Node.js - v19.0.1
This is a security release.
The following CVEs are fixed in this release:
- CVE-2022-3602: X.509 Email Address 4-byte Buffer Overflow (High)
- CVE-2022-3786: X.509 Email Address Variable Length Buffer Overflow (High)
- CVE-2022-43548: DNS rebinding in --inspect via invalid octal IP address (Medium)
More detailed information on each of the vulnerabilities can be found in November 2022 Security Releases blog post.
e58e8d70a8] - deps: update archs files for quictls/openssl-3.0.7+quic (RafaelGSS) #45286
85f4548d57] - deps: upgrade openssl sources to quictls/openssl-3.0.7+quic (RafaelGSS) #45286
43403f56f7] - inspector: harden IP address validation again (Tobias Nießen) nodejs-private/node-private#354
Nov. 4, 2022, 6:07 p.m.
2022-11-04, Version 19.0.1 (Current), @RafaelGSS
Register or login to:
- 🔍View and search all Node.js releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!