Skip to content

Commit ff349ee

Browse files
RafaelGSSRafaelGSS
authored
Blog: add security release blog posts (#6609)
* Blog: v18.20.1 release post Refs: nodejs-private/node-private#573 * Blog: v20.12.1 release post Refs: nodejs-private/node-private#575 * Blog: v21.7.2 release post Refs: nodejs-private/node-private#574 * Blog: add post security release blog post * fixup! Blog: v18.20.1 release post
1 parent 2e41e58 commit ff349ee

File tree

5 files changed

+348
-4
lines changed

5 files changed

+348
-4
lines changed

pages/en/blog/release/v18.20.1.md

Lines changed: 97 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,97 @@
1+
---
2+
date: '2024-04-03T14:27:39.936Z'
3+
category: release
4+
title: Node v18.20.1 (LTS)
5+
layout: blog-post
6+
author: Rafael Gonzaga
7+
---
8+
9+
## 2024-04-03, Version 18.20.1 'Hydrogen' (LTS), @RafaelGSS
10+
11+
This is a security release.
12+
13+
### Notable Changes
14+
15+
- CVE-2024-27983 - Assertion failed in node::http2::Http2Session::\~Http2Session() leads to HTTP/2 server crash- (High)
16+
- CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
17+
- llhttp version 9.2.1
18+
- undici version 5.28.4
19+
20+
### Commits
21+
22+
- \[[`60d24938de`](https://github.com/nodejs/node/commit/60d24938de)] - **deps**: update undici to v5.28.4 (Matteo Collina) [nodejs-private/node-private#577](https://github.com/nodejs-private/node-private/pull/577)
23+
- \[[`5d4d5848cf`](https://github.com/nodejs/node/commit/5d4d5848cf)] - **http**: do not allow OBS fold in headers by default (Paolo Insogna) [nodejs-private/node-private#558](https://github.com/nodejs-private/node-private/pull/558)
24+
- \[[`0fb816dbcc`](https://github.com/nodejs/node/commit/0fb816dbcc)] - **src**: ensure to close stream when destroying session (Anna Henningsen) [nodejs-private/node-private#561](https://github.com/nodejs-private/node-private/pull/561)
25+
26+
Windows 32-bit Installer: https://nodejs.org/dist/v18.20.1/node-v18.20.1-x86.msi \
27+
Windows 64-bit Installer: https://nodejs.org/dist/v18.20.1/node-v18.20.1-x64.msi \
28+
Windows 32-bit Binary: https://nodejs.org/dist/v18.20.1/win-x86/node.exe \
29+
Windows 64-bit Binary: https://nodejs.org/dist/v18.20.1/win-x64/node.exe \
30+
macOS 64-bit Installer: https://nodejs.org/dist/v18.20.1/node-v18.20.1.pkg \
31+
macOS Apple Silicon 64-bit Binary: https://nodejs.org/dist/v18.20.1/node-v18.20.1-darwin-arm64.tar.gz \
32+
macOS Intel 64-bit Binary: https://nodejs.org/dist/v18.20.1/node-v18.20.1-darwin-x64.tar.gz \
33+
Linux 64-bit Binary: https://nodejs.org/dist/v18.20.1/node-v18.20.1-linux-x64.tar.xz \
34+
Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v18.20.1/node-v18.20.1-linux-ppc64le.tar.xz \
35+
Linux s390x 64-bit Binary: https://nodejs.org/dist/v18.20.1/node-v18.20.1-linux-s390x.tar.xz \
36+
AIX 64-bit Binary: https://nodejs.org/dist/v18.20.1/node-v18.20.1-aix-ppc64.tar.gz \
37+
ARMv7 32-bit Binary: https://nodejs.org/dist/v18.20.1/node-v18.20.1-linux-armv7l.tar.xz \
38+
ARMv8 64-bit Binary: https://nodejs.org/dist/v18.20.1/node-v18.20.1-linux-arm64.tar.xz \
39+
Source Code: https://nodejs.org/dist/v18.20.1/node-v18.20.1.tar.gz \
40+
Other release files: https://nodejs.org/dist/v18.20.1/ \
41+
Documentation: https://nodejs.org/docs/v18.20.1/api/
42+
43+
### SHASUMS
44+
45+
```
46+
-----BEGIN PGP SIGNED MESSAGE-----
47+
Hash: SHA256
48+
49+
a1dc083f3795ad304150759ee38d4b9c0ba541ac36629e6a0a2d8ea5f2c09e39 node-v18.20.1-aix-ppc64.tar.gz
50+
275ffd6e96ea38e0ce0db2a37950381102fc95d1ad863b360ba0889dc7190405 node-v18.20.1-darwin-arm64.tar.gz
51+
c55de6b8a916eab340b3ca104fbcc9fa345f37c36393c99b84dee0fa20b8924f node-v18.20.1-darwin-arm64.tar.xz
52+
87d6c6e5df6c4615ca90b044c75dc112473df4ebd55f6f471740c4e1c9602cbe node-v18.20.1-darwin-x64.tar.gz
53+
8d70c5ff18843b0d0a7117f77f5b5933e763c799172ce559427f7c84b9ee9b36 node-v18.20.1-darwin-x64.tar.xz
54+
af15f373928f572f46014bc37631e7b7e882dd854049bef40c8c27eaabcf565b node-v18.20.1-headers.tar.gz
55+
53139e1027485211374378d8e5eedb19e64aa81e93ab3a7135be4527b1a16baf node-v18.20.1-headers.tar.xz
56+
52896372b3b151f639be7efa8662d68aaeb065cae2c15d61d14e2b73ada79597 node-v18.20.1-linux-arm64.tar.gz
57+
613d0ea027fc5c16087d2b69f57d1e07dd1effcd3773910b6594672aee1fd4cd node-v18.20.1-linux-arm64.tar.xz
58+
b61392490e84cc6050967bbfc59cfd9ad6e737b6db9ef9d479b0d79c900aef64 node-v18.20.1-linux-armv7l.tar.gz
59+
29bc1aae2200f59018bd7f3bd8c61afcf3b919177ff481d6404e5ae3a84ccc9b node-v18.20.1-linux-armv7l.tar.xz
60+
69e0c2d291c0838f01f157fc4713cc86c803396c6c25524397339946cf31a4cb node-v18.20.1-linux-ppc64le.tar.gz
61+
65a26b6dcb70c31ac47fbfc5688e62254962797289eed58365d40e2f54fb51d3 node-v18.20.1-linux-ppc64le.tar.xz
62+
39793752b0ef9abe39ff942bbd3e442d71990f0592b3b0805252adb1b9c78e21 node-v18.20.1-linux-s390x.tar.gz
63+
0eec4f8ab556ac78b68d74b5c24bbc79e9daa4ba53ca7faa20ab4ee6b87fcc7b node-v18.20.1-linux-s390x.tar.xz
64+
d226c39c5546dca97567db8f8ca7f92fca6572d44f181b1f85af83eee5d6f9e1 node-v18.20.1-linux-x64.tar.gz
65+
1d08285abd9fad971af5c73d13e8f2a6ae9f2906ee036095dad7d5c286642a4e node-v18.20.1-linux-x64.tar.xz
66+
8a221a68978ab630a12e6ff5bf03a0f0fae521147210d2c36ba7450d387a237e node-v18.20.1-win-x64.7z
67+
5af456705d267507cd4be0572d787f85a42fa239e1a9dc5458d02a9ee76d223c node-v18.20.1-win-x64.zip
68+
7937811a1ddec32428dc4d05a0d62d5c81dcb61426a56bfe34e66681e3cc230d node-v18.20.1-win-x86.7z
69+
6dfc810fdb4511ab32c1da4faa934c6bae9c2bc305734efe58761398ac68f5f3 node-v18.20.1-win-x86.zip
70+
6191ea9f02bd1087a90efce0f7118f0db33c66aee010463551602074f1cdcdad node-v18.20.1-x64.msi
71+
5587c3603752b1b406935118d8a923327a71da93d082d6e566c650be4d4e629c node-v18.20.1-x86.msi
72+
675c340469f6f71bbcc77f4c18bb480ecdab9c953059f571ef6f7794cd09d6e8 node-v18.20.1.pkg
73+
7fb430d0b1256c22f26dd321070182ab943005bdb7b738facc6d9a82b1e04ed7 node-v18.20.1.tar.gz
74+
c6d867a9f25e6354810effb8201f8147a15b28000e50790fda00d1ca15f49b8a node-v18.20.1.tar.xz
75+
8d36d351b7bc1e21a3f196cc12f3c1dc3ebd54bc8b8b678f254c6589faa8799f win-x64/node.exe
76+
64d93225aaece04e3cd45177d6dea2b22df49e127281fefa3ade43ac46a36cc6 win-x64/node.lib
77+
99765d9956720edfe1cd7429fd04e2bdf0cf2bc8fb419d58a69dd8fd4a0de608 win-x64/node_pdb.7z
78+
a84fffe06ab69f15b9b32bed9aac330e45e2b10129ce38d0bbd00f917511af15 win-x64/node_pdb.zip
79+
c286ee6d2188037e33a643f112553a1c20bb7ba74428a180d7cdeec2975f8fc6 win-x86/node.exe
80+
df34047e8ae646e6f43d76ecbec9709a185f29e01f49b377c4c46070cacc2859 win-x86/node.lib
81+
76612ed31fcff457141de2eafcf3d4e4ca7f6e080c4068f0f9b9ac25248c23b7 win-x86/node_pdb.7z
82+
c02dcf9dba6277c9f1edb9dbf325c076af9e1846ca2c465638021f8e4314bbcf win-x86/node_pdb.zip
83+
-----BEGIN PGP SIGNATURE-----
84+
85+
iQGzBAEBCAAdFiEEiQwI24V5Fi/uDfnbi+q0389VXvQFAmYNYkAACgkQi+q0389V
86+
XvQ9iwv+KA3oor0FgQlo9TOa9i7af1ToNqsuwUwiCNH/vaRc+Mwau9cjX9FPCrqZ
87+
bNoDX0rZ/xCdVt7AwFh5c556iMrywk835sujk1ixI0vPQrgjj1aXjQBLlIiR7drq
88+
GUMTjR5qB7JD1iaKpOtfaOiAYbAzkH5uc0eIMKv70xhf7AIbd7exYNvCOB93T3Mo
89+
Dfkm3xD/CZ9eARRSRCco4jgOko4fdPdaRsRFC9QJ0/dwaM0YirDUk8kR08I+MDvm
90+
MF9m/QKzntScGnUagfsXGSPg4HoQCw01YvMZ5LTwlfwWI1oIfYddJGfUwlizMhLi
91+
RdVCaSyL4wyfrMEa78if8rT4wp95HoV/TpjtEngZ+S0ZxHDa80Sbo8GxXVYCWnvx
92+
pDXDih0hLmSc2OBcys9s9oP5ni8gwpH+gXHfr+KPRZxwYYAWHD4BFWSBE62QalUD
93+
qqN28ffuLTC+TC6rUbt6i/NlHZCkMJB6+Ju+P4pdu9cmy4s/ofKeja0tLIvEa/vj
94+
n9up2jbC
95+
=zFXW
96+
-----END PGP SIGNATURE-----
97+
```

pages/en/blog/release/v20.12.1.md

Lines changed: 106 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,106 @@
1+
---
2+
date: '2024-04-03T14:16:00.934Z'
3+
category: release
4+
title: Node v20.12.1 (LTS)
5+
layout: blog-post
6+
author: Rafael Gonzaga
7+
---
8+
9+
## 2024-04-03, Version 20.12.1 'Iron' (LTS), @RafaelGSS
10+
11+
This is a security release
12+
13+
### Notable Changes
14+
15+
- CVE-2024-27983 - Assertion failed in node::http2::Http2Session::\~Http2Session() leads to HTTP/2 server crash- (High)
16+
- CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
17+
- llhttp version 9.2.1
18+
- undici version 5.28.4
19+
20+
### Commits
21+
22+
- \[[`bd8f10a257`](https://github.com/nodejs/node/commit/bd8f10a257)] - **deps**: update undici to v5.28.4 (Matteo Collina) [nodejs-private/node-private#576](https://github.com/nodejs-private/node-private/pull/576)
23+
- \[[`5e34540a96`](https://github.com/nodejs/node/commit/5e34540a96)] - **http**: do not allow OBS fold in headers by default (Paolo Insogna) [nodejs-private/node-private#557](https://github.com/nodejs-private/node-private/pull/557)
24+
- \[[`ba1ae6d188`](https://github.com/nodejs/node/commit/ba1ae6d188)] - **src**: ensure to close stream when destroying session (Anna Henningsen) [nodejs-private/node-private#561](https://github.com/nodejs-private/node-private/pull/561)
25+
26+
Windows 32-bit Installer: https://nodejs.org/dist/v20.12.1/node-v20.12.1-x86.msi \
27+
Windows 64-bit Installer: https://nodejs.org/dist/v20.12.1/node-v20.12.1-x64.msi \
28+
Windows ARM 64-bit Installer: https://nodejs.org/dist/v20.12.1/node-v20.12.1-arm64.msi \
29+
Windows 32-bit Binary: https://nodejs.org/dist/v20.12.1/win-x86/node.exe \
30+
Windows 64-bit Binary: https://nodejs.org/dist/v20.12.1/win-x64/node.exe \
31+
Windows ARM 64-bit Binary: https://nodejs.org/dist/v20.12.1/win-arm64/node.exe \
32+
macOS 64-bit Installer: https://nodejs.org/dist/v20.12.1/node-v20.12.1.pkg \
33+
macOS Apple Silicon 64-bit Binary: https://nodejs.org/dist/v20.12.1/node-v20.12.1-darwin-arm64.tar.gz \
34+
macOS Intel 64-bit Binary: https://nodejs.org/dist/v20.12.1/node-v20.12.1-darwin-x64.tar.gz \
35+
Linux 64-bit Binary: https://nodejs.org/dist/v20.12.1/node-v20.12.1-linux-x64.tar.xz \
36+
Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v20.12.1/node-v20.12.1-linux-ppc64le.tar.xz \
37+
Linux s390x 64-bit Binary: https://nodejs.org/dist/v20.12.1/node-v20.12.1-linux-s390x.tar.xz \
38+
AIX 64-bit Binary: https://nodejs.org/dist/v20.12.1/node-v20.12.1-aix-ppc64.tar.gz \
39+
ARMv7 32-bit Binary: https://nodejs.org/dist/v20.12.1/node-v20.12.1-linux-armv7l.tar.xz \
40+
ARMv8 64-bit Binary: https://nodejs.org/dist/v20.12.1/node-v20.12.1-linux-arm64.tar.xz \
41+
Source Code: https://nodejs.org/dist/v20.12.1/node-v20.12.1.tar.gz \
42+
Other release files: https://nodejs.org/dist/v20.12.1/ \
43+
Documentation: https://nodejs.org/docs/v20.12.1/api/
44+
45+
### SHASUMS
46+
47+
```
48+
-----BEGIN PGP SIGNED MESSAGE-----
49+
Hash: SHA256
50+
51+
2a75c3cc9ed139b2ee82be709a04c171ed2d96d962082d4ab5fbf7f486846f4f node-v20.12.1-aix-ppc64.tar.gz
52+
70f9921efbebd58dbcc77ee40d1e64fb6d27bb48a5befdcad9ad172287315df4 node-v20.12.1-arm64.msi
53+
65df8cb0724e3a58c7757b75a70cc1057e1f67ffc5e852bfe6241de0b37c70a0 node-v20.12.1-darwin-arm64.tar.gz
54+
f8a9a78dd9130db80844132bcef6045ceaa51166fc8f4223a97d82a99b87a946 node-v20.12.1-darwin-arm64.tar.xz
55+
f5dc3c71c87c58c9b019d9f85302db3a6a6c47167c5a0480b697f153d02ac316 node-v20.12.1-darwin-x64.tar.gz
56+
7ca444b4f05c588f27eb96e960dd07de98c18e20aaad2c05ef6cf2cee2f2a71a node-v20.12.1-darwin-x64.tar.xz
57+
170844da1e1e2c853ae8e998734ce2a4d888d922aa575975d279104b81455f46 node-v20.12.1-headers.tar.gz
58+
172cbe26f23b4f7d28dc4cdc1e05fa8c9586bc0be113a599be770f723b13e556 node-v20.12.1-headers.tar.xz
59+
6eb199eaa4f83a729242c69792a126cb58ca6a60d791dffd9cedb4cfd32b96c0 node-v20.12.1-linux-arm64.tar.gz
60+
cce8245b22953495efa105bf37621cfee0b62d76e330bd7899a0e702676a884b node-v20.12.1-linux-arm64.tar.xz
61+
d4058aee344df896215eabbf367bbc9bf6504531e75016081565416c6e335e2a node-v20.12.1-linux-armv7l.tar.gz
62+
01a98fbebd2e31a1de4aa174215765f4d906a920ec4120becbb4b572e1b379a5 node-v20.12.1-linux-armv7l.tar.xz
63+
f79c53a39c559e35da24e67a9ca85557bc54a0560a34bea67c4610ac7007ac0c node-v20.12.1-linux-ppc64le.tar.gz
64+
31e4ad7a8696bb2b8cc0169db1657149a19a759e70cd9997d1aeed2d7e825cc4 node-v20.12.1-linux-ppc64le.tar.xz
65+
2cc1c25374995aed79194a50166927dcb2b10473683407a173119d45c42de419 node-v20.12.1-linux-s390x.tar.gz
66+
8bf2fe299750f4591cd3b96f83fa591894550fcce7601b2c682c87f73b1a94ce node-v20.12.1-linux-s390x.tar.xz
67+
da2f590a39717792dcf8c4bf6b9e4b269601e6ce3a3f150a3c4b379f7eea6d83 node-v20.12.1-linux-x64.tar.gz
68+
042844eeea4e19fa46687cc028dd5e323602d81784a9da8386c24463e3984e11 node-v20.12.1-linux-x64.tar.xz
69+
17efd39f30e46b82ce94061ccee058fce3e1c3f1e5538a3f30463c52e5ab82e8 node-v20.12.1-win-arm64.7z
70+
70a8d7a444ffd87f2d06477ccb20c58d8791caaf7be4a1eddf5a9578c81b8028 node-v20.12.1-win-arm64.zip
71+
2628e9698f3bdada3fd36096fba0433fbd8f85832350bd5d2537f8f0ac50320f node-v20.12.1-win-x64.7z
72+
629e2619ef88c5a8ce9944201f00ca3124f079c43ceef7ab0826c6fd19e09d75 node-v20.12.1-win-x64.zip
73+
552c6fec6a0b28e9c49ad8574e4e67c35d9cfa718a3f940552e594e948caa6d9 node-v20.12.1-win-x86.7z
74+
5883ad36b8607801cdb4d5aa6b6c0683df782daecda3ad761204916fbcea860c node-v20.12.1-win-x86.zip
75+
d0a6cfef17f54ceb4cff874cae03725259c2ac62999a97add026bb0e65271065 node-v20.12.1-x64.msi
76+
8cfaf9c5ca56b469ad8a7d9e2119cbfdc086168651b2355946c6b6beac529be9 node-v20.12.1-x86.msi
77+
b1f762be19806ab5070e0df75f585da48238edc1dcf86c57d09a3e16db270fac node-v20.12.1.pkg
78+
b9bef0314e12773ef004368ee56a2db509a948d4170b9efb07441bac1f1407a0 node-v20.12.1.tar.gz
79+
6840d490ba4d1d51655e0fbe1209956a15db405510d7ea166bad98a8c9d37a4e node-v20.12.1.tar.xz
80+
73d58b74b79875417f20c73b0d64087d4e1cf817cd718959dafec76340b36616 win-arm64/node.exe
81+
e780ac993543d4705ba5bffa79a53854fcb5e77b6845464074ca590dab194539 win-arm64/node.lib
82+
d20319df9c67ffbed2866cd41f86b94570368f1e62fcd7cc6aaf813bd978a00a win-arm64/node_pdb.7z
83+
6da9206f3cba1f6ff0551f1ce61ab9832d11f151d97ee1870fd17e0c09b8edf8 win-arm64/node_pdb.zip
84+
ea392e1b5503f2294c24f2ff17a01471faab98c3ec67d75df5754bb6ee0a7b71 win-x64/node.exe
85+
c6e9da74f78f98a465edfb8b51c84c9d33a047a71c4624a854b2af2b4e6a0d50 win-x64/node.lib
86+
0966f51fc43f851ddd1a8581480be83c730abf7ade1a7744c702fcfcff965759 win-x64/node_pdb.7z
87+
f8f78377ce2cc73f84dae58955caaa876b39a1a1c36bde48edad7469165bd205 win-x64/node_pdb.zip
88+
a59bacb81d7440f0b4897d0cb86637a485876be98e6b2be7a476736e81364ce7 win-x86/node.exe
89+
08399fc4d42a0ce0bad33dd9a9bcc9c845bfb0d5d1393e8c330b5a243411d8a9 win-x86/node.lib
90+
66d0e23c21410cd35a1cd61ac4ada5fa3d8f3dd38a2de53c337b689ba71a23c6 win-x86/node_pdb.7z
91+
47c9d17824c96cc51585d5f693be97ba4f9d674ab86548f1af78143fc862b008 win-x86/node_pdb.zip
92+
-----BEGIN PGP SIGNATURE-----
93+
94+
iQGzBAEBCAAdFiEEiQwI24V5Fi/uDfnbi+q0389VXvQFAmYNYskACgkQi+q0389V
95+
XvToAAwApB+3C/H9VywVFwQbxYq/KIvjvtqBfFMPd7at0z8KU6q/ffsql5v1XaML
96+
ZQwX9H7NpQPGX9S4oJtDnI7cDf6ZQJDCMDAOMO1lzSlfWPZFOTBlZkV26PHGjgaN
97+
LsqMJ5mXrAYsU6pmCuf00BZfcmb6BmK576Jw6xrIg96oIidsDXjtaKnRZ7u41wm0
98+
uPXVgLQEc6xJanwvpTlVnCotDE0DAq5NkImT8MabyarAbqYcJoCEQI9O4qJbruk2
99+
6zBhznWENLVrpvo599V3Seb1iYaLlxMP87pCiqAX7ydKPS8+6rKqERCLpp6Z1ZbT
100+
Xft5Ic252QnWlIl0YZ8eNLG3r467nAnKzb1gmun1gGYMEaJ/sB60UDk3jlJ82PeI
101+
rDq9Y2n2UbMwnHpoXsdEghH5cmjPavqT/mYE10qhy7OFQGHOzzN9YWeubQvTfal3
102+
axX3sHUwcTWQkVFbIvRi5NdDwJrNH7bRLREBJcd1B84gwAgu6yEETuMOFSSoDNAJ
103+
V+5SAhlx
104+
=v6Ae
105+
-----END PGP SIGNATURE-----
106+
```

0 commit comments

Comments
 (0)