Nodejs/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2024-11-21 10:59:27 +00:00
Code Issues Actions 25 Packages Projects Releases Wiki Activity

2020-09-15, Version 12.18.4 'Erbium' (LTS)

Browse Source 
This is a security release.

Notable changes:

Vulnerabilities fixed:

- CVE-2020-8201: HTTP Request Smuggling due to CR-to-Hyphen conversion (High).
- CVE-2020-8252: fs.realpath.native on may cause buffer overflow (Medium).

PR-URL: https://github.com/nodejs-private/node-private/pull/223
This commit is contained in:
Michaël Zasso 2020-09-14 08:48:25 +02:00 committed by Beth Griggs
parent 3bdac31c4b
commit 9ab5c6b96c
No known key found for this signature in database
GPG Key ID: D7062848A1AB005C
2 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG.md
View File

@ -44,7 +44,8 @@ release.
<a href="doc/changelogs/CHANGELOG_V14.md#14.0.0">14.0.0</a><br/> <a href="doc/changelogs/CHANGELOG_V14.md#14.0.0">14.0.0</a><br/>
</td> </td>
<td valign="top"> <td valign="top">
<b><a href="doc/changelogs/CHANGELOG_V12.md#12.18.3">12.18.3</a></b><br/> <b><a href="doc/changelogs/CHANGELOG_V12.md#12.18.4">12.18.4</a></b><br/>
<a href="doc/changelogs/CHANGELOG_V12.md#12.18.3">12.18.3</a><br/>
<a href="doc/changelogs/CHANGELOG_V12.md#12.18.2">12.18.2</a><br/> <a href="doc/changelogs/CHANGELOG_V12.md#12.18.2">12.18.2</a><br/>
<a href="doc/changelogs/CHANGELOG_V12.md#12.18.1">12.18.1</a><br/> <a href="doc/changelogs/CHANGELOG_V12.md#12.18.1">12.18.1</a><br/>
<a href="doc/changelogs/CHANGELOG_V12.md#12.18.0">12.18.0</a><br/> <a href="doc/changelogs/CHANGELOG_V12.md#12.18.0">12.18.0</a><br/>

19
doc/changelogs/CHANGELOG_V12.md
View File

@ -11,6 +11,7 @@
</tr> </tr>
<tr> <tr>
<td valign="top"> <td valign="top">
<a href="#12.18.4">12.18.4</a><br/>
<a href="#12.18.3">12.18.3</a><br/> <a href="#12.18.3">12.18.3</a><br/>
<a href="#12.18.2">12.18.2</a><br/> <a href="#12.18.2">12.18.2</a><br/>
<a href="#12.18.1">12.18.1</a><br/> <a href="#12.18.1">12.18.1</a><br/>
@ -64,6 +65,24 @@
* [io.js](CHANGELOG_IOJS.md) * [io.js](CHANGELOG_IOJS.md)
* [Archive](CHANGELOG_ARCHIVE.md) * [Archive](CHANGELOG_ARCHIVE.md)
<a id="12.18.4"></a>
## 2020-09-15, Version 12.18.4 'Erbium' (LTS), @targos
### Notable Changes
This is a security release.
Vulnerabilities fixed:
* **CVE-2020-8201**: HTTP Request Smuggling due to CR-to-Hyphen conversion (High).
* **CVE-2020-8252**: fs.realpath.native on may cause buffer overflow (Medium).
### Commits
* [[`2ea6d255f8`](https://github.com/nodejs/node/commit/2ea6d255f8)] - **deps**: libuv: cherry-pick 0e6e8620 (cjihrig) [nodejs-private/node-private#221](https://github.com/nodejs-private/node-private/pull/221)
* [[`65415049af`](https://github.com/nodejs/node/commit/65415049af)] - **deps**: update llhttp to 2.1.2 (Fedor Indutny) [nodejs-private/node-private#219](https://github.com/nodejs-private/node-private/pull/219)
* [[`edad52e243`](https://github.com/nodejs/node/commit/edad52e243)] - **test**: modify tests to support the latest llhttp (Fedor Indutny) [nodejs-private/node-private#219](https://github.com/nodejs-private/node-private/pull/219)
<a id="12.18.3"></a> <a id="12.18.3"></a>
## 2020-07-22, Version 12.18.3 'Erbium' (LTS), @codebytere ## 2020-07-22, Version 12.18.3 'Erbium' (LTS), @codebytere