Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Node v20.15.1 nsolid v5.3.1 release #153

Merged
merged 10 commits into from
Jul 8, 2024
Merged

Node v20.15.1 nsolid v5.3.1 release #153

merged 10 commits into from
Jul 8, 2024

Commits on Jun 20, 2024

  1. Working on v20.15.1 

    PR-URL: nodejs/node#53486
    @marco-ippolito
    marco-ippolito committed Jun 20, 2024
    Configuration menu
    Copy the full SHA
    d162dca View commit details
    Browse the repository at this point in the history

Commits on Jul 3, 2024

  1. lib,permission: disable fchmod/fchown when pm enabled 

    PR-URL: nodejs-private/node-private#584
Refs: https://hackerone.com/reports/2472071
CVE-ID: CVE-2024-36137
    @RafaelGSS
    RafaelGSS committed Jul 3, 2024
    Configuration menu
    Copy the full SHA
    d38ea17 View commit details
    Browse the repository at this point in the history

  2. lib,permission: support fs.lstat 

    PR-URL: nodejs-private/node-private#486
Backport-PR-URL: nodejs-private/node-private#604
CVE-ID: CVE-2024-22018
    @RafaelGSS
    RafaelGSS committed Jul 3, 2024
    Configuration menu
    Copy the full SHA
    025cbd6 View commit details
    Browse the repository at this point in the history

  3. src,permission: resolve path on fs_permission 

    Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>
PR-URL: nodejs/node#52761
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
    @RafaelGSS
    RafaelGSS committed Jul 3, 2024
    Configuration menu
    Copy the full SHA
    484cb0f View commit details
    Browse the repository at this point in the history

  4. src: handle permissive extension on cmd check 

    PR-URL: nodejs-private/node-private#596
Backport-PR-URL: nodejs-private/node-private#605
CVE-ID: CVE-2024-36138
    @RafaelGSS
    RafaelGSS committed Jul 3, 2024
    Configuration menu
    Copy the full SHA
    1ba624c View commit details
    Browse the repository at this point in the history

  5. lib,esm: handle bypass network-import via data: 

    PR-URL: nodejs-private/node-private#522
CVE-ID: CVE-2024-22020
    @RafaelGSS
    RafaelGSS committed Jul 3, 2024
    Configuration menu
    Copy the full SHA
    60e184a View commit details
    Browse the repository at this point in the history

  6. src,permission: fix UNC path resolution 

    PR-URL: nodejs-private/node-private#581
CVE-ID: CVE-2024-37372
    @RafaelGSS
    RafaelGSS committed Jul 3, 2024
    Configuration menu
    Copy the full SHA
    2524d00 View commit details
    Browse the repository at this point in the history

  7. 2024-07-08, Version 20.15.1 'Iron' (LTS) 

    This is a security release.

Notable changes:

* CVE-2024-36138 - Bypass incomplete fix of CVE-2024-27980 (High)
* CVE-2024-22020 - Bypass network import restriction via data URL (Medium)
* CVE-2024-22018 - fs.lstat bypasses permission model (Low)
* CVE-2024-36137 - fs.fchown/fchmod bypasses permission model (Low)
* CVE-2024-37372 - Permission model improperly processes UNC paths (Low)

PR-URL: nodejs-private/node-private#608
    @RafaelGSS
    RafaelGSS committed Jul 3, 2024
    Configuration menu
    Copy the full SHA
    a407d1f View commit details
    Browse the repository at this point in the history

Commits on Jul 8, 2024

  1. Merge tag 'v20.15.1' into node-v20.15.1-nsolid-v5.3.1-release 

    2024-07-08 Node.js v20.15.1 'Iron' (LTS) Release
Git-EVTag-v0-SHA512: a9761cc35145f50e8e3606a285e2843b47e6b430b650c7449fcf4e246b064ff29e74b301dd9b92c0bdd022a8c8aec4a46cb43473864f0d4591f9f4052e1130bf
    @trevnorris
    trevnorris committed Jul 8, 2024
    Configuration menu
    Copy the full SHA
    9d83482 View commit details
    Browse the repository at this point in the history

  2. 2024-07-08, Version 20.15.1-nsolid-v5.3.1 'Iron' 

    PR-URL: #153
Reviewed-by: Juan José Arboleda <soyjuanarbol@gmail.com>
Reviewed-by: RafaelGSS <rafael.nunu@hotmail.com>
    @trevnorris
    trevnorris committed Jul 8, 2024
    Configuration menu
    Copy the full SHA
    b165ab2 View commit details
    Browse the repository at this point in the history