fix(Code Node): Disable WASM to address CVE-2023-37903 #7122

netroy · 2023-09-06T13:46:34Z

GH Advisory

github-actions · 2023-09-06T13:46:53Z

Great PR! Please pay attention to the following items before merging:

Files matching packages/**:

If fixing bug, added test to cover scenario.
If addressing forum or Github issue, added link to description.

Files matching packages/**/*.ts:

Added unit tests to cover new or updated functionality.

Files matching packages/nodes-base/nodes/**:

Added workflow tests for nodes if possible.

Make sure to check off this list before asking for review.

cypress · 2023-09-06T14:06:49Z

Passing run #2122 ↗︎

0	238	0	0	0

Details:

🌳 fix-CVE-2023-37903 🖥️ browsers:node18.12.0-chrome107 🤖 netroy 🗃️ e2e/*
Project: n8n	Commit: `9ab19177ca`
Status: Passed	Duration: 07:12 💡
Started: Sep 6, 2023 1:59 PM	Ended: Sep 6, 2023 2:06 PM

_{This comment has been generated by cypress-bot as a result of this
project's GitHub integration settings.}

github-actions · 2023-09-06T14:06:55Z

✅ All Cypress E2E specs passed

#7125) This seems like a better fix than #7122

# [1.7.0](https://github.com/n8n-io/n8n/compare/n8n@1.6.0...n8n@1.7.0) (2023-09-13) ### Bug Fixes * **Code Node:** Disable WASM to address CVE-2023-37903 ([#7122](#7122)) ([36a8e91](36a8e91)) * **Code Node:** Upgrade vm2 to address CVE-2023-37466 ([#7123](#7123)) ([0a35025](0a35025)) * **core:** Disable Node.js custom inspection to address CVE-2023-37903 ([#7125](#7125)) ([a223734](a223734)), closes [#7122](#7122) * **editor** Account for nanoid workflow ids for subworkflow execute policy ([#7094](#7094)) ([67092c0](67092c0)) * **editor:** Unbind workflow endpoint events in case of workspace reset ([#7129](#7129)) ([c9b7948](c9b7948)) * **editor:** Update git repo url validation regex ([#7151](#7151)) ([e51f173](e51f173)) * **Google Cloud Firestore Node:** Fix empty string interpreted as number ([#7136](#7136)) ([915cfa0](915cfa0)) * **HubSpot Node:** Fix issue with contact lists not working ([#5582](#5582)) ([6e5a4f6](6e5a4f6)) * **Postgres Node:** Fix automatic column mapping ([#7121](#7121)) ([92af131](92af131)) * **Zoho CRM Node:** Fix issue with Sales Order not updating ([#6959](#6959)) ([fd800b6](fd800b6)) ### Features * **core:** Add an option to enable WAL mode for SQLite ([#7118](#7118)) ([1d1a022](1d1a022)) * **core:** Add commands to workers to respond with current state ([#7029](#7029)) ([7b49cf2](7b49cf2)) * **Salesforce Node:** Add fax field to lead option ([#7030](#7030)) ([01f875a](01f875a)) Co-authored-by: netroy <netroy@users.noreply.github.com>

# [1.7.0](https://github.com/n8n-io/n8n/compare/n8n@1.6.0...n8n@1.7.0) (2023-09-13) ### Bug Fixes * **Code Node:** Disable WASM to address CVE-2023-37903 ([#7122](#7122)) ([36a8e91](36a8e91)) * **Code Node:** Upgrade vm2 to address CVE-2023-37466 ([#7123](#7123)) ([0a35025](0a35025)) * **core:** Disable Node.js custom inspection to address CVE-2023-37903 ([#7125](#7125)) ([a223734](a223734)) * **editor** Account for nanoid workflow ids for subworkflow execute policy ([#7094](#7094)) ([67092c0](67092c0)) * **editor:** Tweak hover area of workflow / cred cards ([#7108](#7108)) ([217de21](217de21)) * **editor:** Unbind workflow endpoint events in case of workspace reset ([#7129](#7129)) ([c9b7948](c9b7948)) * **editor:** Update git repo url validation regex ([#7151](#7151)) ([e51f173](e51f173)) * **Google Cloud Firestore Node:** Fix empty string interpreted as number ([#7136](#7136)) ([915cfa0](915cfa0)) * **HubSpot Node:** Fix issue with contact lists not working ([#5582](#5582)) ([6e5a4f6](6e5a4f6)) * **Postgres Node:** Fix automatic column mapping ([#7121](#7121)) ([92af131](92af131)) * **Zoho CRM Node:** Fix issue with Sales Order not updating ([#6959](#6959)) ([fd800b6](fd800b6)) ### Features * **core:** Add an option to enable WAL mode for SQLite ([#7118](#7118)) ([1d1a022](1d1a022)) * **core:** Add commands to workers to respond with current state ([#7029](#7029)) ([7b49cf2](7b49cf2)) * **Salesforce Node:** Add fax field to lead option ([#7030](#7030)) ([01f875a](01f875a)) Co-authored-by: netroy <netroy@users.noreply.github.com>

janober · 2023-09-14T10:04:13Z

Got released with n8n@1.7.1

fix(Code Node): Disable WASM to address CVE-2023-37903

9ab1917

valya approved these changes Sep 6, 2023

View reviewed changes

n8n-assistant bot added n8n team Authored by the n8n team node/improvement New feature or request labels Sep 6, 2023

netroy merged commit 36a8e91 into master Sep 6, 2023
52 checks passed

netroy deleted the fix-CVE-2023-37903 branch September 6, 2023 14:11

netroy mentioned this pull request Sep 6, 2023

fix(core): Disable Node.js custom inspection to address CVE-2023-37903 #7125

Merged

netroy added a commit that referenced this pull request Sep 7, 2023

fix(core): Disable Node.js custom inspection to address CVE-2023-37903 (

a223734

#7125) This seems like a better fix than #7122

github-actions bot mentioned this pull request Sep 13, 2023

🚀 Release 1.7.0 #7158

Merged

github-actions bot mentioned this pull request Sep 13, 2023

🚀 Release 1.7.0 #7162

Merged

janober added the Released label Sep 14, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(Code Node): Disable WASM to address CVE-2023-37903 #7122

fix(Code Node): Disable WASM to address CVE-2023-37903 #7122

netroy commented Sep 6, 2023

github-actions bot commented Sep 6, 2023

cypress bot commented Sep 6, 2023

github-actions bot commented Sep 6, 2023

janober commented Sep 14, 2023

fix(Code Node): Disable WASM to address CVE-2023-37903 #7122

fix(Code Node): Disable WASM to address CVE-2023-37903 #7122

Conversation

netroy commented Sep 6, 2023

github-actions bot commented Sep 6, 2023

cypress bot commented Sep 6, 2023

Passing run #2122 ↗︎

github-actions bot commented Sep 6, 2023

janober commented Sep 14, 2023