Node v20.8.1 (Current)

Created on November 12, 2023 at 10:50 am

Node v20.8.1 (Current)

Notable Changes

The following CVEs are fixed in this release:

CVE-2023-44487: nghttp2 Security Release (High)

Security Release (High) CVE-2023-45143 ORG : undici Security Release ORG (High)

Security Release (High) CVE-2023-39332 ORG : Path traversal through path stored in Uint8Array (High)

CVE-2023-39331: Permission model improperly protects against path traversal (High)

CVE-2023-38552: Integrity checks according to policies can be circumvented (Medium)

CVE-2023-39333: Code injection via WebAssembly ORG export names (Low)

More detailed information on each of the vulnerabilities can be found in October 2023 DATE Security Releases blog post.

Commits

[ c86883e844 ] – deps : update nghttp2 ORG to 1.57.0 CARDINAL ( James M Snell ORG ) #50121

] – : update nghttp2 NORP to 1.57.0 CARDINAL ( James M Snell ORG ) # 50121 CARDINAL [ 2860631359 CARDINAL ] – deps : update undici to v5.26.3 ( Matteo Collina PERSON ) # 50153 MONEY

] – : update undici to v5.26.3 ( Matteo Collina PERSON ) # 50153 MONEY [ cd37838bf8 ] – lib : let deps require node prefixed modules ( Matthew Aitken PERSON ) # 50047 MONEY

] – : let deps require prefixed modules ( Matthew Aitken PERSON ) #50047 [ f5c90b2951 ] – module : fix code injection through export names ( Tobias Nießen PERSON ) nodejs-private/node-private#461

] – : fix code injection through export names ( Tobias Nießen PERSON ) nodejs-private/node-private#461 [ fa5dae1944 ] – permission : fix Uint8Array path traversal ( Tobias Nießen PERSON ) nodejs-private/node-private#456

] – : fix Uint8Array path traversal ( Tobias Nießen PERSON ) nodejs-private/node-private#456 [ cd35275111 ] – permission : improve path traversal protection ( Tobias Nießen PERSON ) nodejs-private/node-private#456

] – : improve path traversal protection ( Tobias Nießen PERSON ) nodejs-private/node-private#456 [ a4cb7fc7c0 ] – policy: use tamper-proof integrity check function ( Tobias Nießen PERSON ) nodejs-private/node-private#462

Windows PRODUCT

32 CARDINAL -bit Installer: https://nodejs.org/dist/v20.8.1/node-v20.8.1-x86.msi

Windows 64 CARDINAL -bit Installer ORG : https://nodejs.org/dist/v20.8.1/node-v20.8.1-x64.msi ORG

Windows ARM 64 CARDINAL -bit Installer: https://nodejs.org/dist/v20.8.1/node-v20.8.1-arm64.msi CARDINAL

Windows 32-bit QUANTITY Binary: https://nodejs.org/dist/v20.8.1/win-x86/node.exe

Windows 64 PRODUCT -bit Binary: https://nodejs.org/dist/v20.8.1/win-x64/node.exe

Windows PRODUCT ARM 64 CARDINAL -bit Binary: https://nodejs.org/dist/v20.8.1/win-arm64/node.exe

macOS 64-bit Installer ORG : https://nodejs.org/dist/v20.8.1/node-v20.8.1.pkg

macOS Apple Silicon ORG 64-bit Binary: https://nodejs.org/dist/v20.8.1/node-v20.8.1-darwin-arm64.tar.gz

macOS Intel ORG 64-bit Binary: https://nodejs.org/dist/v20.8.1/node-v20.8.1-darwin-x64.tar.gz

Linux PERSON 64-bit Binary: https://nodejs.org/dist/v20.8.1/node-v20.8.1-linux-x64.tar.xz

Linux PRODUCT PPC LE 64 CARDINAL -bit Binary: https://nodejs.org/dist/v20.8.1/node-v20.8.1-linux-ppc64le.tar.xz

Linux s390x LOC

64-bit QUANTITY Binary: https://nodejs.org/dist/v20.8.1/node-v20.8.1-linux-s390x.tar.xz

AIX 64 CARDINAL -bit Binary: https://nodejs.org/dist/v20.8.1/node-v20.8.1-aix-ppc64.tar.gz

ARMv7 32 CARDINAL -bit Binary: https://nodejs.org/dist/v20.8.1/node-v20.8.1-linux-armv7l.tar.xz

ARMv8 64 CARDINAL -bit Binary: https://nodejs.org/dist/v20.8.1/node-v20.8.1-linux-arm64.tar.xz

Source Code: https://nodejs.org/dist/v20.8.1/node-v20.8.1.tar.gz

Other release files: https://nodejs.org/dist/v20.8.1/

Documentation: https://nodejs.org/docs/v20.8.1/api/

SHASUMS PERSON

Connecting to blog.lzomedia.com... Connected... Page load complete