Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

blog: April 2021 10/12/14 sec releases #3791

Merged
merged 1 commit into from
Apr 6, 2021
Merged

blog: April 2021 10/12/14 sec releases #3791

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
106 changes: 106 additions & 0 deletions locale/en/blog/release/v10.24.1.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
---
date: 2021-04-06T20:09:17.782Z
version: 10.24.1
category: release
title: Node v10.24.1 (LTS)
slug: node-v10-24-1
layout: blog-post.hbs
author: Myles Borins
---

### Notable Changes

Vulerabilties fixed:

* **CVE-2021-3450**: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High)
* This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
* Impacts:
* All versions of the 15.x, 14.x, 12.x and 10.x releases lines
* **CVE-2021-3449**: OpenSSL - NULL pointer deref in signature_algorithms processing (High)
* This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
* Impacts:
* All versions of the 15.x, 14.x, 12.x and 10.x releases lines
* **CVE-2020-7774**: npm upgrade - Update y18n to fix Prototype-Pollution (High)
* This is a vulnerability in the y18n npm module which may be exploited by prototype pollution. You can read more about it in https://github.com/advisories/GHSA-c4w7-xm78-47vh
* Impacts:
* All versions of the 14.x, 12.x and 10.x releases lines

### Commits

* [[`5e526b96ce`](https://github.com/nodejs/node/commit/5e526b96ce)] - **deps**: upgrade npm to 6.14.12 (Ruy Adorno) [#37918](https://github.com/nodejs/node/pull/37918)
* [[`781cb6df5c`](https://github.com/nodejs/node/commit/781cb6df5c)] - **deps**: update archs files for OpenSSL-1.1.1k (Tobias Nießen) [#37940](https://github.com/nodejs/node/pull/37940)
* [[`5db0a05a90`](https://github.com/nodejs/node/commit/5db0a05a90)] - **deps**: upgrade openssl sources to 1.1.1k (Tobias Nießen) [#37940](https://github.com/nodejs/node/pull/37940)

Windows 32-bit Installer: https://nodejs.org/dist/v10.24.1/node-v10.24.1-x86.msi<br>
Windows 64-bit Installer: https://nodejs.org/dist/v10.24.1/node-v10.24.1-x64.msi<br>
Windows 32-bit Binary: https://nodejs.org/dist/v10.24.1/win-x86/node.exe<br>
Windows 64-bit Binary: https://nodejs.org/dist/v10.24.1/win-x64/node.exe<br>
macOS 64-bit Installer: https://nodejs.org/dist/v10.24.1/node-v10.24.1.pkg<br>
macOS 64-bit Binary: https://nodejs.org/dist/v10.24.1/node-v10.24.1-darwin-x64.tar.gz<br>
Linux 64-bit Binary: https://nodejs.org/dist/v10.24.1/node-v10.24.1-linux-x64.tar.xz<br>
Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v10.24.1/node-v10.24.1-linux-ppc64le.tar.xz<br>
Linux s390x 64-bit Binary: https://nodejs.org/dist/v10.24.1/node-v10.24.1-linux-s390x.tar.xz<br>
AIX 64-bit Binary: https://nodejs.org/dist/v10.24.1/node-v10.24.1-aix-ppc64.tar.gz<br>
SmartOS 64-bit Binary: https://nodejs.org/dist/v10.24.1/node-v10.24.1-sunos-x64.tar.xz<br>
ARMv6 32-bit Binary: https://nodejs.org/dist/v10.24.1/node-v10.24.1-linux-armv6l.tar.xz<br>
ARMv7 32-bit Binary: https://nodejs.org/dist/v10.24.1/node-v10.24.1-linux-armv7l.tar.xz<br>
ARMv8 64-bit Binary: https://nodejs.org/dist/v10.24.1/node-v10.24.1-linux-arm64.tar.xz<br>
Source Code: https://nodejs.org/dist/v10.24.1/node-v10.24.1.tar.gz<br>
Other release files: https://nodejs.org/dist/v10.24.1/<br>
Documentation: https://nodejs.org/docs/v10.24.1/api/

### SHASUMS

```
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

fc9ba4f3ba0be4a4495dd4fc7aa1e608f74a1440264518da760b246417077c3f node-v10.24.1-aix-ppc64.tar.gz
8088968a896e17c21b98187f8083291df9c88d0baa100a6cb9553e53c4fb17f8 node-v10.24.1-darwin-x64.tar.gz
8edae5060c7513de8e764cdbb61daea5ae652b7a3a457d412a7e08c04e5202da node-v10.24.1-darwin-x64.tar.xz
d38ae7bed508836129fac4163f3db5a0df5ea1dd26bf4a66f88146cbe770b788 node-v10.24.1-headers.tar.gz
1149f00ce0cec044e60deb723d1c1e682083c9ec6edc05cd1326f2031412a68e node-v10.24.1-headers.tar.xz
0ae4931d0ea779ecb237c1fc9f4a27271b0054b1efabc783863478913fe6caa6 node-v10.24.1-linux-arm64.tar.gz
b11ce837867e50d1b2bf09da6a85336bedfa257bf92f34712aeb94360c0bcd6e node-v10.24.1-linux-arm64.tar.xz
cf19f1965bca6b4ade9396e31f9490448ded2402713fdfe2d43410da037d9b5c node-v10.24.1-linux-armv6l.tar.gz
01c992bb0ec60552dbe3c96b5333bc0bb0c0eda9077af532c8869f82d49a63c8 node-v10.24.1-linux-armv6l.tar.xz
5b156bbd04adfaad2184b4d1e8324b21b546b40fb46e7105fa39f5ad2f34ddf3 node-v10.24.1-linux-armv7l.tar.gz
0d2c8991598c15f1efe31d6986f50d46016f74876194c257d7d0108c2c9de2da node-v10.24.1-linux-armv7l.tar.xz
8dc58449fe7b0368c417bb6ead8197bf1549e4502b42e62f3e51dce11b37fcd0 node-v10.24.1-linux-ppc64le.tar.gz
e99c2e7115361ab02e320053d2ee3619445349fa02b5082a12560014c0decf6a node-v10.24.1-linux-ppc64le.tar.xz
7ec1bd172b58bc9d7782d2d4428a298167b7297b8f1812a21eb6e4285bbe9ef2 node-v10.24.1-linux-s390x.tar.gz
aff7f704dc27da4bb6c0b8df83d0eeac2cf4c97825be0994fbdc14319da7a29c node-v10.24.1-linux-s390x.tar.xz
7a70083a73719a3c7846533923d5c4e955405c2b4ba1c1abd95ed21ae8b52775 node-v10.24.1-linux-x64.tar.gz
a3b9b97c23bcdc64334be6b02422e9014f040d59dcf604563ffda48003419356 node-v10.24.1-linux-x64.tar.xz
49f4e193b049a401a2f1fd98e3a7471d038418d81a37df2b64e88543f43b08a9 node-v10.24.1.pkg
20f0a296f544b5f5cb4122cb1c2aa080d83f0212c279147df4373d988b466657 node-v10.24.1-sunos-x64.tar.gz
3daf48c796f3edfc67cd25516fe7ff3a2a33c4da449f5c5c29dce98ba5e51834 node-v10.24.1-sunos-x64.tar.xz
95c7cfc4b5ad0b5a62bd553b30840db66f21217fbeb769ab27dac8019a4ebe5d node-v10.24.1.tar.gz
d72fc2c244603b4668da94081dc4d6067d467fdfa026e06a274012f16600480c node-v10.24.1.tar.xz
af98dda863785269a2db1bea8c3931e34d53f495f21d27fe8472154ee9a67cc4 node-v10.24.1-win-x64.7z
ae0af1b5e0c131dd0df1b3e4713c36e5d7f652ab6ca273ce46d39d4df8522bb0 node-v10.24.1-win-x64.zip
746db6e34b0d46695789fed30962f570fb5ee699590627459148d6e639eed55e node-v10.24.1-win-x86.7z
e39380da3a5f859f98b5a07e153e062c7fca852077693f99ad528705f5c0deb5 node-v10.24.1-win-x86.zip
dab263436eeda26c9c4809ba4d93e607dcffb3735b9a1866c77afb242a832dbd node-v10.24.1-x64.msi
dbddbb2e29da2e4c060510d3a466895555f458b5eb090756c9aad52858a9d61b node-v10.24.1-x86.msi
6664cc00232d95f73e050f25b1dd1000b44f63e35f051734c9bee478cd3574c7 win-x64/node.exe
7688ed23318d253aa98ee198f94983e4b563fab188e6fd9dd32955e77111096a win-x64/node.lib
3bff6336aa859467f7710aad3286706306d165041af5ea2daaec3e1fa0fe86c7 win-x64/node_pdb.7z
36d49e29a33ee0fbb229fb2abee8bf093b3ea7fe70e7b31215c38f64900d435e win-x64/node_pdb.zip
6f1cf2bc2b17d51478f9f17db6ae51e1cc4126bc7f5a967a95c5ab5c8d9a26c0 win-x86/node.exe
de1f3445597cbbee2e5eac435651f5dcab049a2d8bd3636877ab5803a87e269e win-x86/node.lib
4d3f9bd319fe33f8a5991712264d3feb0247caa1bc9da2f47f6cb83386baf1bd win-x86/node_pdb.7z
9bd12506802cc20fbaa398c5dcc6ba4a72bffca9cc7cd526f7c69582eb526b53 win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEDv/hvO/ZyE49CYFSkzsB9AtcqUYFAmBsvQIACgkQkzsB9Atc
qUZOjwf/ZZUDOIWnozg+4OQPZZNL66GppgYikwh1rzPoAki9wIsaDWJKO0+zkZkX
H489vQEfnO2tli247xDJtFXoK/Vjbgr/Jh5bIYoMWjqmdEs/oicUsarOlswog4ba
E2xPxlIqShbKweexISuoZVupzQ6hhw/bM3C5OPjy48WjockiqUJVCahLahNKuz9r
ssFqeH1j283xbN5WZ93OGLuFwpgJ+yFRVjuAJI2+G/lNG/XFymVsMQKbJzOCTT5O
sGJ60uzG94o4bgvtdWYZWo0psHJq1Vce8v3EK9SnOf4/zDovqAs/9loshDJsI+5g
NIzEPAM3KwzyexE7LoOZKdI2POGJjg==
=sJuP
-----END PGP SIGNATURE-----

```
103 changes: 103 additions & 0 deletions locale/en/blog/release/v12.22.1.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,103 @@
---
date: 2021-04-06T20:09:43.325Z
version: 12.22.1
category: release
title: Node v12.22.1 (LTS)
slug: node-v12-22-1
layout: blog-post.hbs
author: Myles Borins
---

### Notable Changes

Vulnerabilities fixed:

* **CVE-2021-3450**: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High)
* This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
* Impacts:
* All versions of the 15.x, 14.x, 12.x and 10.x releases lines
* **CVE-2021-3449**: OpenSSL - NULL pointer deref in signature_algorithms processing (High)
* This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
* Impacts:
* All versions of the 15.x, 14.x, 12.x and 10.x releases lines
* **CVE-2020-7774**: npm upgrade - Update y18n to fix Prototype-Pollution (High)
* This is a vulnerability in the y18n npm module which may be exploited by prototype pollution. You can read more about it in https://github.com/advisories/GHSA-c4w7-xm78-47vh
* Impacts:
* All versions of the 14.x, 12.x and 10.x releases lines

### Commits

* [[`c947f1a0e1`](https://github.com/nodejs/node/commit/c947f1a0e1)] - **deps**: upgrade npm to 6.14.12 (Ruy Adorno) [#37918](https://github.com/nodejs/node/pull/37918)
* [[`51a753c06f`](https://github.com/nodejs/node/commit/51a753c06f)] - **deps**: update archs files for OpenSSL-1.1.1k (Tobias Nießen) [#37939](https://github.com/nodejs/node/pull/37939)
* [[`c85a519b48`](https://github.com/nodejs/node/commit/c85a519b48)] - **deps**: upgrade openssl sources to 1.1.1k (Tobias Nießen) [#37939](https://github.com/nodejs/node/pull/37939)

Windows 32-bit Installer: https://nodejs.org/dist/v12.22.1/node-v12.22.1-x86.msi<br>
Windows 64-bit Installer: https://nodejs.org/dist/v12.22.1/node-v12.22.1-x64.msi<br>
Windows 32-bit Binary: https://nodejs.org/dist/v12.22.1/win-x86/node.exe<br>
Windows 64-bit Binary: https://nodejs.org/dist/v12.22.1/win-x64/node.exe<br>
macOS 64-bit Installer: https://nodejs.org/dist/v12.22.1/node-v12.22.1.pkg<br>
macOS 64-bit Binary: https://nodejs.org/dist/v12.22.1/node-v12.22.1-darwin-x64.tar.gz<br>
Linux 64-bit Binary: https://nodejs.org/dist/v12.22.1/node-v12.22.1-linux-x64.tar.xz<br>
Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v12.22.1/node-v12.22.1-linux-ppc64le.tar.xz<br>
Linux s390x 64-bit Binary: https://nodejs.org/dist/v12.22.1/node-v12.22.1-linux-s390x.tar.xz<br>
AIX 64-bit Binary: https://nodejs.org/dist/v12.22.1/node-v12.22.1-aix-ppc64.tar.gz<br>
SmartOS 64-bit Binary: https://nodejs.org/dist/v12.22.1/node-v12.22.1-sunos-x64.tar.xz<br>
ARMv7 32-bit Binary: https://nodejs.org/dist/v12.22.1/node-v12.22.1-linux-armv7l.tar.xz<br>
ARMv8 64-bit Binary: https://nodejs.org/dist/v12.22.1/node-v12.22.1-linux-arm64.tar.xz<br>
Source Code: https://nodejs.org/dist/v12.22.1/node-v12.22.1.tar.gz<br>
Other release files: https://nodejs.org/dist/v12.22.1/<br>
Documentation: https://nodejs.org/docs/v12.22.1/api/

### SHASUMS

```
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

696f48b080915eb08e2ae24349a32ce56520483ac982fb51cce4876b82ab1bf5 node-v12.22.1-aix-ppc64.tar.gz
9cbade90e2e89feba674b1841573e6f0329e6ba4bd3ecc1f5e0c5c6785db6dc0 node-v12.22.1-darwin-x64.tar.gz
de5e317580732530961d83b0fb9b2c370d222bd0c5a1b331900e9ddc0fdfe086 node-v12.22.1-darwin-x64.tar.xz
9355a0af101ccba1ae90c3f1f3d71ed821934c875462a76f8b65a6f7ee7293fd node-v12.22.1-headers.tar.gz
f6db5ceaf820a2899712baeccb2a09950ab3bf8d4c0d893d672aeba54c1f4162 node-v12.22.1-headers.tar.xz
917c582b7f7ae5ff8b2d97e05d00598011f9fbfcc4f76952da3ed477405c9c1a node-v12.22.1-linux-arm64.tar.gz
65145e6c2aa047ee5f83aadf9546116a6da70c21a649ed5f24dce412d2c202dc node-v12.22.1-linux-arm64.tar.xz
1bc056e1fef1c83059235d927edea2c1a2eee91ce654f45369a2af95c041e198 node-v12.22.1-linux-armv7l.tar.gz
4ae8e0d3dee7273ed8e07f80b74b05fc16a5562a42c13c9971d595b7ece4de71 node-v12.22.1-linux-armv7l.tar.xz
38d42033a10b535eb0285ccf7b7f2e6511bcb6f383c4620a53071d3b8f929d03 node-v12.22.1-linux-ppc64le.tar.gz
f85a1a9f5476d35aec37d8052330d3d3d8e216276881181b06505758119c2c3b node-v12.22.1-linux-ppc64le.tar.xz
8fbf03069c758ff544110d04713d10136ce1b48a4bf2378ec17e1035a0b6a5f1 node-v12.22.1-linux-s390x.tar.gz
c24dedddedf1a6aaff4ef40c2196f8f3c2cf99702c0be2ce6f77f740919f7dbf node-v12.22.1-linux-s390x.tar.xz
d315c5dea4d96658164cdb257bd8dbb5e44bdd2a7c1d747841f06515f23a0042 node-v12.22.1-linux-x64.tar.gz
8b537282c222ae4a40e019a52f769ca27b6640699bdde1510375e8d72da7d041 node-v12.22.1-linux-x64.tar.xz
5b1b527e3087a2de2529f5079a0b53fcc8a4909830d43156feae6b6d31c7680a node-v12.22.1.pkg
00ac4e9b87eb7c50cfd7a3811e7a160b2d078c6dd063fd57c8d8844310fdbc38 node-v12.22.1-sunos-x64.tar.gz
6ae1f81151092296ec4b26b18c57aefc57b53d8f9fdd94fe60efd8fa68379f2a node-v12.22.1-sunos-x64.tar.xz
6023f1f8f03f9780c75e6eca9d372b8411a83757c0389c51baee1c7242afd702 node-v12.22.1.tar.gz
dd650df7773a6ed3e390320ba51ef33cba6499f0e9397709ea3d1debdcbcb989 node-v12.22.1.tar.xz
465100b7be0835048810978b957667ad193faa68728cfb0e02bffcaafe575795 node-v12.22.1-win-x64.7z
0cf3545c1ff9717bf3196eed6a423d878709ed4560125fdc29b42bd80ee661c3 node-v12.22.1-win-x64.zip
1f3dcf6707e7afeeae767f8146789540518ddb8ad974c56fda6fd2486170e5b9 node-v12.22.1-win-x86.7z
832bd047d3709e4229d1cc95d04391aceb991a5c957b8efd395e01f51832a774 node-v12.22.1-win-x86.zip
02f53b3530a0310b1076db801770803527c63f724b56c22d6a0625c12a03c982 node-v12.22.1-x64.msi
8192400d6fc7083b8bf049613c046923e8c24dd913a18189be9fe77be4c1c8c4 node-v12.22.1-x86.msi
d872b1b906cfc5ecffa69fb0a673ae60d0df772cb3e6646e32273afd4ffe923c win-x64/node.exe
28e5c24831deedbf4fb8a9560f2c4f95205479c589f54a9a53ec346f6a5cf8bf win-x64/node.lib
17cb8ad34c2584b22f9e8f9bf57e4c22fc985154b97af3ef24b7d5d34300642f win-x64/node_pdb.7z
fedcb273459441a94df6575b9df92dc2df360d001cc226a00f85cc9ad8c97874 win-x64/node_pdb.zip
6f02a21ff1218ac70a0d6c14c217e9d1c8a8a9130a1b087f959ba32deb35be70 win-x86/node.exe
8bbcf3b9305b83f54bd80f8ec19d4e237841bde5bfaeb2aec708c36daa6435f6 win-x86/node.lib
a22c1bdd4caebc7e498ea56c74fba08698f508f2e1953ab8c6086488f61af1b2 win-x86/node_pdb.7z
0b91ea5635cf1ec14b587e715578905dabdaa6aec3d6ed522a6b44bbe64c3a95 win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEDv/hvO/ZyE49CYFSkzsB9AtcqUYFAmBsvTAACgkQkzsB9Atc
qUZvLAf+JAApgWIpHzTzH0zgYyIsd4Pb7xX4hghwuEOAciHGFBaHaLOklXjEYpX+
Xq7GsTtmtrB9cpAZGvK5bsF18Kq0NMOI6a2z9nYriO/4MmxJboP6/y48t978/MJi
ZooGZ6jLO1hRKsg6vljrXrMQoCUD4ejNUuDDto50FZHWOBMqdczDBrF9vx6fMlsy
IJALPDzGjxzNMFLitS2gzgv4VI8K1xoDr+bpxVSUQ1IVGIFtxNt3dIyGDGmM6A6M
U3uHPMDlk2u0Q16sD+Iydo1cmDvMnqHrTTXeSSUKjnWv/apg+h8CMgjnyrLZGn7p
efnxlKizKdfEpMiA2FOW3BKbYSd59Q==
=kAxw
-----END PGP SIGNATURE-----

```
Loading