From 27adbf027f2dd3a75b22518f6825e1a1937059d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C3=ABl=20Zasso?= Date: Tue, 2 Jun 2020 08:42:15 +0200 Subject: [PATCH] 2020-06-02, Version 14.4.0 (Current) This is a security release. Notable changes: Vulnerabilities fixed: CVE-2020-8172: TLS session reuse can lead to host certificate verification bypass (High). CVE-2020-11080: HTTP/2 Large Settings Frame DoS (Low). CVE-2020-8174: `napi_get_value_string_*()` allows various kinds of memory corruption (High). PR-URL: https://github.com/nodejs-private/node-private/pull/212 --- CHANGELOG.md | 3 ++- doc/api/http2.md | 9 ++++++--- doc/changelogs/CHANGELOG_V14.md | 22 ++++++++++++++++++++++ src/node_version.h | 6 +++--- 4 files changed, 33 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f7b21ae6d6a2d4..5399fb3266e5c6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -31,7 +31,8 @@ release. -14.3.0
+14.4.0
+14.3.0
14.2.0
14.1.0
14.0.0
diff --git a/doc/api/http2.md b/doc/api/http2.md index ffd120c550312f..34093f2834ed06 100644 --- a/doc/api/http2.md +++ b/doc/api/http2.md @@ -1991,7 +1991,8 @@ value only affects new connections to the server, not any existing connections.