Nodejs/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2024-11-21 10:59:27 +00:00
Code Issues Actions 25 Packages Projects Releases Wiki Activity

2024-04-03, Version 20.12.1 'Iron' (LTS)

Browse Source 
This is a security release.

Notable changes:

* CVE-2024-27983 - Assertion failed in node::http2::Http2Session::\~Http2Session() leads to HTTP/2 server crash- (High)
* CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
* llhttp version 9.2.1
* undici version 5.28.4

PR-URL: https://github.com/nodejs-private/node-private/pull/575/
This commit is contained in:
RafaelGSS 2024-04-01 14:35:34 -03:00
parent dab20ccea7
commit 24d036ba45
2 changed files with 22 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG.md
View File

@ -50,7 +50,8 @@ release.
<a href="doc/changelogs/CHANGELOG_V21.md#21.0.0">21.0.0</a><br/>
</td>
<td valign="top">
<b><a href="doc/changelogs/CHANGELOG_V20.md#20.12.0">20.12.0</a></b><br/>
<b><a href="doc/changelogs/CHANGELOG_V20.md#20.12.1">20.12.1</a></b><br/>
<a href="doc/changelogs/CHANGELOG_V20.md#20.12.0">20.12.0</a><br/>
<a href="doc/changelogs/CHANGELOG_V20.md#20.11.1">20.11.1</a><br/>
<a href="doc/changelogs/CHANGELOG_V20.md#20.11.0">20.11.0</a><br/>
<a href="doc/changelogs/CHANGELOG_V20.md#20.10.0">20.10.0</a><br/>

20
doc/changelogs/CHANGELOG_V20.md
View File

@ -9,6 +9,7 @@
</tr>
<tr>
<td>
<a href="#20.12.1">20.12.1</a><br/>
<a href="#20.12.0">20.12.0</a><br/>
<a href="#20.11.1">20.11.1</a><br/>
<a href="#20.11.0">20.11.0</a><br/>
@ -56,6 +57,25 @@
* [io.js](CHANGELOG_IOJS.md)
* [Archive](CHANGELOG_ARCHIVE.md)
<a id="20.12.1"></a>
## 2024-04-03, Version 20.12.1 'Iron' (LTS), @RafaelGSS
This is a security release
### Notable Changes
* CVE-2024-27983 - Assertion failed in node::http2::Http2Session::\~Http2Session() leads to HTTP/2 server crash- (High)
* CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
* llhttp version 9.2.1
* undici version 5.28.4
### Commits
* \[[`bd8f10a257`](https://github.com/nodejs/node/commit/bd8f10a257)] - **deps**: update undici to v5.28.4 (Matteo Collina) [nodejs-private/node-private#576](https://github.com/nodejs-private/node-private/pull/576)
* \[[`5e34540a96`](https://github.com/nodejs/node/commit/5e34540a96)] - **http**: do not allow OBS fold in headers by default (Paolo Insogna) [nodejs-private/node-private#557](https://github.com/nodejs-private/node-private/pull/557)
* \[[`ba1ae6d188`](https://github.com/nodejs/node/commit/ba1ae6d188)] - **src**: ensure to close stream when destroying session (Anna Henningsen) [nodejs-private/node-private#561](https://github.com/nodejs-private/node-private/pull/561)
<a id="20.12.0"></a>
## 2024-03-26, Version 20.12.0 'Iron' (LTS), @richardlau