Node v18.18.2 (LTS)

By admin

Node v18.18.2
PERSON

(

LTS
ORG

)

Notable Changes

The following CVEs are fixed in this release:

CVE-2023-44487: nghttp2 Security Release (High)

Security Release (High)

CVE-2023-45143
ORG

: undici

Security Release
ORG

(High)

Security Release (High)

CVE-2023-38552
ORG

: Integrity checks according to policies can be circumvented (Medium)

CVE-2023-39333: Code injection via

WebAssembly
ORG

export names (Low)

More detailed information on each of the vulnerabilities can be found in

October 2023
DATE

Security Releases blog post.

Commits

[

55028468db
PERSON

] – deps : update undici to v5.26.3 (

Matteo Collina
PERSON

) #

50153
MONEY

] – : update undici to v5.26.3 (

Matteo Collina
PERSON

) #

50153
MONEY

[ a792bbc515 ] – deps : update

nghttp2
ORG

to

1.57.0
CARDINAL

(

James M Snell
ORG

) #50121

] – : update

nghttp2
NORP

to

1.57.0
CARDINAL

(

James M Snell
ORG

) #50121 [ f6444defa4 ] – deps : update nghttp2 to

1.56.0
CARDINAL

(Node.js GitHub Bot) #

49582
MONEY

] – : update nghttp2 to

1.56.0
CARDINAL

(Node.js GitHub Bot) #

49582
MONEY

[

7e9b08dfd4
CARDINAL

] – deps : update

nghttp2
ORG

to

1.55.1
CARDINAL

(Node.js GitHub Bot) #

48790
MONEY

] – : update

nghttp2
ORG

to

1.55.1
CARDINAL

(Node.js GitHub Bot) #

48790
CARDINAL

[ 85672c153f ] – deps : update

nghttp2
ORG

to

1.55.0
CARDINAL

(Node.js GitHub Bot) #48746

] – : update

nghttp2
ORG

to

1.55.0
CARDINAL

(Node.js GitHub Bot) #48746 [

300a902422
CARDINAL

] – deps : update

nghttp2
NORP

to

1.53.0
CARDINAL

(Node.js GitHub Bot) #

47997
MONEY

] – : update

nghttp2
NORP

to

1.53.0
CARDINAL

(Node.js GitHub Bot) #

47997
MONEY

[ 7d83ed0bf6 ] – Revert " deps : update nghttp2 to

1.55.0
CARDINAL

" (

Richard Lau
PERSON

) #

50151
MONEY

] – " : update nghttp2 to

1.55.0
CARDINAL

" (

Richard Lau
PERSON

) #50151 [

1193ca5fdb
CARDINAL

] – lib : let deps require node prefixed modules (

Matthew Aitken
PERSON

) #

50047
MONEY

] – : let deps require prefixed modules (

Matthew Aitken
PERSON

) #50047 [ eaf9083cf1 ] – module : fix code injection through export names (

Tobias Nießen
PERSON

) nodejs-private/node-private#461

] – : fix code injection through export names (

Tobias Nießen
PERSON

) nodejs-private/node-private#461 [

1c538938cc
CARDINAL

] – policy: use tamper-proof integrity check function (

Tobias Nießen
PERSON

) nodejs-private/node-private#462


Windows
PRODUCT


32
CARDINAL

-bit Installer:

https://nodejs.org/dist/v18.18.2/node-v18.18.2-x86.msi

Windows 64
PRODUCT

-bit Installer:

https://nodejs.org/dist/v18.18.2/node-v18.18.2-x64.msi

QUANTITY

Windows

32-bit
QUANTITY

Binary: https://nodejs.org/dist/v18.18.2/win-x86/node.exe

Windows 64-bit Binary: https://nodejs.org/dist/v18.18.2/win-x64/node.exe

macOS 64-bit Installer: https://nodejs.org/dist/v18.18.2/node-v18.18.2.pkg

macOS

Apple Silicon
ORG

64-bit Binary: https://nodejs.org/dist/v18.18.2/node-v18.18.2-darwin-arm64.tar.gz

macOS

Intel
ORG

64-bit Binary: https://nodejs.org/dist/v18.18.2/node-v18.18.2-darwin-x64.tar.gz

Linux 64-bit Binary: https://nodejs.org/dist/v18.18.2/node-v18.18.2-linux-x64.tar.xz

Linux PPC LE

64
CARDINAL

-bit Binary: https://nodejs.org/dist/v18.18.2/node-v18.18.2-linux-ppc64le.tar.xz


Linux s390x
LOC


64
CARDINAL

-bit Binary: https://nodejs.org/dist/v18.18.2/node-v18.18.2-linux-s390x.tar.xz


AIX
ORG


64
CARDINAL

-bit Binary: https://nodejs.org/dist/v18.18.2/node-v18.18.2-aix-ppc64.tar.gz

ARMv7

32
CARDINAL

-bit Binary: https://nodejs.org/dist/v18.18.2/node-v18.18.2-linux-armv7l.tar.xz

ARMv8

64
CARDINAL

-bit Binary: https://nodejs.org/dist/v18.18.2/node-v18.18.2-linux-arm64.tar.xz

Source Code: https://nodejs.org/dist/v18.18.2/node-v18.18.2.tar.gz

Other release files: https://nodejs.org/dist/v18.18.2/

Documentation: https://nodejs.org/docs/v18.18.2/api/


SHASUMS
PERSON