Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

doc: add details for July 2022 security releases #43733

Closed
wants to merge 4 commits into from
Closed

doc: add details for July 2022 security releases #43733

wants to merge 4 commits into from

Conversation

BethGriggs
Copy link
Member

@BethGriggs BethGriggs commented Jul 8, 2022
edited
Loading

  • copy as appropriate to Node.js 16/14 changelogs once content has been reviewed
    • I'll open a separate PR for Node.js 16 and 14 as they do not have the --openssl-shared-config flag.
  • update nodejs.org blog posts

I think providing the additional information in the changelogs would be useful (even if retroactive). Also, indicate the breaking changes as such.

cc: @RafaelGSS (I'll also add as co-author as a lot of this is copying your text.)

@BethGriggs BethGriggs added the wip Issues and PRs that are still a work in progress. label Jul 8, 2022
@nodejs-github-bot nodejs-github-bot added the release Issues and PRs related to Node.js releases. label Jul 8, 2022
RafaelGSS
RafaelGSS approved these changes Jul 8, 2022
View reviewed changes
Copy link
Member

@RafaelGSS RafaelGSS left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. I would also mention the https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/ post since it contains more detailed information and missing pieces in the changelog such as: "Attempt to read openssl.cnf from /home/iojs/build/ upon startup" and "DNS rebinding in --inspect via invalid IP addresses"

addaleax
addaleax reviewed Jul 8, 2022
View reviewed changes
doc/changelogs/CHANGELOG_V18.md Outdated Show resolved Hide resolved
doc/changelogs/CHANGELOG_V18.md Outdated Show resolved Hide resolved
doc/changelogs/CHANGELOG_V18.md Outdated Show resolved Hide resolved
doc/changelogs/CHANGELOG_V18.md Outdated Show resolved Hide resolved
@BethGriggs
Copy link
Member Author

@addaleax, thank you for the suggestions. Sorry! I was working on some edits at the same time. I'll manually review all of your suggestions and apply

@BethGriggs @RafaelGSS
doc: add details for July 2022 security releases
14ce103 
Co-authored-by: Rafael Gonzaga <rafael.nunu@hotmail.com>
@BethGriggs BethGriggs removed the wip Issues and PRs that are still a work in progress. label Jul 8, 2022
@BethGriggs BethGriggs marked this pull request as ready for review July 8, 2022 16:24
mhdawson
mhdawson reviewed Jul 8, 2022
View reviewed changes
Copy link
Member

@mhdawson mhdawson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

BethGriggs added a commit that referenced this pull request Jul 11, 2022
@BethGriggs
doc: add details for July 2022 security releases
15bb82b 
Co-authored-by: Rafael Gonzaga <rafael.nunu@hotmail.com>

PR-URL: #43733
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Richard Lau <rlau@redhat.com>
@BethGriggs
Copy link
Member Author

Landed in 15bb82b

@BethGriggs BethGriggs closed this Jul 11, 2022
@BethGriggs BethGriggs deleted the details branch July 11, 2022 17:00
targos pushed a commit that referenced this pull request Jul 12, 2022
@BethGriggs @targos
doc: add details for July 2022 security releases
4569d6e 
Co-authored-by: Rafael Gonzaga <rafael.nunu@hotmail.com>

PR-URL: #43733
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Richard Lau <rlau@redhat.com>
@targos targos mentioned this pull request Jul 12, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@RafaelGSS RafaelGSS RafaelGSS approved these changes

@mhdawson mhdawson mhdawson left review comments

@richardlau richardlau richardlau approved these changes

@addaleax addaleax addaleax approved these changes

Assignees
No one assigned
Labels
release Issues and PRs related to Node.js releases.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@BethGriggs @addaleax @richardlau @mhdawson @RafaelGSS @targos @nodejs-github-bot