Skip to content

Commit 5f194a1

Browse files
RafaelGSSRafaelGSS
authored
January Security Release (#7414)
* Blog: add post-release announcement * Blog: v23.6.1 release post Refs: nodejs-private/node-private#654 * Blog: v22.13.1 release post Refs: nodejs-private/node-private#655 * Blog: v20.18.2 release post Refs: nodejs-private/node-private#664 * Blog: v18.20.6 release post Refs: nodejs-private/node-private#659
1 parent 95047b1 commit 5f194a1

6 files changed

Lines changed: 481 additions & 4 deletions

File tree

apps/site/pages/en/blog/release/v18.20.6.md

Lines changed: 103 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,103 @@
1+
---
2+
date: '2025-01-21T17:05:27.542Z'
3+
category: release
4+
title: Node v18.20.6 (LTS)
5+
layout: blog-post
6+
author: Rafael Gonzaga
7+
---
8+
9+
## 2025-01-21, Version 18.20.6 'Hydrogen' (LTS), @RafaelGSS
10+
11+
This is a security release.
12+
13+
### Notable Changes
14+
15+
- CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium)
16+
- CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium)
17+
18+
Dependency update:
19+
20+
- CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium)
21+
22+
### Commits
23+
24+
- \[[`c03ad5ed63`](https://github.com/nodejs/node/commit/c03ad5ed63)] - **build**: use rclone instead of aws CLI (Michaël Zasso) [#55617](https://github.com/nodejs/node/pull/55617)
25+
- \[[`8232463294`](https://github.com/nodejs/node/commit/8232463294)] - **build, tools**: drop leading `/` from `r2dir` (Richard Lau) [#53951](https://github.com/nodejs/node/pull/53951)
26+
- \[[`b26bcd3394`](https://github.com/nodejs/node/commit/b26bcd3394)] - **build, tools**: copy release assets to staging R2 bucket once built (flakey5) [#51394](https://github.com/nodejs/node/pull/51394)
27+
- \[[`56df127b7b`](https://github.com/nodejs/node/commit/56df127b7b)] - **build,tools**: simplify upload of shasum signatures (Michaël Zasso) [#53892](https://github.com/nodejs/node/pull/53892)
28+
- \[[`a63e9372ed`](https://github.com/nodejs/node/commit/a63e9372ed)] - **(CVE-2025-22150)** **deps**: update undici to v5.28.5 (Matteo Collina) [nodejs-private/node-private#657](https://github.com/nodejs-private/node-private/pull/657)
29+
- \[[`da2d177f91`](https://github.com/nodejs/node/commit/da2d177f91)] - **(CVE-2025-23084)** **path**: fix path traversal in normalize() on Windows (Tobias Nießen) [nodejs-private/node-private#555](https://github.com/nodejs-private/node-private/pull/555)
30+
- \[[`6cc8d58e6f`](https://github.com/nodejs/node/commit/6cc8d58e6f)] - **(CVE-2025-23085)** **src**: fix HTTP2 mem leak on premature close and ERR_PROTO (RafaelGSS) [nodejs-private/node-private#650](https://github.com/nodejs-private/node-private/pull/650)
31+
32+
Windows 32-bit Installer: https://nodejs.org/dist/v18.20.6/node-v18.20.6-x86.msi \
33+
Windows 64-bit Installer: https://nodejs.org/dist/v18.20.6/node-v18.20.6-x64.msi \
34+
Windows 32-bit Binary: https://nodejs.org/dist/v18.20.6/win-x86/node.exe \
35+
Windows 64-bit Binary: https://nodejs.org/dist/v18.20.6/win-x64/node.exe \
36+
macOS 64-bit Installer: https://nodejs.org/dist/v18.20.6/node-v18.20.6.pkg \
37+
macOS Apple Silicon 64-bit Binary: https://nodejs.org/dist/v18.20.6/node-v18.20.6-darwin-arm64.tar.gz \
38+
macOS Intel 64-bit Binary: https://nodejs.org/dist/v18.20.6/node-v18.20.6-darwin-x64.tar.gz \
39+
Linux 64-bit Binary: https://nodejs.org/dist/v18.20.6/node-v18.20.6-linux-x64.tar.xz \
40+
Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v18.20.6/node-v18.20.6-linux-ppc64le.tar.xz \
41+
Linux s390x 64-bit Binary: https://nodejs.org/dist/v18.20.6/node-v18.20.6-linux-s390x.tar.xz \
42+
AIX 64-bit Binary: https://nodejs.org/dist/v18.20.6/node-v18.20.6-aix-ppc64.tar.gz \
43+
ARMv7 32-bit Binary: https://nodejs.org/dist/v18.20.6/node-v18.20.6-linux-armv7l.tar.xz \
44+
ARMv8 64-bit Binary: https://nodejs.org/dist/v18.20.6/node-v18.20.6-linux-arm64.tar.xz \
45+
Source Code: https://nodejs.org/dist/v18.20.6/node-v18.20.6.tar.gz \
46+
Other release files: https://nodejs.org/dist/v18.20.6/ \
47+
Documentation: https://nodejs.org/docs/v18.20.6/api/
48+
49+
### SHASUMS
50+
51+
```
52+
-----BEGIN PGP SIGNED MESSAGE-----
53+
Hash: SHA256
54+
55+
25f9f8b8275186b632a9e0ff7f22bba85eebe3aeb7c4ed84822529ba917d2a04 node-v18.20.6-aix-ppc64.tar.gz
56+
7105fb1ac42968010020db61edcc0ea0a366b37d792405d2959668e45b612753 node-v18.20.6-darwin-arm64.tar.gz
57+
cc797a76aee995ebef16a446a445886287dab82d2e496a2ea58197e1065a88d4 node-v18.20.6-darwin-arm64.tar.xz
58+
25a4040000e9838af28d0d168301c70d07dcc61294089dde5f5d9044dafda1e5 node-v18.20.6-darwin-x64.tar.gz
59+
5f079ab410b3278e05cb367b4d2f4638bb93cdd19c8224f3da1068ef19e1f5ab node-v18.20.6-darwin-x64.tar.xz
60+
8f7f8f23d5f3265d09a556ba9aed207792ab90307140d04e55096dea7d63ac6e node-v18.20.6-headers.tar.gz
61+
68a846f73547b4074469eccc758a6700237d0e615e77766931cad6c40f1f111f node-v18.20.6-headers.tar.xz
62+
9580a8c3bb3e8014e15c6940595c45e831f5a878dec78f086824a8adf91a327f node-v18.20.6-linux-arm64.tar.gz
63+
169d317cc39ba5513c9588f7aded1bdff7f807b82c4dacb40ca03fd427d288b0 node-v18.20.6-linux-arm64.tar.xz
64+
d55580014639304a9fc0567a5e5b772d8a19d6c02c40f3fd4006216f97c759c2 node-v18.20.6-linux-armv7l.tar.gz
65+
7375b789338f01d4496e8febc16234cf3672efa57a16ca7bfc17d07ce034d9ac node-v18.20.6-linux-armv7l.tar.xz
66+
afa669b8c424f0f0d33ef461764194d126a1e5a07bad432252cfbefb7f9a52d0 node-v18.20.6-linux-ppc64le.tar.gz
67+
3f431b1beb67141a43fea19b778e534357798bb20b4129de6360edae88a107bc node-v18.20.6-linux-ppc64le.tar.xz
68+
bb65d62cd88f45c91b60da975563ad1bffefce9337ba6e85997fb42496c19fd0 node-v18.20.6-linux-s390x.tar.gz
69+
d58c4e6107b58b27b493c7a111b16b6f393e5af7ab69584b0548581fdca0a449 node-v18.20.6-linux-s390x.tar.xz
70+
bff0672c5117e6f0809c456d9194630b5886442ddf298b2292529959c45b92c0 node-v18.20.6-linux-x64.tar.gz
71+
abf47264a9a13b2233743ce8a966945388a1a10a56f841310a6d4dd12e18ca9a node-v18.20.6-linux-x64.tar.xz
72+
58e2e5a7cfe2a2d780a5246a114c644459dae8d71d4c2eabbe5b7ae91e21e5df node-v18.20.6.pkg
73+
e7ddfeabea3d1f7cc622cc9861d2fb0955b9e60940dbbedbed6f2f821ab3e4c7 node-v18.20.6.tar.gz
74+
c669b48b632fa6797d4f5fa7bbd2b476ec961120957864402226cc9fd8ebbc0e node-v18.20.6.tar.xz
75+
6f289a5054bfec7a0a03d7feb09a58fd5661749dedfdb71bb1c3bfb854990faf node-v18.20.6-win-x64.7z
76+
611a152838d67e05ddde02fbf5abc7f40bccd80a7e68fdaeae8745f729acff59 node-v18.20.6-win-x64.zip
77+
064c34005f30f89f86fbbafb90b4da02587f785d17c899026832f221637d1736 node-v18.20.6-win-x86.7z
78+
cde3c32739d7f4e8c405819c66ca2e5c9462e43a31633f4185d4865bd60d4027 node-v18.20.6-win-x86.zip
79+
df2828bfbbc5da31e70e840da365289c2578c9bfdca5d6b502e87e6675efba5a node-v18.20.6-x64.msi
80+
1942cff39580a9f15cb28418a391a5779d81b3384f2a8766cc4ec2d63c45f61f node-v18.20.6-x86.msi
81+
a64403d47ef2121e60eac8643f85fb3a682b7ffcc3b6ffe3fcacf10101cb7fbf win-x64/node.exe
82+
abfd50aed29f44e39725388fc60210b4a716b4fd759ebb9124ae01c30ccf81f9 win-x64/node.lib
83+
5c99323f91d14803d5b9aff6474cc5d43bbb317589fc1ab099e3a4f31fcadd1f win-x64/node_pdb.7z
84+
52c63d593b3eeb9c6c27cd843111e613584749a2106ca4177dc057b2b906cd42 win-x64/node_pdb.zip
85+
c3e2439a460ae24386694f03cae8b4105c2013aae6ae7cb1d5acef2a599346f3 win-x86/node.exe
86+
3442ac0d3ad2c5e840f0f2ae84a1c7abe1736a315d83a161b843c5c31a986f83 win-x86/node.lib
87+
1639c9101390cd0a0d2d516b6c8dfe091bd3d14f0d12195fee22ca3e82d8d510 win-x86/node_pdb.7z
88+
af1e5136a75422ed6df75dae6dd419eb5a179e05c6f5b9aa1b42ea6fb8ea496e win-x86/node_pdb.zip
89+
-----BEGIN PGP SIGNATURE-----
90+
91+
iQGzBAEBCAAdFiEEiQwI24V5Fi/uDfnbi+q0389VXvQFAmeP0PoACgkQi+q0389V
92+
XvQ3ugv/Qi7vH20YIkuxRGiMu2QtfSta4zxh3KT9Vty/j8uHLqEBF+VLFzK8wpkB
93+
uBMkVgnsj8YrmuF5QSlIGZqhmzDpO4qiN9f+je7CZCIH7+y5t507mML/SRDaDUb4
94+
njzBfHNoTGpIUqFc8L0bxCcuTTytLK5hbyiz4C7ISIYO3dtlqB3KBF70/cSNVYDw
95+
uZSxZ2pOdA569XP/DVEbCIyP1zw3oxmjBP+2vgStnsJ8zBGI4aYVQkowtRmj5n3K
96+
3dS3QtvdVySH+RJatNvf6trEk3DMAelQcJpHq9yRu+dXl0MFdCmWnXugnPFT9d/v
97+
5f/AlKbMeXJPIhIrCZX9SuaHw7kQ31wklSsbyKZkXzgD1p9pf4jcwNUWTIvnzl+S
98+
2k+YVNAFM7YeOxpsbgGebD8wp1KQkf8kIyVUFMhBJvCkaZmKEIQStNZtPfpyyWFS
99+
It9EMDBPCP6oUDit+ZVHS3wncqW0nOsgguqZ5zl6k4BH7B/i8oIo+g8FAthar+J9
100+
a0OF6HP9
101+
=/PCS
102+
-----END PGP SIGNATURE-----
103+
```

apps/site/pages/en/blog/release/v20.18.2.md

Lines changed: 110 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,110 @@
1+
---
2+
date: '2025-01-21T17:05:40.198Z'
3+
category: release
4+
title: Node v20.18.2 (LTS)
5+
layout: blog-post
6+
author: Rafael Gonzaga
7+
---
8+
9+
## 2025-01-21, Version 20.18.2 'Iron' (LTS), @RafaelGSS
10+
11+
This is a security release.
12+
13+
### Notable Changes
14+
15+
- CVE-2025-23083 - throw on InternalWorker use when permission model is enabled (High)
16+
- CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium)
17+
- CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium)
18+
19+
Dependency update:
20+
21+
- CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium)
22+
23+
### Commits
24+
25+
- \[[`df8b9f2c3e`](https://github.com/nodejs/node/commit/df8b9f2c3e)] - **(CVE-2025-22150)** **deps**: update undici to v6.21.1 (Matteo Collina) [nodejs-private/node-private#663](https://github.com/nodejs-private/node-private/pull/663)
26+
- \[[`42d5821873`](https://github.com/nodejs/node/commit/42d5821873)] - **(CVE-2025-23084)** **path**: fix path traversal in normalize() on Windows (Tobias Nießen) [nodejs-private/node-private#555](https://github.com/nodejs-private/node-private/pull/555)
27+
- \[[`8187a4b9bb`](https://github.com/nodejs/node/commit/8187a4b9bb)] - **src**: fix HTTP2 mem leak on premature close and ERR_PROTO (RafaelGSS)
28+
- \[[`389f239a28`](https://github.com/nodejs/node/commit/389f239a28)] - **(CVE-2025-23083)** **src,loader,permission**: throw on InternalWorker use (RafaelGSS) [nodejs-private/node-private#652](https://github.com/nodejs-private/node-private/pull/652)
29+
30+
Windows 32-bit Installer: https://nodejs.org/dist/v20.18.2/node-v20.18.2-x86.msi \
31+
Windows 64-bit Installer: https://nodejs.org/dist/v20.18.2/node-v20.18.2-x64.msi \
32+
Windows ARM 64-bit Installer: https://nodejs.org/dist/v20.18.2/node-v20.18.2-arm64.msi \
33+
Windows 32-bit Binary: https://nodejs.org/dist/v20.18.2/win-x86/node.exe \
34+
Windows 64-bit Binary: https://nodejs.org/dist/v20.18.2/win-x64/node.exe \
35+
Windows ARM 64-bit Binary: https://nodejs.org/dist/v20.18.2/win-arm64/node.exe \
36+
macOS 64-bit Installer: https://nodejs.org/dist/v20.18.2/node-v20.18.2.pkg \
37+
macOS Apple Silicon 64-bit Binary: https://nodejs.org/dist/v20.18.2/node-v20.18.2-darwin-arm64.tar.gz \
38+
macOS Intel 64-bit Binary: https://nodejs.org/dist/v20.18.2/node-v20.18.2-darwin-x64.tar.gz \
39+
Linux 64-bit Binary: https://nodejs.org/dist/v20.18.2/node-v20.18.2-linux-x64.tar.xz \
40+
Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v20.18.2/node-v20.18.2-linux-ppc64le.tar.xz \
41+
Linux s390x 64-bit Binary: https://nodejs.org/dist/v20.18.2/node-v20.18.2-linux-s390x.tar.xz \
42+
AIX 64-bit Binary: https://nodejs.org/dist/v20.18.2/node-v20.18.2-aix-ppc64.tar.gz \
43+
ARMv7 32-bit Binary: https://nodejs.org/dist/v20.18.2/node-v20.18.2-linux-armv7l.tar.xz \
44+
ARMv8 64-bit Binary: https://nodejs.org/dist/v20.18.2/node-v20.18.2-linux-arm64.tar.xz \
45+
Source Code: https://nodejs.org/dist/v20.18.2/node-v20.18.2.tar.gz \
46+
Other release files: https://nodejs.org/dist/v20.18.2/ \
47+
Documentation: https://nodejs.org/docs/v20.18.2/api/
48+
49+
### SHASUMS
50+
51+
```
52+
-----BEGIN PGP SIGNED MESSAGE-----
53+
Hash: SHA256
54+
55+
efcddeb91b189b02706d1a75a67b4a111253ec8f64cc30cc3dc4649744abd52b node-v20.18.2-aix-ppc64.tar.gz
56+
40c5a72564b8667342bec84aab50d2af1503af2b274f1a7a09d2d929461988b6 node-v20.18.2-arm64.msi
57+
fa76d5b5340f14070ebaa88ef8faa28c1e9271502725e830cb52f0cf5b6493de node-v20.18.2-darwin-arm64.tar.gz
58+
32dc17147054df9cdf96d03103f4661b4cb0bb9b4ca4b70e34fe632f1bab189c node-v20.18.2-darwin-arm64.tar.xz
59+
00a16bb0a82a2ad5d00d66b466ae1afa678482283747c27e9bce96668f334744 node-v20.18.2-darwin-x64.tar.gz
60+
184c9b8e246a3fd139caf2456510dc99ec548ad2e5203fbc5fc56ba48104e8eb node-v20.18.2-darwin-x64.tar.xz
61+
d74c718976adc308991fb8784f0b3f82845436bf8f04d2c982ab5cab5115289f node-v20.18.2-headers.tar.gz
62+
05819d72dcc0aa788baab1066e18ede5f1ab6730a1925cd6b15c131b55fd4272 node-v20.18.2-headers.tar.xz
63+
319789e8a055ff80793a05e633c8c5c9226050144a09da3747225b4ec56a2a99 node-v20.18.2-linux-arm64.tar.gz
64+
5c1437aa16e7e6a2e0687a42c4d3f0a8f8a2039cda8880cb3be8cd983aeefb44 node-v20.18.2-linux-arm64.tar.xz
65+
65397a4a63960bda94718099698d2961623e9ef400f60f4c3a71add2268bccfb node-v20.18.2-linux-armv7l.tar.gz
66+
63d4df56fb2e34a5077345f78941094204d2223ce03b8ebc9c1500e6e2aae68d node-v20.18.2-linux-armv7l.tar.xz
67+
9b2f0fd3b02d8b59bde3e2a251e4df501e755c99cfc4886b0bdf85fa4d0bc538 node-v20.18.2-linux-ppc64le.tar.gz
68+
828a2635261ca225cd4a8a4b1a914003cdc7b30656c2e9092ac7aab02ac361db node-v20.18.2-linux-ppc64le.tar.xz
69+
7e52e03823feaa2483a7cbcf85767790776f87a2c7112d87600c3d9d3b1ae6e9 node-v20.18.2-linux-s390x.tar.gz
70+
bcf3680e111f1d24e403db3d5600315266ae1f8d9d1f69f39c61dbf8d8c9036e node-v20.18.2-linux-s390x.tar.xz
71+
eb5b031bdd728871c3b9a82655dbfa533bc262c0b6da1d09a86842430cef07d4 node-v20.18.2-linux-x64.tar.gz
72+
4e50f727ae09bdafecf2322c72faf7cd82bf3b8851a16b8bb63974e0d8d6eceb node-v20.18.2-linux-x64.tar.xz
73+
87d10db681bca2a39fcadcc908d5e5b2c7effa16370c4ca555373b85e25275b1 node-v20.18.2.pkg
74+
cf3ef49fafbfee3cdcd936a0d6031341b73bfa6b26a484ea0a4936c26d24b829 node-v20.18.2.tar.gz
75+
69bf81b70f3a95ae0763459f02860c282d7e3a47567c8afaf126cc778176a882 node-v20.18.2.tar.xz
76+
d28d21e000ebed8b6131201b727d1998d4dbc4dbdb6e5ad07679552e4c75fa4d node-v20.18.2-win-arm64.7z
77+
b89d196a2d9dc3dac87c268aac9a983fa2fd1881c14884bc848312783ccf7d2f node-v20.18.2-win-arm64.zip
78+
06e72c0f78cc1bf1819eb0a0a37001d2917f19ad46a149c2f923c901f599ba52 node-v20.18.2-win-x64.7z
79+
ed790b94570518a7dce67b62485e16bc4bffecee4ec3b6df35ed220ae91117a5 node-v20.18.2-win-x64.zip
80+
fa561ebff3f52667228f9fcd9e67ce22a86e5c28c8e3782e01a95c90b6ed114d node-v20.18.2-win-x86.7z
81+
25f00a77843accc098561a35ce3ed923357f0127b8e5db594cb62188e3290b88 node-v20.18.2-win-x86.zip
82+
f3ad2d799e1645281d22d71b447f3899e569da87fea78bef9571b0c2b53288d6 node-v20.18.2-x64.msi
83+
783c4041ceb69226184a1b26177b5d9dc85e502d0f124c64d2b2c6f8ab12e5d5 node-v20.18.2-x86.msi
84+
83e7ad1b8c4d4d9c5e06849c3e8f3a5948a5eb6aa34c5bd973ba700e0386f42c win-arm64/node.exe
85+
58795bcd44e8023ff443dedabf7f9af928732a51befc5324082aafe56e0f5eb0 win-arm64/node.lib
86+
83fdda5fb5869c18f5d5d3dc4d0479f6bdad16f0888c95b8008f03654593afdd win-arm64/node_pdb.7z
87+
4049c1e7c2fc82c4d43c9d8567e7d20f20c0d360c281fcb924ce9cd4b9ce8dc3 win-arm64/node_pdb.zip
88+
8487a277e92282904dfe0f860dbd5d229543e97a858a223fbe9c9b8670bbe170 win-x64/node.exe
89+
5a16801c62c34c8056744ac339950c970b2b76f39b2d02afef4112ff51b74f1a win-x64/node.lib
90+
6ff19d51a762405717f7dff33811ba6371334de95946efbccf6f8dd786ec93e8 win-x64/node_pdb.7z
91+
07ef9641b5a339de2f43f698dc3b1aeb321e851645b199cbeb0f378674263bf1 win-x64/node_pdb.zip
92+
ab4b6beaaa170cfed83a2c9c71d8d5032ac514a5ebd7a5aa0553731267964f5e win-x86/node.exe
93+
fcc6ab34ebd4ad3a44de12376c3822c2ebc41febaa1ed4c4221ddc239f79f61c win-x86/node.lib
94+
ab74677f28b517eee9f745930541d02a870ae2d3f29a5ac91fe630813a1cd987 win-x86/node_pdb.7z
95+
6080ab7b513194510c8938c276b7fd4379eb0ed69cfa09dbb21da8a4eeddd75f win-x86/node_pdb.zip
96+
-----BEGIN PGP SIGNATURE-----
97+
98+
iQGzBAEBCAAdFiEEiQwI24V5Fi/uDfnbi+q0389VXvQFAmeP0VcACgkQi+q0389V
99+
XvSVVAv9Gqyi4i2K2vHIKo7Pe/ZQB4BLg5nmzDtd6SNqtcSgTM+oR3u1vOeFdeTL
100+
tXpIFaqUh0uYTYBpE4aJWajwXPnKWYu+uJO8Z1PtfUitM9PiZT5w2Ko69QPxIt7K
101+
4BmRxFhCVAH87R2SKiXWWzhDBQDQKboQFBtVG4G16HfOXp9leKSxUTKQ8B0fU+4L
102+
qbiCk9EvaBAmEJdrzT8Od/GjMdcBFXzllNRlROVu5hhAv6+HHlMuxR3RgaN5wml+
103+
zFFQeQk+lY1YZeA0DpslwB5raCrsLehkEywlXsJHF3wmRKOhsrFaQlTDLtzZuyoN
104+
BY6LQqkmY5hJGiCOeiXSCNHAXUpqmOLvUJQgXSW0jaEh41o66yXk7MGthUegYo5o
105+
AekiwYEZE50K4QLE9xdIFjQ5GeSp0iK81wxGgPLjVS0DBe0sw+sDWMep+yisHmhP
106+
Ttf0cY501JvjbdaBB40ug5LFpABuKQJgzmbTmrU8Edf+apbJa35OZRt2bNg7xoYs
107+
SzUkh4yR
108+
=eALp
109+
-----END PGP SIGNATURE-----
110+
```

0 commit comments

Comments
 (0)