node-linux-s390x 20.8.0 → 20.8.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +30 -0
- package/bin/node +0 -0
- package/include/node/node_version.h +1 -1
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
</tr>
|
|
9
9
|
<tr>
|
|
10
10
|
<td>
|
|
11
|
+
<a href="#20.8.1">20.8.1</a><br/>
|
|
11
12
|
<a href="#20.8.0">20.8.0</a><br/>
|
|
12
13
|
<a href="#20.7.0">20.7.0</a><br/>
|
|
13
14
|
<a href="#20.6.1">20.6.1</a><br/>
|
|
@@ -46,6 +47,35 @@
|
|
|
46
47
|
* [io.js](CHANGELOG_IOJS.md)
|
|
47
48
|
* [Archive](CHANGELOG_ARCHIVE.md)
|
|
48
49
|
|
|
50
|
+
<a id="20.8.1"></a>
|
|
51
|
+
|
|
52
|
+
## 2023-10-13, Version 20.8.1 (Current), @RafaelGSS
|
|
53
|
+
|
|
54
|
+
This is a security release.
|
|
55
|
+
|
|
56
|
+
### Notable Changes
|
|
57
|
+
|
|
58
|
+
The following CVEs are fixed in this release:
|
|
59
|
+
|
|
60
|
+
* [CVE-2023-44487](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487): `nghttp2` Security Release (High)
|
|
61
|
+
* [CVE-2023-45143](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45143): `undici` Security Release (High)
|
|
62
|
+
* [CVE-2023-39332](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39332): Path traversal through path stored in Uint8Array (High)
|
|
63
|
+
* [CVE-2023-39331](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39331): Permission model improperly protects against path traversal (High)
|
|
64
|
+
* [CVE-2023-38552](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38552): Integrity checks according to policies can be circumvented (Medium)
|
|
65
|
+
* [CVE-2023-39333](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39333): Code injection via WebAssembly export names (Low)
|
|
66
|
+
|
|
67
|
+
More detailed information on each of the vulnerabilities can be found in [October 2023 Security Releases](https://nodejs.org/en/blog/vulnerability/october-2023-security-releases/) blog post.
|
|
68
|
+
|
|
69
|
+
### Commits
|
|
70
|
+
|
|
71
|
+
* \[[`c86883e844`](https://github.com/nodejs/node/commit/c86883e844)] - **deps**: update nghttp2 to 1.57.0 (James M Snell) [#50121](https://github.com/nodejs/node/pull/50121)
|
|
72
|
+
* \[[`2860631359`](https://github.com/nodejs/node/commit/2860631359)] - **deps**: update undici to v5.26.3 (Matteo Collina) [#50153](https://github.com/nodejs/node/pull/50153)
|
|
73
|
+
* \[[`cd37838bf8`](https://github.com/nodejs/node/commit/cd37838bf8)] - **lib**: let deps require `node` prefixed modules (Matthew Aitken) [#50047](https://github.com/nodejs/node/pull/50047)
|
|
74
|
+
* \[[`f5c90b2951`](https://github.com/nodejs/node/commit/f5c90b2951)] - **module**: fix code injection through export names (Tobias Nießen) [nodejs-private/node-private#461](https://github.com/nodejs-private/node-private/pull/461)
|
|
75
|
+
* \[[`fa5dae1944`](https://github.com/nodejs/node/commit/fa5dae1944)] - **permission**: fix Uint8Array path traversal (Tobias Nießen) [nodejs-private/node-private#456](https://github.com/nodejs-private/node-private/pull/456)
|
|
76
|
+
* \[[`cd35275111`](https://github.com/nodejs/node/commit/cd35275111)] - **permission**: improve path traversal protection (Tobias Nießen) [nodejs-private/node-private#456](https://github.com/nodejs-private/node-private/pull/456)
|
|
77
|
+
* \[[`a4cb7fc7c0`](https://github.com/nodejs/node/commit/a4cb7fc7c0)] - **policy**: use tamper-proof integrity check function (Tobias Nießen) [nodejs-private/node-private#462](https://github.com/nodejs-private/node-private/pull/462)
|
|
78
|
+
|
|
49
79
|
<a id="20.8.0"></a>
|
|
50
80
|
|
|
51
81
|
## 2023-09-28, Version 20.8.0 (Current), @ruyadorno
|
package/bin/node
CHANGED
|
Binary file
|