Node v20.8.1 (Current)

By admin
Node v20.8.1 (Current)

Notable Changes

The following CVEs are fixed in this release:

CVE-2023-44487: nghttp2 Security Release (High)

Security Release (High)

CVE-2023-45143
ORG

: undici

Security Release
ORG

(High)

Security Release (High)

CVE-2023-39332
ORG

: Path traversal through path stored in Uint8Array (High)

CVE-2023-39331: Permission model improperly protects against path traversal (High)

CVE-2023-38552: Integrity checks according to policies can be circumvented (Medium)

CVE-2023-39333: Code injection via

WebAssembly
ORG

export names (Low)

More detailed information on each of the vulnerabilities can be found in

October 2023
DATE

Security Releases blog post.

Commits

[ c86883e844 ] – deps : update

nghttp2
ORG

to

1.57.0
CARDINAL

(

James M Snell
ORG

) #50121

] – : update

nghttp2
NORP

to

1.57.0
CARDINAL

(

James M Snell
ORG

) #

50121
CARDINAL

[

2860631359
CARDINAL

] – deps : update undici to v5.26.3 (

Matteo Collina
PERSON

) #

50153
MONEY

] – : update undici to v5.26.3 (

Matteo Collina
PERSON

) #

50153
MONEY

[ cd37838bf8 ] – lib : let deps require node prefixed modules (

Matthew Aitken
PERSON

) #

50047
MONEY

] – : let deps require prefixed modules (

Matthew Aitken
PERSON

) #50047 [ f5c90b2951 ] – module : fix code injection through export names (

Tobias Nießen
PERSON

) nodejs-private/node-private#461

] – : fix code injection through export names (

Tobias Nießen
PERSON

) nodejs-private/node-private#461 [ fa5dae1944 ] – permission : fix Uint8Array path traversal (

Tobias Nießen
PERSON

) nodejs-private/node-private#456

] – : fix Uint8Array path traversal (

Tobias Nießen
PERSON

) nodejs-private/node-private#456 [ cd35275111 ] – permission : improve path traversal protection (

Tobias Nießen
PERSON

) nodejs-private/node-private#456

] – : improve path traversal protection (

Tobias Nießen
PERSON

) nodejs-private/node-private#456 [ a4cb7fc7c0 ] – policy: use tamper-proof integrity check function (

Tobias Nießen
PERSON

) nodejs-private/node-private#462


Windows
PRODUCT


32
CARDINAL

-bit Installer: https://nodejs.org/dist/v20.8.1/node-v20.8.1-x86.msi

Windows

64
CARDINAL

-bit

Installer
ORG

:

https://nodejs.org/dist/v20.8.1/node-v20.8.1-x64.msi
ORG

Windows ARM

64
CARDINAL

-bit Installer:

https://nodejs.org/dist/v20.8.1/node-v20.8.1-arm64.msi
CARDINAL

Windows

32-bit
QUANTITY

Binary: https://nodejs.org/dist/v20.8.1/win-x86/node.exe


Windows 64
PRODUCT

-bit Binary: https://nodejs.org/dist/v20.8.1/win-x64/node.exe


Windows
PRODUCT

ARM

64
CARDINAL

-bit Binary: https://nodejs.org/dist/v20.8.1/win-arm64/node.exe

macOS 64-bit

Installer
ORG

: https://nodejs.org/dist/v20.8.1/node-v20.8.1.pkg

macOS

Apple Silicon
ORG

64-bit Binary: https://nodejs.org/dist/v20.8.1/node-v20.8.1-darwin-arm64.tar.gz

macOS

Intel
ORG

64-bit Binary:

https://nodejs.org/dist/v20.8.1/node-v20.8.1-darwin-x64.tar.gz

Linux
PERSON

64-bit Binary: https://nodejs.org/dist/v20.8.1/node-v20.8.1-linux-x64.tar.xz


Linux
PRODUCT

PPC LE

64
CARDINAL

-bit Binary: https://nodejs.org/dist/v20.8.1/node-v20.8.1-linux-ppc64le.tar.xz


Linux s390x
LOC


64-bit
QUANTITY

Binary: https://nodejs.org/dist/v20.8.1/node-v20.8.1-linux-s390x.tar.xz

AIX

64
CARDINAL

-bit Binary: https://nodejs.org/dist/v20.8.1/node-v20.8.1-aix-ppc64.tar.gz

ARMv7

32
CARDINAL

-bit Binary: https://nodejs.org/dist/v20.8.1/node-v20.8.1-linux-armv7l.tar.xz

ARMv8

64
CARDINAL

-bit Binary: https://nodejs.org/dist/v20.8.1/node-v20.8.1-linux-arm64.tar.xz

Source Code: https://nodejs.org/dist/v20.8.1/node-v20.8.1.tar.gz

Other release files: https://nodejs.org/dist/v20.8.1/

Documentation: https://nodejs.org/docs/v20.8.1/api/


SHASUMS
PERSON