OSSForks/node
1
0
Fork 0
mirror of https://github.com/zebrajr/node.git synced 2025-12-06 12:20:27 +01:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity

2025-05-14, Version 20.19.2 'Iron' (LTS)

Browse Source 
This is a security release.

Notable changes:

src:
  * (CVE-2025-23166) fix error handling on async crypto operation
deps:
  * (CVE-2025-23167) (SEMVER-MAJOR) update llhttp to 9.2.0
fs:
  * (CVE-2025-23165) add missing call to uv\_fs\_req\_cleanup

PR-URL: https://github.com/nodejs-private/node-private/pull/711
This commit is contained in:
RafaelGSS 2025-05-07 17:22:11 -03:00
parent 1ad8b05afb
commit 1771cdfdcd
No known key found for this signature in database
GPG Key ID: 8BEAB4DFCF555EF4
2 changed files with 25 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG.md
View File

@ -80,7 +80,8 @@ release.
<a href="doc/changelogs/CHANGELOG_V22.md#22.0.0">22.0.0</a><br/>
</td>
<td valign="top">
<b><a href="doc/changelogs/CHANGELOG_V20.md#20.19.1">20.19.1</a></b><br/>
<b><a href="doc/changelogs/CHANGELOG_V20.md#20.19.2">20.19.2</a></b><br/>
<a href="doc/changelogs/CHANGELOG_V20.md#20.19.1">20.19.1</a><br/>
<a href="doc/changelogs/CHANGELOG_V20.md#20.19.0">20.19.0</a><br/>
<a href="doc/changelogs/CHANGELOG_V20.md#20.18.3">20.18.3</a><br/>
<a href="doc/changelogs/CHANGELOG_V20.md#20.18.2">20.18.2</a><br/>

23
doc/changelogs/CHANGELOG_V20.md
View File

@ -9,6 +9,7 @@
</tr>
<tr>
<td>
<a href="#20.19.2">20.19.2</a><br/>
<a href="#20.19.1">20.19.1</a><br/>
<a href="#20.19.0">20.19.0</a><br/>
<a href="#20.18.3">20.18.3</a><br/>
@ -74,6 +75,28 @@
* [io.js](CHANGELOG_IOJS.md)
* [Archive](CHANGELOG_ARCHIVE.md)
<a id="20.19.2"></a>
## 2025-05-14, Version 20.19.2 'Iron' (LTS), @RafaelGSS
This is a security release.
### Notable Changes
* (CVE-2025-23166) fix error handling on async crypto operation
* (CVE-2025-23167) (SEMVER-MAJOR) update llhttp to 9.2.0
* (CVE-2025-23165) add missing call to uv\_fs\_req\_cleanup
### Commits
* \[[`eb25047b1b`](https://github.com/nodejs/node/commit/eb25047b1b)] - **deps**: update llhttp to 9.2.0 (Node.js GitHub Bot) [#51719](https://github.com/nodejs/node/pull/51719)
* \[[`12dcd8db08`](https://github.com/nodejs/node/commit/12dcd8db08)] - **deps**: update llhttp to 9.1.3 (Node.js GitHub Bot) [#50080](https://github.com/nodejs/node/pull/50080)
* \[[`190e45a291`](https://github.com/nodejs/node/commit/190e45a291)] - **(SEMVER-MAJOR)** **(CVE-2025-23167)** **deps**: update llhttp to 9.1.2 (Paolo Insogna) [#48981](https://github.com/nodejs/node/pull/48981)
* \[[`fc68c44e6a`](https://github.com/nodejs/node/commit/fc68c44e6a)] - **fs**: added test for missing call to uv\_fs\_req\_cleanup (Justin Nietzel) [#57811](https://github.com/nodejs/node/pull/57811)
* \[[`9e13bf0a81`](https://github.com/nodejs/node/commit/9e13bf0a81)] - **(CVE-2025-23165)** **fs**: add missing call to uv\_fs\_req\_cleanup (Justin Nietzel) [#57811](https://github.com/nodejs/node/pull/57811)
* \[[`bd0aa5d44c`](https://github.com/nodejs/node/commit/bd0aa5d44c)] - **(CVE-2024-27982)** **http**: do not allow OBS fold in headers by default (Paolo Insogna) [nodejs-private/node-private#556](https://github.com/nodejs-private/node-private/pull/556)
* \[[`6c57465920`](https://github.com/nodejs/node/commit/6c57465920)] - **(CVE-2025-23166)** **src**: fix error handling on async crypto operations (RafaelGSS) [nodejs-private/node-private#710](https://github.com/nodejs-private/node-private/pull/710)
<a id="20.19.1"></a>
## 2025-04-22, Version 20.19.1 'Iron' (LTS), @UlisesGascon prepared by @RafaelGSS