Skip to content

node: bump to 22.23.0#29808

Merged
GeorgeSapkin merged 1 commit into
openwrt:masterfrom
nxhack:node_22230
Jun 23, 2026
Merged

node: bump to 22.23.0#29808
GeorgeSapkin merged 1 commit into
openwrt:masterfrom
nxhack:node_22230

Conversation

@nxhack

@nxhack nxhack commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

📦 Package Details

Maintainer: me @ianchi

Description:
HOST BUILD ONLY

This is a security release.
Notable Changes

(CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High
(CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High
(CVE-2026-48937) deps: fix integration issues with the latest nghttp2 – Medium
(CVE-2026-48930) dns,net: reject hostnames with embedded NUL bytes (Matteo Collina) – Medium
(CVE-2026-48619) http2: cap originSet size to prevent unbounded memory growth (Matteo Collina) – Medium
(CVE-2026-48615) lib,test: redact proxy credentials in tunnel errors (Matteo Collina) – Medium
(CVE-2026-48934) tls: bind reusable sessions to authenticated host (Matteo Collina) – Medium
(CVE-2026-48928) tls: fix case-sensitive SNI context matching (Matteo Collina) – Medium
(CVE-2026-48617) permission: handle process.chdir on writereport (RafaelGSS) – Low
(CVE-2026-48931) http: fix response queue poisoning in http.Agent (Matteo Collina) – Low
(CVE-2026-48935) permission: disable FileHandle utimes with permission model (RafaelGSS) – Low

🧪 Run Testing Details

  • OpenWrt Version: head
  • OpenWrt Target/Subtarget: aarch64, arm, i386, x86_64
  • OpenWrt Device: Run tested: (qemu 11.0.1) aarch64

✅ Formalities

  • [ x ] I have reviewed the CONTRIBUTING.md file for detailed contributing guidelines.

This is a security release.
Notable Changes

    (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High
    (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High
    (CVE-2026-48937) deps: fix integration issues with the latest nghttp2 – Medium
    (CVE-2026-48930) dns,net: reject hostnames with embedded NUL bytes (Matteo Collina) – Medium
    (CVE-2026-48619) http2: cap originSet size to prevent unbounded memory growth (Matteo Collina) – Medium
    (CVE-2026-48615) lib,test: redact proxy credentials in tunnel errors (Matteo Collina) – Medium
    (CVE-2026-48934) tls: bind reusable sessions to authenticated host (Matteo Collina) – Medium
    (CVE-2026-48928) tls: fix case-sensitive SNI context matching (Matteo Collina) – Medium
    (CVE-2026-48617) permission: handle process.chdir on writereport (RafaelGSS) – Low
    (CVE-2026-48931) http: fix response queue poisoning in http.Agent (Matteo Collina) – Low
    (CVE-2026-48935) permission: disable FileHandle utimes with permission model (RafaelGSS) – Low

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
@GeorgeSapkin GeorgeSapkin merged commit a408cf0 into openwrt:master Jun 23, 2026
11 of 12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants