Nodejs/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2024-11-21 10:59:27 +00:00
Code Issues Actions 25 Packages Projects Releases Wiki Activity

2024-04-03, Version 18.20.1 'Hydrogen' (LTS)

Browse Source 
This is a security release.

Notable changes:

* CVE-2024-27983 - Assertion failed in node::http2::Http2Session::\~Http2Session() leads to HTTP/2 server crash- (High)
* CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
* llhttp version 9.2.1
* undici version 5.28.4

PR-URL: https://github.com/nodejs-private/node-private/pull/573
This commit is contained in:
RafaelGSS 2024-04-01 11:26:02 -03:00
parent 24d036ba45
commit 6590a8c4e4
2 changed files with 22 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG.md
View File

@ -71,7 +71,8 @@ release.
<a href="doc/changelogs/CHANGELOG_V20.md#20.0.0">20.0.0</a><br/>
</td>
<td valign="top">
<b><a href="doc/changelogs/CHANGELOG_V18.md#18.20.0">18.20.0</a></b><br/>
<b><a href="doc/changelogs/CHANGELOG_V18.md#18.20.1">18.20.1</a></b><br/>
<a href="doc/changelogs/CHANGELOG_V18.md#18.20.0">18.20.0</a><br/>
<a href="doc/changelogs/CHANGELOG_V18.md#18.19.1">18.19.1</a><br/>
<a href="doc/changelogs/CHANGELOG_V18.md#18.19.0">18.19.0</a><br/>
<a href="doc/changelogs/CHANGELOG_V18.md#18.18.2">18.18.2</a><br/>

20
doc/changelogs/CHANGELOG_V18.md
View File

@ -9,6 +9,7 @@
</tr>
<tr>
<td>
<a href="#18.20.1">18.20.1</a><br/>
<a href="#18.20.0">18.20.0</a><br/>
<a href="#18.19.1">18.19.1</a><br/>
<a href="#18.19.0">18.19.0</a><br/>
@ -68,6 +69,25 @@
* [io.js](CHANGELOG_IOJS.md)
* [Archive](CHANGELOG_ARCHIVE.md)
<a id="18.20.1"></a>
## 2024-04-03, Version 18.20.1 'Hydrogen' (LTS), @RafaelGSS
This is a security release.
### Notable Changes
* CVE-2024-27983 - Assertion failed in node::http2::Http2Session::\~Http2Session() leads to HTTP/2 server crash- (High)
* CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
* llhttp version 9.2.1
* undici version 5.28.4
### Commits
* \[[`60d24938de`](https://github.com/nodejs/node/commit/60d24938de)] - **deps**: update undici to v5.28.4 (Matteo Collina) [nodejs-private/node-private#577](https://github.com/nodejs-private/node-private/pull/577)
* \[[`5d4d5848cf`](https://github.com/nodejs/node/commit/5d4d5848cf)] - **http**: do not allow OBS fold in headers by default (Paolo Insogna) [nodejs-private/node-private#558](https://github.com/nodejs-private/node-private/pull/558)
* \[[`0fb816dbcc`](https://github.com/nodejs/node/commit/0fb816dbcc)] - **src**: ensure to close stream when destroying session (Anna Henningsen) [nodejs-private/node-private#561](https://github.com/nodejs-private/node-private/pull/561)
<a id="18.20.0"></a>
## 2024-03-26, Version 18.20.0 'Hydrogen' (LTS), @richardlau