From 731c01357309dd81533d7c2c5af92f732ac73df2 Mon Sep 17 00:00:00 2001 From: RafaelGSS Date: Wed, 14 May 2025 18:14:05 -0300 Subject: [PATCH 1/6] Blog: post release announcement May security releases --- .../may-2025-security-releases.md | 50 ++++++++++++++++++- apps/site/site.json | 6 +-- 2 files changed, 52 insertions(+), 4 deletions(-) diff --git a/apps/site/pages/en/blog/vulnerability/may-2025-security-releases.md b/apps/site/pages/en/blog/vulnerability/may-2025-security-releases.md index bc9e63667c6e1..8305087ac1ee6 100644 --- a/apps/site/pages/en/blog/vulnerability/may-2025-security-releases.md +++ b/apps/site/pages/en/blog/vulnerability/may-2025-security-releases.md @@ -1,5 +1,5 @@ --- -date: 2025-05-08T03:00:00.000Z +date: 2025-05-14T03:00:00.000Z category: vulnerability title: Wednesday, May 14, 2025 Security Releases slug: may-2025-security-releases @@ -7,6 +7,54 @@ layout: blog-post author: The Node.js Project --- +## Security releases available + +Updates are now available for the 24.x, 23.x, 22.x, 20.x Node.js release lines for the +following issues. + +## Improper error handling in async cryptographic operations crashes process (CVE-2025-23166) - (high) + +The C++ method `SignTraits::DeriveBits()` may incorrectly call `ThrowException()` +based on user-supplied inputs when executing in a background thread, crashing the Node.js process. +Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism +potentially allows an adversary to remotely crash a Node.js runtime. + +Impact: + +- This vulnerability affects all users in active release lines: 20.x, 22.x, 23.x, 24.x + +Thank you, @panva and @tniessen, for reporting and fixing this vulnerability. + +## Improper HTTP header block termination in llhttp (CVE-2025-23167) - (medium) + +A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`. +This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. + +The issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination. + +Impact: + +- This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade. + +Thank you, to kenballus for reporting this vulnerability and thank you RafaelGSS for fixing it. + +## Corrupted pointer in `node::fs::ReadFileUtf8(const FunctionCallbackInfo& args)` when `args[0]` is a string. (CVE-2025-23165) - (low) + +In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service. + +Impact: + +- This vulnerability affects APIs relying on `ReadFileUtf8` on Node.js release lines: v20 and v22. + +Thank you, to Justin Nietzel for reporting and fixing this vulnerability. + +## Downloads and release details + +- [Node.js v20.19.2](/blog/release/v20.19.2/) +- [Node.js v22.15.1](/blog/release/v22.15.1/) +- [Node.js v23.11.1](/blog/release/v23.11.1/) +- [Node.js v24.0.1](/blog/release/v24.0.1/) + # Summary The Node.js project will release new versions of the 24.x, 23.x, 22.x, 20.x diff --git a/apps/site/site.json b/apps/site/site.json index 062038f70e93d..776f63fdeecae 100644 --- a/apps/site/site.json +++ b/apps/site/site.json @@ -28,9 +28,9 @@ ], "websiteBanners": { "index": { - "startDate": "2025-05-08T03:00:00.000Z", - "endDate": "2025-05-15T03:00:00.000Z", - "text": "New security releases to be made available Wednesday, May 14, 2025", + "startDate": "2025-05-14T03:00:00.000Z", + "endDate": "2025-05-21T03:00:00.000Z", + "text": "May Security Release is available", "link": "https://nodejs.org/en/blog/vulnerability/may-2025-security-releases", "type": "warning" } From 7eb25d8388de3843023e7628e90a0d42648b3122 Mon Sep 17 00:00:00 2001 From: RafaelGSS Date: Wed, 14 May 2025 18:14:56 -0300 Subject: [PATCH 2/6] Blog: v20.19.2 release post Refs: https://github.com/nodejs-private/node-private/pull/711 --- apps/site/pages/en/blog/release/v20.19.2.md | 109 ++++++++++++++++++++ 1 file changed, 109 insertions(+) create mode 100644 apps/site/pages/en/blog/release/v20.19.2.md diff --git a/apps/site/pages/en/blog/release/v20.19.2.md b/apps/site/pages/en/blog/release/v20.19.2.md new file mode 100644 index 0000000000000..9d9b984ef6778 --- /dev/null +++ b/apps/site/pages/en/blog/release/v20.19.2.md @@ -0,0 +1,109 @@ +--- +date: '2025-05-14T21:14:45.406Z' +category: release +title: Node v20.19.2 (LTS) +layout: blog-post +author: Rafael Gonzaga +--- + +## 2025-05-14, Version 20.19.2 'Iron' (LTS), @RafaelGSS + +This is a security release. + +### Notable Changes + +- (CVE-2025-23166) fix error handling on async crypto operation +- (CVE-2025-23167) (SEMVER-MAJOR) update llhttp to 9.2.0 +- (CVE-2025-23165) add missing call to uv_fs_req_cleanup + +### Commits + +- \[[`eb25047b1b`](https://github.com/nodejs/node/commit/eb25047b1b)] - **deps**: update llhttp to 9.2.0 (Node.js GitHub Bot) [#51719](https://github.com/nodejs/node/pull/51719) +- \[[`12dcd8db08`](https://github.com/nodejs/node/commit/12dcd8db08)] - **deps**: update llhttp to 9.1.3 (Node.js GitHub Bot) [#50080](https://github.com/nodejs/node/pull/50080) +- \[[`190e45a291`](https://github.com/nodejs/node/commit/190e45a291)] - **(SEMVER-MAJOR)** **(CVE-2025-23167)** **deps**: update llhttp to 9.1.2 (Paolo Insogna) [#48981](https://github.com/nodejs/node/pull/48981) +- \[[`fc68c44e6a`](https://github.com/nodejs/node/commit/fc68c44e6a)] - **fs**: added test for missing call to uv_fs_req_cleanup (Justin Nietzel) [#57811](https://github.com/nodejs/node/pull/57811) +- \[[`9e13bf0a81`](https://github.com/nodejs/node/commit/9e13bf0a81)] - **(CVE-2025-23165)** **fs**: add missing call to uv_fs_req_cleanup (Justin Nietzel) [#57811](https://github.com/nodejs/node/pull/57811) +- \[[`bd0aa5d44c`](https://github.com/nodejs/node/commit/bd0aa5d44c)] - **(CVE-2024-27982)** **http**: do not allow OBS fold in headers by default (Paolo Insogna) [nodejs-private/node-private#556](https://github.com/nodejs-private/node-private/pull/556) +- \[[`6c57465920`](https://github.com/nodejs/node/commit/6c57465920)] - **(CVE-2025-23166)** **src**: fix error handling on async crypto operations (RafaelGSS) [nodejs-private/node-private#710](https://github.com/nodejs-private/node-private/pull/710) + +Windows 32-bit Installer: https://nodejs.org/dist/v20.19.2/node-v20.19.2-x86.msi \ +Windows 64-bit Installer: https://nodejs.org/dist/v20.19.2/node-v20.19.2-x64.msi \ +Windows ARM 64-bit Installer: https://nodejs.org/dist/v20.19.2/node-v20.19.2-arm64.msi \ +Windows 32-bit Binary: https://nodejs.org/dist/v20.19.2/win-x86/node.exe \ +Windows 64-bit Binary: https://nodejs.org/dist/v20.19.2/win-x64/node.exe \ +Windows ARM 64-bit Binary: https://nodejs.org/dist/v20.19.2/win-arm64/node.exe \ +macOS 64-bit Installer: https://nodejs.org/dist/v20.19.2/node-v20.19.2.pkg \ +macOS Apple Silicon 64-bit Binary: https://nodejs.org/dist/v20.19.2/node-v20.19.2-darwin-arm64.tar.gz \ +macOS Intel 64-bit Binary: https://nodejs.org/dist/v20.19.2/node-v20.19.2-darwin-x64.tar.gz \ +Linux 64-bit Binary: https://nodejs.org/dist/v20.19.2/node-v20.19.2-linux-x64.tar.xz \ +Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v20.19.2/node-v20.19.2-linux-ppc64le.tar.xz \ +Linux s390x 64-bit Binary: https://nodejs.org/dist/v20.19.2/node-v20.19.2-linux-s390x.tar.xz \ +AIX 64-bit Binary: https://nodejs.org/dist/v20.19.2/node-v20.19.2-aix-ppc64.tar.gz \ +ARMv7 32-bit Binary: https://nodejs.org/dist/v20.19.2/node-v20.19.2-linux-armv7l.tar.xz \ +ARMv8 64-bit Binary: https://nodejs.org/dist/v20.19.2/node-v20.19.2-linux-arm64.tar.xz \ +Source Code: https://nodejs.org/dist/v20.19.2/node-v20.19.2.tar.gz \ +Other release files: https://nodejs.org/dist/v20.19.2/ \ +Documentation: https://nodejs.org/docs/v20.19.2/api/ + +### SHASUMS + +``` +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +4ba1a64cd4e2d1bdbc38afbf230c6171ed62fca7c38c83497f839c3911d8d13d node-v20.19.2-aix-ppc64.tar.gz +ceeb1753eb6bdaf0d5dada97e807a88ef29d0ce49fa989a84339bc39987956d4 node-v20.19.2-arm64.msi +5f96c725cd2be1151f08b25c05bf5a21866a2dc7db3803d351a6ea19fcc53665 node-v20.19.2-darwin-arm64.tar.gz +51344f84c3867756a381d1f1ac437b9877ef7ee98683cd38aca32133a33e4986 node-v20.19.2-darwin-arm64.tar.xz +29f91e05992a7d81498ab1d04938a184313cb4aaccab95bb4636e30e6424eae3 node-v20.19.2-darwin-x64.tar.gz +eee1053719e234060c39822cc7defcb9322e14a1e6e5046dbbf48dcf68750aa7 node-v20.19.2-darwin-x64.tar.xz +37e920f860aaa3155bf8a276d20a5473fcea9eefa31f8b09eb18dc5e65c9abd7 node-v20.19.2-headers.tar.gz +398d95ff730743659a596b9753c7e619501571ae2beedbe16077d3213cd91e0e node-v20.19.2-headers.tar.xz +24c3090d4e8c3667cd57482263291ca4f562c2e0773d5e618a0c6ba32d21b39f node-v20.19.2-linux-arm64.tar.gz +0d0c4a1c3a5aa657b76873eaa962936c7dc7a45047bd3957322544967713dc72 node-v20.19.2-linux-arm64.tar.xz +aed2de774737d76a81254cbcd12ae5e9239f24efec0456b9608f150d27d58fe7 node-v20.19.2-linux-armv7l.tar.gz +43adc6c3f57582f0ed206b8401816d1846c39996793f02ccf61e905294bfdc58 node-v20.19.2-linux-armv7l.tar.xz +9fced2e270fb0879709f7fa19b358551244b2d6c8cbf39d6a860221dcc12181b node-v20.19.2-linux-ppc64le.tar.gz +1391fe00183bef0da0b478f636527d8270e43563877312d251a468746d338c74 node-v20.19.2-linux-ppc64le.tar.xz +94023e739c98ce55a057fbf5e86589253458e92af1990a2712dab8c6421cfe2f node-v20.19.2-linux-s390x.tar.gz +ffbf836e20738f283cbe342ce92881d81d3f14651cabd2cf93cdb91152bcae3c node-v20.19.2-linux-s390x.tar.xz +eec2c7b9c6ac72e42885a42edfc0503c0e4ee455f855c4a17a6cbcf026656dd5 node-v20.19.2-linux-x64.tar.gz +cbe59620b21732313774df4428586f7222a84af29e556f848abf624ba41caf90 node-v20.19.2-linux-x64.tar.xz +3a19f4949b422309a2806083580528c2c87e8169755f31fb7521d5f7b5fdba22 node-v20.19.2-win-arm64.7z +b155826b6abe8383b88f7de42bc7c2601cabd3b0d6e52cce1cf4cd4936e6441b node-v20.19.2-win-arm64.zip +eb6bde3d812ee065a94fc81e39dc16a56ec41f3039e6a27022326b3b59ee895b node-v20.19.2-win-x64.7z +8735c9940b97548f6d9d4dda7cf5fd4471c062f15f44c2b890c9b0b430460feb node-v20.19.2-win-x64.zip +6e56ea449e6581e8d7251b1960585d4e4cd53d99df34363483099fe864de1023 node-v20.19.2-win-x86.7z +c052c2b4e7ed147f9714b4e81bef4a1c5e04b33162c7300100c547747a2a34f3 node-v20.19.2-win-x86.zip +fcc217f3af52f8ecab1e5d016df6f543cb2d903d57e26f53ac48f7ea837dfab2 node-v20.19.2-x64.msi +2a5c4f9a2a563ba73b866dbdade0157ab042568b49a8b8ec0efa72150843ed17 node-v20.19.2-x86.msi +87f1d17df2fbbd775a4813d8936ece9120135d942eae6d308d2328616eed3103 node-v20.19.2.pkg +eaf8800608ffbcae7665beb4776d8e9d8484055fbb840ef44e346044f9b08ad5 node-v20.19.2.tar.gz +4a7ff611d5180f4e420204fa6f22f9f9deb2ac5e98619dd9a4de87edf5b03b6e node-v20.19.2.tar.xz +c36cb4961a50d2ac05a72d78b6a5b21cb9ac31ca6545a4a438b287f9d0eea9ba win-arm64/node.exe +db56ef1b250e24a698ee3a21f4f055a1f60319f273fa7bcab84212cdf9498bf1 win-arm64/node.lib +b754b00df640e352b663f7907f0e11240258aa5f5059d9c503ce455d2500d92f win-arm64/node_pdb.7z +2b6f70f82b6bbe178556f0b49290011e83c51e63584488d75e7dd9b94560345c win-arm64/node_pdb.zip +5793a3bf18d75c2bc5cb2b65ba8975b30057d7bf443141db4cf970d54fd8ddc6 win-x64/node.exe +21b9f76d6ec91f6510dc5adb891dbd52893c7d242549b5cf6084803d3be91665 win-x64/node.lib +2b7de888145be4086c70866417a0742a87ec50472d8b04e1850701ca2f7bfe4e win-x64/node_pdb.7z +d5493643b36531bb02591c3f855c77e2070bb972be1a51ea313e6b25f3e29556 win-x64/node_pdb.zip +c5505d7f22b1f6bfc56f4fe16f472c3b6428e74f48062028e6cc2a4b646a72cc win-x86/node.exe +4f7899d5cf286aad56624539952c087088e6e90f010f55d1f9145deb45524152 win-x86/node.lib +3b2de193ae323416b1c340777f9c2ff010f337d6dbdbd711a3de4a485315e1b5 win-x86/node_pdb.7z +79647764e20eb5002ca2a27e5d2f115cd5db462661521722a002a1eb0f79cd76 win-x86/node_pdb.zip +-----BEGIN PGP SIGNATURE----- + +iQGzBAEBCAAdFiEEiQwI24V5Fi/uDfnbi+q0389VXvQFAmglBRIACgkQi+q0389V +XvTuQwv/TK0ElOiurObaWA4Vhya6aXm7zQfNqGVLGo6aBr2vvh5vvUkfA4EjFKGd +HtEygdrrqBxxHSJEtykLwF1Uq0HlO36Jrwrk4qJOQasyKs99qHnXiT1frPlpQv6u +yfuCC6bVSDt80v6OcRcDCitpBgTZY2ig8VAAIhpRDLcZNX/cvhoC5iw2BXbGtWIh +zLshwamTqyJFhP7lSFp2Qka92isinNhJQHEr/E1i7PSOI3hFnF2un5WaYdLOlwJN +uIALWR+Y4HfZy1qRc46znbV0M/xuwjRLGWwnQ3CrKi4G9nLnf57MRID+lgb+82iK +d2nFkDmdjeyN6BV+SJBBTc0KH7iONeHsEJit3Zv+C9j23deXBpNIH5IA4m3BWZV/ +iDshOkSBXRRfjT4DJhNK2cdu51Z8GRhlEgkJ4KOL5wwW7zTWKyGPOyJYRzqy6Lbz +1LLGbxeI65fEKKL7QCZP76p5icvq/CQJZexzk2O8LQoxNDXXOWJEagc8aUYH1AkG +isCM12ol +=m+8y +-----END PGP SIGNATURE----- +``` From 62204607ae982813db6ed9d5c0752c06c6ce89f9 Mon Sep 17 00:00:00 2001 From: RafaelGSS Date: Wed, 14 May 2025 18:15:56 -0300 Subject: [PATCH 3/6] Blog: v22.15.1 release post Refs: https://github.com/nodejs-private/node-private/pull/712 --- apps/site/pages/en/blog/release/v22.15.1.md | 104 ++++++++++++++++++++ 1 file changed, 104 insertions(+) create mode 100644 apps/site/pages/en/blog/release/v22.15.1.md diff --git a/apps/site/pages/en/blog/release/v22.15.1.md b/apps/site/pages/en/blog/release/v22.15.1.md new file mode 100644 index 0000000000000..892f9b1467a9b --- /dev/null +++ b/apps/site/pages/en/blog/release/v22.15.1.md @@ -0,0 +1,104 @@ +--- +date: '2025-05-14T21:15:50.538Z' +category: release +title: Node v22.15.1 (LTS) +layout: blog-post +author: Rafael Gonzaga +--- + +## 2025-05-14, Version 22.15.1 'Jod' (LTS), @RafaelGSS + +This is a security release. + +### Notable Changes + +- (CVE-2025-23166) fix error handling on async crypto operation +- (CVE-2025-23165) add missing call to uv_fs_req_cleanup + +### Commits + +- \[[`edaf54da00`](https://github.com/nodejs/node/commit/edaf54da00)] - **fs**: added test for missing call to uv_fs_req_cleanup (Justin Nietzel) [#57811](https://github.com/nodejs/node/pull/57811) +- \[[`9f403e98ef`](https://github.com/nodejs/node/commit/9f403e98ef)] - **(CVE-2025-23165)** **fs**: add missing call to uv_fs_req_cleanup (Justin Nietzel) [#57811](https://github.com/nodejs/node/pull/57811) +- \[[`f4494d38f1`](https://github.com/nodejs/node/commit/f4494d38f1)] - **(CVE-2025-23166)** **src**: fix error handling on async crypto operations (RafaelGSS) [nodejs-private/node-private#709](https://github.com/nodejs-private/node-private/pull/709) + +Windows 32-bit Installer: https://nodejs.org/dist/v22.15.1/node-v22.15.1-x86.msi \ +Windows 64-bit Installer: https://nodejs.org/dist/v22.15.1/node-v22.15.1-x64.msi \ +Windows ARM 64-bit Installer: https://nodejs.org/dist/v22.15.1/node-v22.15.1-arm64.msi \ +Windows 32-bit Binary: https://nodejs.org/dist/v22.15.1/win-x86/node.exe \ +Windows 64-bit Binary: https://nodejs.org/dist/v22.15.1/win-x64/node.exe \ +Windows ARM 64-bit Binary: https://nodejs.org/dist/v22.15.1/win-arm64/node.exe \ +macOS 64-bit Installer: https://nodejs.org/dist/v22.15.1/node-v22.15.1.pkg \ +macOS Apple Silicon 64-bit Binary: https://nodejs.org/dist/v22.15.1/node-v22.15.1-darwin-arm64.tar.gz \ +macOS Intel 64-bit Binary: https://nodejs.org/dist/v22.15.1/node-v22.15.1-darwin-x64.tar.gz \ +Linux 64-bit Binary: https://nodejs.org/dist/v22.15.1/node-v22.15.1-linux-x64.tar.xz \ +Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v22.15.1/node-v22.15.1-linux-ppc64le.tar.xz \ +Linux s390x 64-bit Binary: https://nodejs.org/dist/v22.15.1/node-v22.15.1-linux-s390x.tar.xz \ +AIX 64-bit Binary: https://nodejs.org/dist/v22.15.1/node-v22.15.1-aix-ppc64.tar.gz \ +ARMv7 32-bit Binary: https://nodejs.org/dist/v22.15.1/node-v22.15.1-linux-armv7l.tar.xz \ +ARMv8 64-bit Binary: https://nodejs.org/dist/v22.15.1/node-v22.15.1-linux-arm64.tar.xz \ +Source Code: https://nodejs.org/dist/v22.15.1/node-v22.15.1.tar.gz \ +Other release files: https://nodejs.org/dist/v22.15.1/ \ +Documentation: https://nodejs.org/docs/v22.15.1/api/ + +### SHASUMS + +``` +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +2fe635ed920633a890fd594860e5fe35f5ca1ef6da3cda62c6692c39cfefb894 node-v22.15.1-aix-ppc64.tar.gz +3242884a544d8d7e4c1e7ee04ee82e48ae9820723b46589284e86441610f04fa node-v22.15.1-arm64.msi +d2689b86b17e1b51e76f801ffe2d9acca4225e76eda4b843c3d8438d4a7cd6fe node-v22.15.1-darwin-arm64.tar.gz +da2ce4f4616f5adae82de433481e00af86c7e6624a07e5a3c3fdaa1d8a6028fa node-v22.15.1-darwin-arm64.tar.xz +1c722d0dd6d3f60e8b0be014ea01b8a59f5088f4419197a1b37544854d61cc6f node-v22.15.1-darwin-x64.tar.gz +4f7f6dd674ffa4935dba358fe503a396347d918603e3c9657ce586280c702f61 node-v22.15.1-darwin-x64.tar.xz +7410efd260c92faa736cfa56f5cbc41cbb672e20d007d19353992ef9a96c2449 node-v22.15.1-headers.tar.gz +4b625fb4a7c7da9f04f9e897c7ec87a3d9c170504506f184e66d93f4604d2a5b node-v22.15.1-headers.tar.xz +eb3f232b83dfe83397b98395ec77a973e888e8959c978b3e4eeb551b8845b74f node-v22.15.1-linux-arm64.tar.gz +f4ae8ddf7487dfaf7da92fef463ee55cc29d8772d62891361dc3fc8b8e469205 node-v22.15.1-linux-arm64.tar.xz +346426e2bca62c98fb12213c39e80b0e349d7620238f74b7208d12e18fde87fd node-v22.15.1-linux-armv7l.tar.gz +6947386b4c8373b625c6a49b5571bf2226dac7c7b560a9a561a1f81bf71a25ef node-v22.15.1-linux-armv7l.tar.xz +156518af6901fb134ddde5f4b7ee39e047c4154480c3dd93030912a5d3f87097 node-v22.15.1-linux-ppc64le.tar.gz +da07858c6404dbe7c627bd7baea33c7825640652ad24468a6feb23c770cf7ce4 node-v22.15.1-linux-ppc64le.tar.xz +6b5a9615b66e553189578a4be33099f70add96c3b00bf38b7dcd91825ea1672f node-v22.15.1-linux-s390x.tar.gz +7a6206af04399c090aaa7b3d568b1540e127b50931f5022ff2eaf680fc32a9c6 node-v22.15.1-linux-s390x.tar.xz +f4b8eec683708acb1a2a73c7182ba2de5466a5dd5f705934a0830903df28821c node-v22.15.1-linux-x64.tar.gz +7dca2ab34ec817aa4781e2e99dfd34d349eff9be86e5d5fbaa7e96cae8ee3179 node-v22.15.1-linux-x64.tar.xz +2cafb8c5ee545d387409b6dab34b3552c90e247b7d2bd3964a68f42b26b3e8bf node-v22.15.1-win-arm64.7z +dec85d230d45a6319130cbc844e8ecf8767b150bfeddd340f6b7c4a2e8c3ccb8 node-v22.15.1-win-arm64.zip +3abcca34447dace08cecd2bfd7b6521b22bfa89cff7bd70e7cde777218c84d6a node-v22.15.1-win-x64.7z +7c7997d6ef2efd9525a54b033fc0be6f22549a5905f5da6573a41e61a436a1b5 node-v22.15.1-win-x64.zip +7b9999b5da0933f677ffff2a9ab211aebdcf23b1ed0f2e1db573cea757944103 node-v22.15.1-win-x86.7z +dd432043e8c90b7f221bd3ba8e6443fb69e7b8273049fad0669a3a7d66939985 node-v22.15.1-win-x86.zip +facb02bdf67cb9a7519c192b504fbfdbf47d8a67f36696d7d91a069b69904398 node-v22.15.1-x64.msi +89ef1c6181749a7739f6df58a73aa2127d0c7d6afe0236f5998d69ec98ec2154 node-v22.15.1-x86.msi +839f599498d36fabc3f7c940cabbaf14844e6380ba97a91299f7378b69e675c6 node-v22.15.1.pkg +38aea029f8818f7783f273fbc70dcf930f9ef54bdd49c5f90c0152caec7a57be node-v22.15.1.tar.gz +c19f0177d21c621746625e5f37590bd0d79a72043b77b53784cba5f145e7263e node-v22.15.1.tar.xz +e9e669cf7e9772406e3a59cb4b9b606e75eb1d9f454b675e1c78a6aaa542b31d win-arm64/node.exe +6c43922c747e0c07fcc4ceb64f08e98854a5c1b31665764076f5783556973d16 win-arm64/node.lib +957076a2623c6f9355a21aba2031a7248d411a6f40950e7b710fbf76a666f5e9 win-arm64/node_pdb.7z +5ac29419b5aaa475ba0606a021ed5cea77b18df74b5e42d57a706011004f6be4 win-arm64/node_pdb.zip +b3191cc083480282f1edaa3324002c320704a00d7564cf1f7c48b610d1c060b6 win-x64/node.exe +e731ad9af05eabe6bd941442b19dd6037f559a19a2fa8df2a8297ccb46ed7577 win-x64/node.lib +84eec3bf646e04287fef10dc110a7aa82a4304ddcbd0b148aa90c0d44b08ea1d win-x64/node_pdb.7z +b8b3364ad0735d45c25fb19c8b49f4c5e0c72a94f5d8fa44abddd80c15715538 win-x64/node_pdb.zip +ddd0ef952950dcaa7f705bdde5f4fd0c8a78a7c6db6dad32f8e13e3b120ad5e4 win-x86/node.exe +5f66397542e27adb288e1742720cedbeaba8a2034ebd58397306b2905f4acd2d win-x86/node.lib +e5bd0ae9dc388aa4fd72067e3239333537c42329746124437c32b81ff2291ef4 win-x86/node_pdb.7z +b5e39e2168abe7c9418f2cebcd813db9c1a0841274b1405aeffe13ffef74c264 win-x86/node_pdb.zip +-----BEGIN PGP SIGNATURE----- + +iQGzBAEBCAAdFiEEiQwI24V5Fi/uDfnbi+q0389VXvQFAmglBa4ACgkQi+q0389V +XvTAhQv8DzNseoHxhjMLTvSh8qGz8rV3dp8TpeFfJUgseZEoeq6DykvS9bA18ilB +od5YkHPQap/xWO89UJ0nq50HVySuCsTSOFDrDShzumVkgEtzCUFuFS4ZyQHJpYwi +56Fk+sea5QbzjbG/Fg/L2bgyNXmpdmjYejw6fw5AkVLk8p5OgLHDGFrGrezQ2NWO +qH1V0R5m6XBtJyNIep9l7PJ+XPTxg7KMSG8u5gXzvlHsg8aaIY1ejCnAlPgzs/hD +Qu1fGcG5vFpdOMGctu+WjgaULyOJidDxbvvuYl18ZXcLeQw5pRTsik7GBsWBcTZo +5ccsUDNqx9noSrZImwZW4L1jR12yV6Tb9pwdbX698mplZLPNUVMWNcdAgdVgmpuh +pISSOw3m3VpUt7n/l+OmKOVavY22zn8GkOYQsk2js3+ltREFbdI+XfcU/Grx/K0k +tBu86dVM0UojHB3tcR44/ZCB4YctQYBjznUgaM9TMvL8E0rfwXLtXhBS64jziNw4 +QO0+Nrm3 +=scbF +-----END PGP SIGNATURE----- +``` From 4df75d70dbe77a2bca2bf229aab46a7e628ecb36 Mon Sep 17 00:00:00 2001 From: RafaelGSS Date: Wed, 14 May 2025 18:16:44 -0300 Subject: [PATCH 4/6] Blog: v23.11.1 release post Refs: https://github.com/nodejs-private/node-private/pull/708 --- apps/site/pages/en/blog/release/v23.11.1.md | 95 +++++++++++++++++++++ 1 file changed, 95 insertions(+) create mode 100644 apps/site/pages/en/blog/release/v23.11.1.md diff --git a/apps/site/pages/en/blog/release/v23.11.1.md b/apps/site/pages/en/blog/release/v23.11.1.md new file mode 100644 index 0000000000000..eb16be6d81c5d --- /dev/null +++ b/apps/site/pages/en/blog/release/v23.11.1.md @@ -0,0 +1,95 @@ +--- +date: '2025-05-14T21:16:29.248Z' +category: release +title: Node v23.11.1 (Current) +layout: blog-post +author: Rafael Gonzaga +--- + +## 2025-05-14, Version 23.11.1 (Current), @RafaelGSS + +This is a security release. + +### Notable Changes + +src: + +- (CVE-2025-23166) fix error handling on async crypto operation + +### Commits + +- \[[`a271810ce2`](https://github.com/nodejs/node/commit/a271810ce2)] - **deps**: update c-ares to v1.34.5 (Node.js GitHub Bot) [#57792](https://github.com/nodejs/node/pull/57792) +- \[[`a12107f0dd`](https://github.com/nodejs/node/commit/a12107f0dd)] - **(CVE-2025-23166)** **src**: fix error handling on async crypto operations (RafaelGSS) [nodejs-private/node-private#688](https://github.com/nodejs-private/node-private/pull/688) + +Windows 64-bit Installer: https://nodejs.org/dist/v23.11.1/node-v23.11.1-x64.msi \ +Windows ARM 64-bit Installer: https://nodejs.org/dist/v23.11.1/node-v23.11.1-arm64.msi \ +Windows 64-bit Binary: https://nodejs.org/dist/v23.11.1/win-x64/node.exe \ +Windows ARM 64-bit Binary: https://nodejs.org/dist/v23.11.1/win-arm64/node.exe \ +macOS 64-bit Installer: https://nodejs.org/dist/v23.11.1/node-v23.11.1.pkg \ +macOS Apple Silicon 64-bit Binary: https://nodejs.org/dist/v23.11.1/node-v23.11.1-darwin-arm64.tar.gz \ +macOS Intel 64-bit Binary: https://nodejs.org/dist/v23.11.1/node-v23.11.1-darwin-x64.tar.gz \ +Linux 64-bit Binary: https://nodejs.org/dist/v23.11.1/node-v23.11.1-linux-x64.tar.xz \ +Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v23.11.1/node-v23.11.1-linux-ppc64le.tar.xz \ +Linux s390x 64-bit Binary: https://nodejs.org/dist/v23.11.1/node-v23.11.1-linux-s390x.tar.xz \ +AIX 64-bit Binary: https://nodejs.org/dist/v23.11.1/node-v23.11.1-aix-ppc64.tar.gz \ +ARMv7 32-bit Binary: https://nodejs.org/dist/v23.11.1/node-v23.11.1-linux-armv7l.tar.xz \ +ARMv8 64-bit Binary: https://nodejs.org/dist/v23.11.1/node-v23.11.1-linux-arm64.tar.xz \ +Source Code: https://nodejs.org/dist/v23.11.1/node-v23.11.1.tar.gz \ +Other release files: https://nodejs.org/dist/v23.11.1/ \ +Documentation: https://nodejs.org/docs/v23.11.1/api/ + +### SHASUMS + +``` +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +b8e4e7f8940f4d4f1dbce5099708ef7038c41f38176524ac3b4c14e7e7324201 node-v23.11.1-aix-ppc64.tar.gz +e6c7a1e4749173876ee72b06e28ef16d5e5c6271bde3dd1a80ef01db30c8f607 node-v23.11.1-arm64.msi +255509d2c4fe8e1d6fefb950ad8db285ed75ba543e18744d83dc139f978e404d node-v23.11.1-darwin-arm64.tar.gz +de9f09318dc13d492c09a8d11b12ffc153a8a22e79f8dc95d925b8e26cce9ba5 node-v23.11.1-darwin-arm64.tar.xz +7e384a0cfa8b44ee4833b3823485baad78bf258e54f47020d2d2b4b75e9275d3 node-v23.11.1-darwin-x64.tar.gz +f8b42dbb326553790f41311eb6d6947adc09eecff942d65a256ddbbfd78c2dae node-v23.11.1-darwin-x64.tar.xz +04c112339bb2562c0763b19658aa9a392bc4509a0869d78dd7ca1501bdfc78ae node-v23.11.1-headers.tar.gz +fc95283750460af25c0507a6fb85357a08bfc180392218d28725564d197cf4d8 node-v23.11.1-headers.tar.xz +277316a0b0ae3f50eb2cd57b74fa8a07f4d17fe0433468a790e6e47da297a9f6 node-v23.11.1-linux-arm64.tar.gz +3a0297c7f177d0fc06ea35c71909fbca6cdd891074c265a432c84971ebad4f7b node-v23.11.1-linux-arm64.tar.xz +ead02a21e6f7144f588150f4684268502e467d9f76017ec5befb983caad9d0dd node-v23.11.1-linux-armv7l.tar.gz +4dd49f33d9f2f9f18fea549ceabb33a15101f0435692c477cff4381f5c23a554 node-v23.11.1-linux-armv7l.tar.xz +1ba6e2e20c4602adbf58180254ac85a8b65d14c7f1e4c8558e7c425635d462ca node-v23.11.1-linux-ppc64le.tar.gz +1717d673d294aca7ca4fb2ba43172113a65040ddbc4ca199302f76700508b3a8 node-v23.11.1-linux-ppc64le.tar.xz +2c1dc5f4c9e1b4926391fae71a05f58bd7eb1eb0cf1af75bf21248988d86cc50 node-v23.11.1-linux-s390x.tar.gz +f58f5e729be7b0bf5c842a0621bea208bcbc6226c3a774d75e7286dc768897a2 node-v23.11.1-linux-s390x.tar.xz +a2029c2b0cb05d10248e887c5df3f8547b7ab4aaa4e63b8e4da03e72f478140e node-v23.11.1-linux-x64.tar.gz +64220ef391e74bb8feafe51a17764eff908f0cfd7f6c2c184fe8361fb8520a44 node-v23.11.1-linux-x64.tar.xz +d9bc16d509b336b88757487f256528ef4a8b0478cdeae0765b8a8bf50c4a81f5 node-v23.11.1-win-arm64.7z +5a8e3026657a6bb08156e9205f5f0b5a501df53b62804ad72b8352ca62ea5c4f node-v23.11.1-win-arm64.zip +95f42a20db24f977fcf4317502c18dffb3b011b5ed1cb912f9571d49f2b7d7f0 node-v23.11.1-win-x64.7z +d22640060e1911efaede4ecc5820f94b613bc196868289cd34f56d46e4709b71 node-v23.11.1-win-x64.zip +5d096e1405e07e995f0dd017dd3575b4e16c8d3e1f583f67b945f55997baf5ad node-v23.11.1-x64.msi +a58f531b6a97375acd1e1c8083c2f5b33ad9589ad6d8c26d5e802ca0f306ba9e node-v23.11.1.pkg +75509306732090bfa99b004d097909315f7789badb4a495e82b5f17b6329247a node-v23.11.1.tar.gz +aef6c67395c328376b665bceefc9d17a06a2961f9a92b93019dff39854d5b2ef node-v23.11.1.tar.xz +3c736067409c824f7af47e92b220fa23bddecf33a118dc24b86eee38f52827a8 win-arm64/node.exe +580c1c53c658fd1f8ae51351c1f23d028ea85383c34bed5de6a890e90953b081 win-arm64/node.lib +520d2e6614b495997e699ff9dfbbfbbb4a9c6c42043f0336e3de20c0b2e7f6ed win-arm64/node_pdb.7z +f6440d2308f8841a3e7bf0f7e34810eb75f1eafc460353592b0bd517c6e23f4e win-arm64/node_pdb.zip +d84556784656e4f47eb086fa00af01c032a88b086492eb3cf1e9fab5029eb94a win-x64/node.exe +acc6e547ada98361b3647b52ff4f9bca7bab82885988d4b25aa6e037ceaaa91f win-x64/node.lib +77855cce7f5c6367bf7356f5bc5fc19add9a2def6adbc5f4d7df6487a3c82ca1 win-x64/node_pdb.7z +c439f964cf5a30ea077a980a922d2d93c29fef6883d428d2172aa1c0272b88ed win-x64/node_pdb.zip +-----BEGIN PGP SIGNATURE----- + +iQGzBAEBCAAdFiEEiQwI24V5Fi/uDfnbi+q0389VXvQFAmglBiYACgkQi+q0389V +XvR9UAv/T6XScEYGm2jh3dsIi2AVRUgwo0prZvDZm5ayar+cxtHCDbQk6EFxoP4o +UMTld6DIPzZF8mc0olzfpyWRppY/BmQDRDLO5qteFGgtY29+Cz2yRSW1I3lR1f9l +5Z+NOhmFvhLT40XXl6aNIf8qRrFr5Iu3QwT/ZTFv4JIyDEfiy0/ozxjYE/Bi3gka +tWPJgzURxBjG/ifZMvlP5NQB0ClR0AOJ+PC651xez9DUI/OUlQb8bVakbG51OPvH +AyCreSwO4B0oLSaYIwUdF/9JH6kynACdys4b3XX77SBSUiiG468zepC15fSGu5rB ++1BFA7/4AfyFdj5ucKgEIeoX97TF9/FOyBm4bHDr9RZHmPxHQz9mk7z9TnoGJ3pr +ruxghqlvUql0xMiJ5UgQq79BxzbNrRKE1/60e1yzZ5BwH4tp6Q3j7ipxHhyCrOBE +HwA+2sUQLD8byiBVeKyQRQriiHQ5zBmFYTPHrfceYEvqLxgLp0trEoZYBqz1I0Bp +enFA/qnU +=w5qU +-----END PGP SIGNATURE----- +``` From bbfb59dd82c82cdd98fc4b225d6d63af641d77a2 Mon Sep 17 00:00:00 2001 From: RafaelGSS Date: Wed, 14 May 2025 18:17:15 -0300 Subject: [PATCH 5/6] Blog: v24.0.2 release post Refs: https://github.com/nodejs-private/node-private/pull/714 --- apps/site/pages/en/blog/release/v24.0.2.md | 89 ++++++++++++++++++++++ 1 file changed, 89 insertions(+) create mode 100644 apps/site/pages/en/blog/release/v24.0.2.md diff --git a/apps/site/pages/en/blog/release/v24.0.2.md b/apps/site/pages/en/blog/release/v24.0.2.md new file mode 100644 index 0000000000000..47f6f60b4a327 --- /dev/null +++ b/apps/site/pages/en/blog/release/v24.0.2.md @@ -0,0 +1,89 @@ +--- +date: '2025-05-14T21:17:11.440Z' +category: release +title: Node v24.0.2 (Current) +layout: blog-post +author: Rafael Gonzaga +--- + +## 2025-05-14, Version 24.0.2 (Current), @RafaelGSS + +This is a security release. + +### Notable Changes + +- (CVE-2025-23166) fix error handling on async crypto operation + +### Commits + +- \[[`7d0c17b2ad`](https://github.com/nodejs/node/commit/7d0c17b2ad)] - **(CVE-2025-23166)** **src**: fix error handling on async crypto operations (RafaelGSS) [nodejs-private/node-private#688](https://github.com/nodejs-private/node-private/pull/688) + +Windows 64-bit Installer: https://nodejs.org/dist/v24.0.2/node-v24.0.2-x64.msi \ +Windows ARM 64-bit Installer: https://nodejs.org/dist/v24.0.2/node-v24.0.2-arm64.msi \ +Windows 64-bit Binary: https://nodejs.org/dist/v24.0.2/win-x64/node.exe \ +Windows ARM 64-bit Binary: https://nodejs.org/dist/v24.0.2/win-arm64/node.exe \ +macOS 64-bit Installer: https://nodejs.org/dist/v24.0.2/node-v24.0.2.pkg \ +macOS Apple Silicon 64-bit Binary: https://nodejs.org/dist/v24.0.2/node-v24.0.2-darwin-arm64.tar.gz \ +macOS Intel 64-bit Binary: https://nodejs.org/dist/v24.0.2/node-v24.0.2-darwin-x64.tar.gz \ +Linux 64-bit Binary: https://nodejs.org/dist/v24.0.2/node-v24.0.2-linux-x64.tar.xz \ +Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v24.0.2/node-v24.0.2-linux-ppc64le.tar.xz \ +Linux s390x 64-bit Binary: https://nodejs.org/dist/v24.0.2/node-v24.0.2-linux-s390x.tar.xz \ +AIX 64-bit Binary: https://nodejs.org/dist/v24.0.2/node-v24.0.2-aix-ppc64.tar.gz \ +ARMv8 64-bit Binary: https://nodejs.org/dist/v24.0.2/node-v24.0.2-linux-arm64.tar.xz \ +Source Code: https://nodejs.org/dist/v24.0.2/node-v24.0.2.tar.gz \ +Other release files: https://nodejs.org/dist/v24.0.2/ \ +Documentation: https://nodejs.org/docs/v24.0.2/api/ + +### SHASUMS + +``` +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +ed574442f7a98dc5f88bf58d6a58d83a0a30243d51136000e42e5fb81becd2ab node-v24.0.2-aix-ppc64.tar.gz +4abbed05a2390a11f457a9e427bc9212ee0db110bcf00284f0b4096d740c5ce5 node-v24.0.2-arm64.msi +dbd43bc96d7754eff03c241888c2cbc1e879bcbbf2f0961fb8e00e9cd3a21526 node-v24.0.2-darwin-arm64.tar.gz +d70813109d5ddf729367567c412370775143b7bed5579d6166b028db26cd8d64 node-v24.0.2-darwin-arm64.tar.xz +b408d41f8e322bcc71fd4d595156b34d4ad03ef149fba26386030c4cf7e2c1e9 node-v24.0.2-darwin-x64.tar.gz +ea5494fb9b8028b9d733c97ee491e3b860000009edaf50165fd16594f3d3c082 node-v24.0.2-darwin-x64.tar.xz +38499a8b9dc93c1e42f8b8ff21b5b19c859fb41639b014cbcf1196294bc07edb node-v24.0.2-headers.tar.gz +b2f0f5f4ffc8983134cdd1c1d9f0fd804bcb2f91ae4770126e7f5ffdbcd1a9b8 node-v24.0.2-headers.tar.xz +78e02e66ea58612b6c84e349c9879333a3a83f51d8127f2593550a4d9a5c5c1a node-v24.0.2-linux-arm64.tar.gz +16426a7dae665cb87abe8399737248eb9661dd57e5dc99fcf6ded6e36c524525 node-v24.0.2-linux-arm64.tar.xz +4dca6cffc15d1e67b43db342d6562f21918f281bc8a4c26b6d637cfcecf76153 node-v24.0.2-linux-ppc64le.tar.gz +8fae7a9cc4d909a5dee961ea032336240fcb4902463e5448367862b87daec9b2 node-v24.0.2-linux-ppc64le.tar.xz +11bb07d9dfd5b0c11ff9ae240d1bb25e6c2f1eeec49d09157b1d262f8e97afa3 node-v24.0.2-linux-s390x.tar.gz +0c0b781ac4edbab98c3146de0b645107a275f07ba93b899f469db41268ef0742 node-v24.0.2-linux-s390x.tar.xz +0a44c1982b14ad2c67ae0d8ec26934d99e43a55c11880459f44a76757775c8fa node-v24.0.2-linux-x64.tar.gz +a5da53c8c184111afd324e1ed818c0fb23fe6f0a7d4583d47f41390dd389a027 node-v24.0.2-linux-x64.tar.xz +33cdb2171eb91be8380f666b5d8270f18accbccc4e108db438cfdc2973d2b944 node-v24.0.2-win-arm64.7z +33f0afdfe5fac6e2380025af09faef7d4152a1b12e374597b7006a85f8d6b746 node-v24.0.2-win-arm64.zip +46fa65be8aad5f761d9d40c7ba7b25f916b28bfd5a06600a97859960588b11d7 node-v24.0.2-win-x64.7z +259ca89fced60a5673548b57d0ed8cf813b9f310827b5fdfe042b4a105217b81 node-v24.0.2-win-x64.zip +053d291586491c2bf6b188e1441a93f724f6412477b85dccb3ef467cd3893a83 node-v24.0.2-x64.msi +aabe0e196bd7afecafb8fc41d77c6e9edefb4a673201f5d2867e67e58981d3d5 node-v24.0.2.pkg +db699b535192419b02f35668aadd48f4d80e99b8ef807997df159bcf15a5e6b9 node-v24.0.2.tar.gz +1597075afc06e5c6145d0bfbd77e2072c2ec0ab71ac4950cf008b2641374cd71 node-v24.0.2.tar.xz +4fe574d78a6d1e3c1f4935e0a1b56cb61cb9d4518f19f5d361b758fdbeca0ab3 win-arm64/node.exe +6809fc156673d10cca7dff0e54f28309bb111d235c54493a4a0ca401c2113be7 win-arm64/node.lib +deb49b68a7054e7e67a4e0521fdabb2b0009b6aa3918cd974b5db959a95d88ca win-arm64/node_pdb.7z +1f5dd8db749eb818ef5fb50e842bc2f2eff1f6ef8417c1b8d3f5d8febea32916 win-arm64/node_pdb.zip +99713814015e536bb05675e2d41dbc36b1715a92db0e71a6876d4cd2865ba573 win-x64/node.exe +34882ca2bb450431047f2dd3bae1c3b8c1cd2b4cffd5c1a0bf079948846d2b83 win-x64/node.lib +6b5df16680cfc9d53a0ed7d245de211914fd44f0a8b83a4915e3f9dd054ce470 win-x64/node_pdb.7z +56efcf3ceee83f7dda7098da5c6864b22b4516e9a119f9e78e10b5c96de81d05 win-x64/node_pdb.zip +-----BEGIN PGP SIGNATURE----- + +iQGzBAEBCAAdFiEEiQwI24V5Fi/uDfnbi+q0389VXvQFAmglBusACgkQi+q0389V +XvSW6Av+PSuZPVqzRzX4a8vuXxUapAgestbIQjcDtZNJDNnLUXKP7wmfTVcxAVr+ +ZzxIMXWPvScAjAIccSkdXWEY1cSdX0pcHqx++GhX62FJshVtMuTjB3sTRAoIYYGg +ewOcsiqM5/wmYCl2K9KlrwPfeCLdX0mJ0X9K1yc7DVwv2RSU1dR5JFegJzGgigx8 +MkFM73tTrHQ6t0C6MFX1d6iSH6MxyEpfGwVTxHNAUeywT/e0v9YfDEKs7Nl8MRVH +Cvv3bPlo22SlWTaTVvQ6s03f/HPsOKsxBg76L3Jih6/ahgJ2/GbgpuBM98b4Nprb +5jotbC386yeai/mYDTPD4FAzbQMboIBJG83Y2Gdxz6lYTV8cG+cC3rGNMixW95fS +y1VbwtuJxD9CRMqgQ3t+PnnTAhTBhcXiCGYRM1+APtkf9j27J9d2c+fsFhgBDPCa +rt/j+vkl1ZcOXkB7mW7d0+aak3D18po4LV5WxuuQKDbqSh5uFKxSi5p7uI0y8BLB +OAtNaq0H +=iXZN +-----END PGP SIGNATURE----- +``` From 8a5c19429b7037fcd1761075a2dcaaef0e4e9ddc Mon Sep 17 00:00:00 2001 From: Rafael Gonzaga Date: Wed, 14 May 2025 18:21:12 -0300 Subject: [PATCH 6/6] Update apps/site/pages/en/blog/vulnerability/may-2025-security-releases.md Co-authored-by: Aviv Keller Signed-off-by: Rafael Gonzaga --- .../pages/en/blog/vulnerability/may-2025-security-releases.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/site/pages/en/blog/vulnerability/may-2025-security-releases.md b/apps/site/pages/en/blog/vulnerability/may-2025-security-releases.md index 8305087ac1ee6..fecae391f6a01 100644 --- a/apps/site/pages/en/blog/vulnerability/may-2025-security-releases.md +++ b/apps/site/pages/en/blog/vulnerability/may-2025-security-releases.md @@ -53,7 +53,7 @@ Thank you, to Justin Nietzel for reporting and fixing this vulnerability. - [Node.js v20.19.2](/blog/release/v20.19.2/) - [Node.js v22.15.1](/blog/release/v22.15.1/) - [Node.js v23.11.1](/blog/release/v23.11.1/) -- [Node.js v24.0.1](/blog/release/v24.0.1/) +- [Node.js v24.0.2](/blog/release/v24.0.2) # Summary