stephen Belanger) #31945
- cli: allow --jitless V8 flag in NODE_OPTIONS (Andrew Neitsch) #32100
- fs: return first folder made by mkdir recursive (Benjamin Coe) #31530
- n-api: define release 6 (Gabriel Schulhof) #32058
- os: create a getter for kernel version (Juan José Arboleda) #31732
- wasi: add returnOnExit option (Colin Ihrig) #32101
-
Node v13.10.1 (Current)
In Node.js 13.9.0 deps/zlib was switched to the chromium maintained implementation. This change had the unforseen consequence of breaking building from the tarballs we release as we were too aggressively removing
unneccessary filesfrom thedeps/zlibfolder. This release includes a patch that ensures that individuals will once again be able to build Node.js from source. - Node v13.10.0 (Current)
-
Node v13.9.0 (Current)
- async_hooks
- add executionAsyncResource (Matteo Collina) #30959
- crypto
- test
- skip keygen tests on arm systems (Tobias Nießen) #31178
- perf_hooks
- add property flags to GCPerformanceEntry (Kirill Fomichev) #29547
- process
- report ArrayBuffer memory in
memoryUsage()(Anna Henningsen) #31550
- report ArrayBuffer memory in
- readline
- make tab size configurable (Ruben Bridgewater) #31318
- report
- add support for Workers (Anna Henningsen) #31386
- worker
- add ability to take heap snapshot from parent thread (Anna Henningsen) #31569
- added new collaborators
- add ronag to collaborators (Robert Nagy) #31498
- async_hooks
-
Node v12.16.1 (LTS)
Node.js 12.16.0 included 6 regressions that are being fixed in this release
Accidental Unflagging of Self Resolving Modules:
12.16.0 included a large update to the ESM implementation. One of the new features, Self Referential Modules, was accidentally released without requiring the
--experimental-modulesflag. This release is being made to appropriately flag the feature. - Node v12.16.0 (LTS)
-
February 2020 Security Releases
Updates are now available for all active Node.js release lines for the following issues.
Affected Node.js versions can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system.
-
Node v13.8.0 (Current)
This is a security release.
Vulnerabilities fixed:
- CVE-2019-15606: HTTP header values do not have trailing OWS trimmed.
- CVE-2019-15605: HTTP request smuggling using malformed Transfer-Encoding header.
- CVE-2019-15604: Remotely trigger an assertion on a TLS server with a malformed certificate string.
-
Node v12.15.0 (LTS)
This is a security release.
Vulnerabilities fixed:
- CVE-2019-15606: HTTP header values do not have trailing OWS trimmed.
- CVE-2019-15605: HTTP request smuggling using malformed Transfer-Encoding header.
- CVE-2019-15604: Remotely trigger an assertion on a TLS server with a malformed certificate string.
- Node v10.19.0 (LTS)
- Node v13.7.0 (Current)
- Node v10.18.1 (LTS)
- Node v13.6.0 (Current)
- Node v12.14.1 (LTS)