Node.js - v20.12.2
Security
This is a security release.
Notable Changes
- CVE-2024-27980 - Command injection via args parameter of
child_process.spawnwithout shell option enabled on Windows
Commits
- [
69ffc6d50d] - src: disallow direct .bat and .cmd file spawning (Ben Noordhuis) nodejs-private/node-private#563
Security
Details
date
April 10, 2024, 4:35 p.m.
name
2024-04-10, Version 20.12.2 'Iron' (LTS), @RafaelGSS
type
Patch
official page
👇
Register or login to:
- 🔍View and search all Node.js releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!