2021-04-06, Version 12.22.1 'Erbium' (LTS), @mylesborins
v12.22.1
MylesBorins
Myles Borins
This tag was signed with the committer’s verified signature.
MylesBorins
Myles Borins
fe1c4b4
This commit was signed with the committer’s verified signature.
MylesBorins
Myles Borins
This is a security release.
Notable Changes
Vulnerabilities fixed:
- CVE-2021-3450: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High)
- This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
- Impacts:
- All versions of the 15.x, 14.x, 12.x and 10.x releases lines
- CVE-2021-3449: OpenSSL - NULL pointer deref in signature_algorithms processing (High)
- This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
- Impacts:
- All versions of the 15.x, 14.x, 12.x and 10.x releases lines
- CVE-2020-7774: npm upgrade - Update y18n to fix Prototype-Pollution (High)
- This is a vulnerability in the y18n npm module which may be exploited by prototype pollution. You can read more about it in GHSA-c4w7-xm78-47vh
- Impacts:
- All versions of the 14.x, 12.x and 10.x releases lines
Commits
- [
c947f1a0e1] - deps: upgrade npm to 6.14.12 (Ruy Adorno) #37918 - [
51a753c06f] - deps: update archs files for OpenSSL-1.1.1k (Tobias Nießen) #37939 - [
c85a519b48] - deps: upgrade openssl sources to 1.1.1k (Tobias Nießen) #37939