This is a security release.
Notable changes
The following CVEs are fixed in this release:
- CVE-2022-32212: DNS rebinding in --inspect on macOS (High)
- CVE-2022-32213: bypass via obs-fold mechanic (Medium)
- CVE-2022-35256: HTTP Request Smuggling Due to Incorrect Parsing of Header Fields (Medium)
More detailed information on each of the vulnerabilities can be found in September 22nd 2022 Security Releases blog post.
Commits
- [
a9f1146b88] - http: disable chunked encoding when OBS fold is used (Paolo Insogna) nodejs-private/node-private#341 - [
a1121b456c] - src: fix IPv4 non routable validation (RafaelGSS) nodejs-private/node-private#337 - [
de80707870] - src: fix IS_LTS and IS_RELEASE flags (Richard Lau) #43761