From c1feefe3145b1772056f55a13f1ae5214330390a Mon Sep 17 00:00:00 2001 From: RafaelGSS Date: Tue, 7 Jan 2025 15:20:46 -0300 Subject: [PATCH 1/2] Blog: add security pre-release announcement --- .../release/january-2025-security-releases.md | 38 +++++++++++++++++++ apps/site/site.json | 10 ++--- 2 files changed, 43 insertions(+), 5 deletions(-) create mode 100644 apps/site/pages/en/blog/release/january-2025-security-releases.md diff --git a/apps/site/pages/en/blog/release/january-2025-security-releases.md b/apps/site/pages/en/blog/release/january-2025-security-releases.md new file mode 100644 index 0000000000000..b91182530a673 --- /dev/null +++ b/apps/site/pages/en/blog/release/january-2025-security-releases.md @@ -0,0 +1,38 @@ +--- +date: 2025-01-14T03:00:00.000Z +category: vulnerability +title: Tuesday, January 21, 2025 Security Releases +slug: january-2025-security-releases +layout: blog-post +author: The Node.js Project +--- + +# Summary + +The Node.js project will release new versions of the 23.x, 22.x, 20.x, 18.x +releases lines on or shortly after, Tuesday, January 21, 2025 in order to address: + +- 1 high severity issues. +- 2 medium severity issues. + +## Impact + +The 20.x release line of Node.js is vulnerable to 1 high severity issues, 2 medium severity issues. +The 22.x release line of Node.js is vulnerable to 1 high severity issues, 2 medium severity issues. +The 23.x release line of Node.js is vulnerable to 1 high severity issues, 2 medium severity issues. +The 18.x release line of Node.js is vulnerable to 2 medium severity issues. + +It's important to note that End-of-Life versions are always affected when a security release occurs. +To ensure your system's security, please use an up-to-date version as outlined in our +[Release Schedule](https://github.com/nodejs/release#release-schedule). + +## Release timing + +Releases will be available on, or shortly after, Tuesday, January 21, 2025. + +## Contact and future updates + +The current Node.js security policy can be found at . +Please follow the process outlined in if you wish to report a vulnerability in Node.js. + +Subscribe to the low-volume announcement-only nodejs-sec mailing list at to stay up to date on security vulnerabilities and security-related releases of Node.js and the projects maintained in the nodejs GitHub organization. diff --git a/apps/site/site.json b/apps/site/site.json index c5d948cb42f65..239f14ea81950 100644 --- a/apps/site/site.json +++ b/apps/site/site.json @@ -28,11 +28,11 @@ ], "websiteBanners": { "index": { - "startDate": "2024-12-04T00:00:00.000Z", - "endDate": "2024-12-11T00:00:00.000Z", - "text": "Save up to 60% on Node.js courses and certifications", - "link": "https://training.linuxfoundation.org/cyber-monday-openjs-2024/", - "type": "default" + "startDate": "2025-01-14T03:00:00.000Z", + "endDate": "2025-01-21T03:00:00.000Z", + "text": "New security releases to be made available Tuesday, January 21, 2025", + "link": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases", + "type": "warning" } }, "websiteBadges": { From 5707201a031b6fcdc68e63118793590f09e7e284 Mon Sep 17 00:00:00 2001 From: RafaelGSS Date: Mon, 13 Jan 2025 15:30:53 -0300 Subject: [PATCH 2/2] fixup! Blog: add security pre-release announcement --- .../pages/en/blog/release/january-2025-security-releases.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/site/pages/en/blog/release/january-2025-security-releases.md b/apps/site/pages/en/blog/release/january-2025-security-releases.md index b91182530a673..84dcb5b872f01 100644 --- a/apps/site/pages/en/blog/release/january-2025-security-releases.md +++ b/apps/site/pages/en/blog/release/january-2025-security-releases.md @@ -17,9 +17,9 @@ releases lines on or shortly after, Tuesday, January 21, 2025 in order to addres ## Impact -The 20.x release line of Node.js is vulnerable to 1 high severity issues, 2 medium severity issues. -The 22.x release line of Node.js is vulnerable to 1 high severity issues, 2 medium severity issues. The 23.x release line of Node.js is vulnerable to 1 high severity issues, 2 medium severity issues. +The 22.x release line of Node.js is vulnerable to 1 high severity issues, 2 medium severity issues. +The 20.x release line of Node.js is vulnerable to 1 high severity issues, 2 medium severity issues. The 18.x release line of Node.js is vulnerable to 2 medium severity issues. It's important to note that End-of-Life versions are always affected when a security release occurs.