node-linux-s390x 20.12.0 → 20.12.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/CHANGELOG.md +35 -0
  2. package/bin/node +0 -0
  3. package/include/node/node_version.h +1 -1
  4. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -9,6 +9,8 @@
9
9
  </tr>
10
10
  <tr>
11
11
  <td>
12
+ <a href="#20.12.2">20.12.2</a><br/>
13
+ <a href="#20.12.1">20.12.1</a><br/>
12
14
  <a href="#20.12.0">20.12.0</a><br/>
13
15
  <a href="#20.11.1">20.11.1</a><br/>
14
16
  <a href="#20.11.0">20.11.0</a><br/>
@@ -55,6 +57,39 @@
55
57
  * [io.js](CHANGELOG_IOJS.md)
56
58
  * [Archive](CHANGELOG_ARCHIVE.md)
57
59
 
60
+ <a id="20.12.2"></a>
61
+
62
+ ## 2024-04-10, Version 20.12.2 'Iron' (LTS), @RafaelGSS
63
+
64
+ This is a security release.
65
+
66
+ ### Notable Changes
67
+
68
+ * CVE-2024-27980 - Command injection via args parameter of `child_process.spawn` without shell option enabled on Windows
69
+
70
+ ### Commits
71
+
72
+ * \[[`69ffc6d50d`](https://github.com/nodejs/node/commit/69ffc6d50d)] - **src**: disallow direct .bat and .cmd file spawning (Ben Noordhuis) [nodejs-private/node-private#563](https://github.com/nodejs-private/node-private/pull/563)
73
+
74
+ <a id="20.12.1"></a>
75
+
76
+ ## 2024-04-03, Version 20.12.1 'Iron' (LTS), @RafaelGSS
77
+
78
+ This is a security release
79
+
80
+ ### Notable Changes
81
+
82
+ * CVE-2024-27983 - Assertion failed in node::http2::Http2Session::\~Http2Session() leads to HTTP/2 server crash- (High)
83
+ * CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
84
+ * llhttp version 9.2.1
85
+ * undici version 5.28.4
86
+
87
+ ### Commits
88
+
89
+ * \[[`bd8f10a257`](https://github.com/nodejs/node/commit/bd8f10a257)] - **deps**: update undici to v5.28.4 (Matteo Collina) [nodejs-private/node-private#576](https://github.com/nodejs-private/node-private/pull/576)
90
+ * \[[`5e34540a96`](https://github.com/nodejs/node/commit/5e34540a96)] - **http**: do not allow OBS fold in headers by default (Paolo Insogna) [nodejs-private/node-private#557](https://github.com/nodejs-private/node-private/pull/557)
91
+ * \[[`ba1ae6d188`](https://github.com/nodejs/node/commit/ba1ae6d188)] - **src**: ensure to close stream when destroying session (Anna Henningsen) [nodejs-private/node-private#561](https://github.com/nodejs-private/node-private/pull/561)
92
+
58
93
  <a id="20.12.0"></a>
59
94
 
60
95
  ## 2024-03-26, Version 20.12.0 'Iron' (LTS), @richardlau
package/bin/node CHANGED
Binary file
package/include/node/node_version.h CHANGED
@@ -24,7 +24,7 @@
24
24
 
25
25
  #define NODE_MAJOR_VERSION 20
26
26
  #define NODE_MINOR_VERSION 12
27
- #define NODE_PATCH_VERSION 0
27
+ #define NODE_PATCH_VERSION 2
28
28
 
29
29
  #define NODE_VERSION_IS_LTS 1
30
30
  #define NODE_VERSION_LTS_CODENAME "Iron"
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "node-linux-s390x",
3
- "version": "v20.12.0",
3
+ "version": "v20.12.2",
4
4
  "description": "node",
5
5
  "bin": {
6
6
  "node": "bin/node"