News from 2020

• 30 Jun Node v14.5.0 (Current)

  V8 engine is updated to version 8.3

  This version includes performance improvements and now allows WebAssembly modules to request memories up to 4GB in size.

  Read more...

• 30 Jun Node v12.18.2 (LTS)
  • deps: V8: backport fb26d0bb1835 (Matheus Marchini) #33573
    • Fixes memory leak in PrototypeUsers::Add
  • src: use symbol to store AsyncWrap resource (Anna Henningsen) #31745
    • Fixes reported memory leak in #33468

  Read more...

• 17 Jun Node v12.18.1 (LTS)
  • deps:
    • V8: cherry-pick 548f6c81d424 (Dominykas Blyžė) #33484
    • update to uvwasi 0.0.9 (Colin Ihrig) #33445
    • upgrade to libuv 1.38.0 (Colin Ihrig) #33446
    • upgrade npm to 6.14.5 (Ruy Adorno) #33239

  Read more...

• 02 Jun Node v10.21.0 (LTS)

  This is a security release.

  Vulnerabilities fixed:

  • CVE-2020-8174: napi_get_value_string_*() allows various kinds of memory corruption (High).
  • CVE-2020-10531: ICU-20958 Prevent SEGV_MAPERR in append (High).
  • CVE-2020-11080: HTTP/2 Large Settings Frame DoS (Low).

  Read more...

• 02 Jun Node v12.18.0 (LTS)

  This is a security release.

  Vulnerabilities fixed:

  • CVE-2020-8172: TLS session reuse can lead to host certificate verification bypass (High).
  • CVE-2020-11080: HTTP/2 Large Settings Frame DoS (Low).
  • CVE-2020-8174: napi_get_value_string_*() allows various kinds of memory corruption (High).

  Read more...

• 02 Jun Node v14.4.0 (Current)

  This is a security release.

  Vulnerabilities fixed:

  • CVE-2020-8172: TLS session reuse can lead to host certificate verification bypass (High).
  • CVE-2020-11080: HTTP/2 Large Settings Frame DoS (Low).
  • CVE-2020-8174: napi_get_value_string_*() allows various kinds of memory corruption (High).

  Read more...

• 02 Jun June 2020 Security Releases

  Updates are now available for all supported Node.js release lines for the following issues.

  The 'session' event could be emitted before the 'secureConnect' event. It should not be, because the connection may fail to be authorized. If it was saved an authorized connection could be established later with the session ticket. Note that the https agent caches sessions, so is vulnerable to this.

  Read more...

• 26 May Node v12.17.0 (LTS)

  ECMAScript Modules - --experimental-modules flag removal

  Read more...

• 19 May Node v14.3.0 (Current)

  REPL previews improvements with autocompletion

  Read more...

• 05 May Node v14.2.0 (Current)

  Track function calls with assert.CallTracker (experimental)

  Read more...

• 30 Apr Node v13.14.0 (Current)
• 29 Apr Node v14.1.0 (Current)
• 28 Apr Node v12.16.3 (LTS)
• 22 Apr Node v14.0.0 (Current)
• 21 Apr OpenSSL security releases do not require Node.js security releases
• 14 Apr Node v13.13.0 (Current)
• 12 Apr Node v10.20.1 (LTS)
• 08 Apr Node v12.16.2 (LTS)
• 08 Apr Node v10.20.0 (LTS)
• 03 Apr Changes to Release Schedule
• 26 Mar Node v13.12.0 (Current)
• 12 Mar Node v13.11.0 (Current)
• 05 Mar Node v13.10.1 (Current)
• 04 Mar Node v13.10.0 (Current)
• 18 Feb Node v13.9.0 (Current)
• 18 Feb Node v12.16.1 (LTS)
• 11 Feb Node v12.16.0 (LTS)
• 06 Feb February 2020 Security Releases
• 06 Feb Node v13.8.0 (Current)
• 06 Feb Node v12.15.0 (LTS)
• 06 Feb Node v10.19.0 (LTS)
• 21 Jan Node v13.7.0 (Current)
• 09 Jan Node v10.18.1 (LTS)
• 07 Jan Node v13.6.0 (Current)
• 07 Jan Node v12.14.1 (LTS)