This is a security release.
Notable changes
The following CVEs are fixed in this release:
- CVE-2022-3602: X.509 Email Address 4-byte Buffer Overflow (High)
- CVE-2022-3786: X.509 Email Address Variable Length Buffer Overflow (High)
- CVE-2022-43548: DNS rebinding in --inspect via invalid octal IP address (Medium)
More detailed information on each of the vulnerabilities can be found in November 2022 Security Releases blog post.
Commits
- [
39f8a672e3] - deps: update archs files for quictls/openssl-3.0.7+quic nodejs/node#45286 - [
80218127c8] - deps: upgrade openssl sources to quictls/openssl-3.0.7+quic nodejs/node#45286 - [
165342beac] - inspector: harden IP address validation again (Tobias Nießen) nodejs-private/node-private#354