github nodejs/node v12.22.7
2021-10-12, Version 12.22.7 'Erbium' (LTS), @danielleadams

latest releases: v18.20.5, v23.2.0, v22.11.0...
3 years ago

This is a security release.

Notable changes

  • CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
    • The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at CVE-2021-22959 after publication.
  • CVE-2021-22960: HTTP Request Smuggling when parsing the body (Medium)
    • The parse ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. More details will be available at CVE-2021-22960 after publication.

Commits

Don't miss a new node release

NewReleases is sending notifications on new releases.