Next | Query returned 363 messages, browsing 1 to 10 | Previous

History of commit frequency

CVS Commit History:


   2024-04-11 14:14:09 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
nodejs: updated to 21.7.3

Version 21.7.3 (Current)
This is a security release.
Notable Changes
CVE-2024-27980 - Command injection via args parameter of child_process.spawn \ 
without shell option enabled on Windows
   2024-04-05 07:31:10 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
nodejs: updated to 21.7.2

Version 21.7.2 (Current)

Notable changes
CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() \ 
leads to HTTP/2 server crash- (High)
CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation- (Medium)
llhttp version 9.2.1
undici version 6.11.1
   2024-03-20 14:39:23 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
nodejs: updated to 21.7.1

Version 21.7.1 (Current)

Notable Changes
This release reverts 51389, which landed in Node.js 21.7.0. It is a documented \ 
feature that t.after() hooks are run even if a test has no subtests. The hook \ 
can be used to clean up the test itself.
   2024-03-07 18:07:43 by Adam Ciarcinski | Files touched by this commit (4) | Package updated
Log message:
nodejs: updated to 21.7.0

Version 21.7.0 (Current)

Text Styling
Loading and parsing environment variables
Support for multi-line values for .env file
sea: support embedding assets
vm: support using the default loader to handle dynamic import()
crypto: implement crypto.hash()
   2024-02-14 22:15:56 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
nodejs: updated to 21.6.2

Version 21.6.2 (Current)

Notable changes

CVE-2024-21892 - Code injection and privilege escalation through Linux \ 
capabilities- (High)
CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk \ 
extension allows DoS attacks- (High)
CVE-2024-21896 - Path traversal by monkey-patching Buffer internals- (High)
CVE-2024-22017 - setuid() does not drop all privileges due to io_uring - (High)
CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of \ 
the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
CVE-2024-21891 - Multiple permission model bypasses due to improper path \ 
traversal sequence sanitization - (Medium)
CVE-2024-21890 - Improper handling of wildcards in --allow-fs-read and \ 
--allow-fs-write (Medium)
CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli \ 
decoding - (Medium)
undici version 5.28.3
libuv version 1.48.0
OpenSSL version 3.0.13+quic1
   2024-01-25 18:11:34 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
nodejs: updated to 21.6.1

Version 21.6.1 (Current)

Notable Changes

This release fixes a bug in undici using WebStreams
   2024-01-22 17:49:18 by Adam Ciarcinski | Files touched by this commit (31)
Log message:
nodejs16: removed; end-of-life
   2024-01-18 13:33:06 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
nodejs: updated to 21.6.0

Version 21.6.0 (Current)

New connection attempt events
Changes to the Permission Model
Support configurable snapshot through --build-snapshot-config flag
timers: export timers.promises
   2023-12-30 17:15:13 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
nodejs: updated to 21.5.0

Version 21.5.0 (Current)

Notable Changes

- (SEMVER-MINOR) deps: add simdjson (Yagiz Nizipli)
- module: merge config with package_json_reader (Yagiz Nizipli)
- src: move package resolver to c++ (Yagiz Nizipli)
   2023-12-07 13:23:23 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
nodejs: updated to 21.4.0

Version 21.4.0 (Current)

Notable Changes

This release fixes a regression introduced in v21.3.0 that caused the \ 
fs.writeFileSync method to throw when called with 'utf8' encoding, no flag \ 
option, and if the target file didn't exist yet.

Next | Query returned 363 messages, browsing 1 to 10 | Previous