node-darwin-x64 14.18.0 → 14.18.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/CHANGELOG.md +19 -0
  2. package/bin/node +0 -0
  3. package/include/node/node_version.h +1 -1
  4. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -11,6 +11,7 @@
11
11
  </tr>
12
12
  <tr>
13
13
  <td valign="top">
14
+ <a href="#14.18.1">14.18.1</a><br/>
14
15
  <a href="#14.18.0">14.18.0</a><br/>
15
16
  <a href="#14.17.6">14.17.6</a><br/>
16
17
  <a href="#14.17.5">14.17.5</a><br/>
@@ -66,6 +67,24 @@
66
67
  * [io.js](CHANGELOG_IOJS.md)
67
68
  * [Archive](CHANGELOG_ARCHIVE.md)
68
69
 
70
+ <a id="14.18.1"></a>
71
+ ## 2021-10-12, Version 14.18.1 'Fermium' (LTS), @danielleadams
72
+
73
+ This is a security release.
74
+
75
+ ### Notable changes
76
+
77
+ * **CVE-2021-22959**: HTTP Request Smuggling due to spaced in headers (Medium)
78
+ * The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at [CVE-2021-22959](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959) after publication.
79
+ * **CVE-2021-22960**: HTTP Request Smuggling when parsing the body (Medium)
80
+ * The parse ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. More details will be available at [CVE-2021-22960](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960) after publication.
81
+
82
+ ### Commits
83
+
84
+ * [[`8c254ca7e4`](https://github.com/nodejs/node/commit/8c254ca7e4)] - **deps**: update llhttp to 2.1.4 (Fedor Indutny) [nodejs-private/node-private#285](https://github.com/nodejs-private/node-private/pull/285)
85
+ * [[`9b92ae2499`](https://github.com/nodejs/node/commit/9b92ae2499)] - **http**: add regression test for smuggling content length (Matteo Collina) [nodejs-private/node-private#285](https://github.com/nodejs-private/node-private/pull/285)
86
+ * [[`f467539719`](https://github.com/nodejs/node/commit/f467539719)] - **http**: add regression test for chunked smuggling (Matteo Collina) [nodejs-private/node-private#285](https://github.com/nodejs-private/node-private/pull/285)
87
+
69
88
  <a id="14.18.0"></a>
70
89
  ## 2021-09-28, Version 14.18.0 'Fermium' (LTS), @targos
71
90
 
package/bin/node CHANGED
Binary file
package/include/node/node_version.h CHANGED
@@ -24,7 +24,7 @@
24
24
 
25
25
  #define NODE_MAJOR_VERSION 14
26
26
  #define NODE_MINOR_VERSION 18
27
- #define NODE_PATCH_VERSION 0
27
+ #define NODE_PATCH_VERSION 1
28
28
 
29
29
  #define NODE_VERSION_IS_LTS 1
30
30
  #define NODE_VERSION_LTS_CODENAME "Fermium"
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "node-darwin-x64",
3
- "version": "v14.18.0",
3
+ "version": "v14.18.1",
4
4
  "description": "node",
5
5
  "bin": {
6
6
  "node": "bin/node"