2022-11-04, Version 18.12.1 'Hydrogen' (LTS), @juanarbol

juanarbol released this 07 Nov 16:59

· 5105 commits to main since this release

This is a security release.

Notable changes

The following CVEs are fixed in this release:

CVE-2022-3602: X.509 Email Address 4-byte Buffer Overflow (High)
CVE-2022-3786: X.509 Email Address Variable Length Buffer Overflow (High)
CVE-2022-43548: DNS rebinding in --inspect via invalid octal IP address (Medium)

More detailed information on each of the vulnerabilities can be found in November 2022 Security Releases blog post.

Commits

[39f8a672e3] - deps: update archs files for quictls/openssl-3.0.7+quic nodejs/node#45286
[80218127c8] - deps: upgrade openssl sources to quictls/openssl-3.0.7+quic nodejs/node#45286
[165342beac] - inspector: harden IP address validation again (Tobias Nießen) nodejs-private/node-private#354

Assets 2