diff options
author | Juan José Arboleda <soyjuanarbol@gmail.com> | 2023-02-13 17:20:50 -0500 |
---|---|---|
committer | RafaelGSS <rafael.nunu@hotmail.com> | 2023-02-16 18:29:17 -0300 |
commit | 667dd34d794bae01051fcdceb6b24a12a9a43859 (patch) | |
tree | 9747aea1e51dbfd2811a304569f239eb2db8601e /CHANGELOG.md | |
parent | 5c4a287c3e43854d5c91293ede41bdf7996e567f (diff) | |
download | node-new-667dd34d794bae01051fcdceb6b24a12a9a43859.tar.gz |
2023-02-16, Version 18.14.1 'Hydrogen' (LTS)
This is a security release.
Notable changes:
The following CVEs are fixed in this release:
- CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High)
- CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium)
- CVE-2023-23936: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium)
- CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js fetch API (Low)
- CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low)
- OpenSSL 3.0.8
- undici 5.19.1
PR-URL: https://github.com/nodejs-private/node-private/pull/386
Diffstat (limited to 'CHANGELOG.md')
-rw-r--r-- | CHANGELOG.md | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index ec3624b246..be7c920648 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -45,7 +45,8 @@ release. <a href="doc/changelogs/CHANGELOG_V19.md#19.0.0">19.0.0</a><br/> </td> <td valign="top"> -<b><a href="doc/changelogs/CHANGELOG_V18.md#18.14.0">18.14.0</a></b><br/> +<b><a href="doc/changelogs/CHANGELOG_V18.md#18.14.1">18.14.1</a></b><br/> +<a href="doc/changelogs/CHANGELOG_V18.md#18.14.0">18.14.0</a><br/> <a href="doc/changelogs/CHANGELOG_V18.md#18.13.0">18.13.0</a><br/> <a href="doc/changelogs/CHANGELOG_V18.md#18.12.1">18.12.1</a><br/> <a href="doc/changelogs/CHANGELOG_V18.md#18.12.0">18.12.0</a><br/> |