Node.js - v14.20.1
Security
This is a security release.
Notable changes
The following CVEs are fixed in this release:
- CVE-2022-32212: DNS rebinding in --inspect on macOS (High)
- CVE-2022-32213: bypass via obs-fold mechanic (Medium)
- CVE-2022-35256: HTTP Request Smuggling Due to Incorrect Parsing of Header Fields (Medium)
More detailed information on each of the vulnerabilities can be found in September 22nd 2022 Security Releases blog post.
Commits
- [
a9f1146b88
] - http: disable chunked encoding when OBS fold is used (Paolo Insogna) nodejs-private/node-private#341 - [
a1121b456c
] - src: fix IPv4 non routable validation (RafaelGSS) nodejs-private/node-private#337 - [
de80707870
] - src: fix IS_LTS and IS_RELEASE flags (Richard Lau) #43761
Security
Details
date
Sept. 23, 2022, 4:09 p.m.
name
2022-09-23, Version 14.20.1 'Fermium' (LTS), @bengl
type
Patch
official page
👇
Register or login to:
- 🔍View and search all Node.js releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!