This is a security release.
Notable changes
The following CVEs are fixed in this release:
- CVE-2022-3602: X.509 Email Address 4-byte Buffer Overflow (High)
- CVE-2022-3786: X.509 Email Address Variable Length Buffer Overflow (High)
- CVE-2022-43548: DNS rebinding in --inspect via invalid octal IP address (Medium)
More detailed information on each of the vulnerabilities can be found in November 2022 Security Releases blog post.
Commits
- [
e58e8d70a8
] - deps: update archs files for quictls/openssl-3.0.7+quic (RafaelGSS) #45286 - [
85f4548d57
] - deps: upgrade openssl sources to quictls/openssl-3.0.7+quic (RafaelGSS) #45286 - [
43403f56f7
] - inspector: harden IP address validation again (Tobias Nießen) nodejs-private/node-private#354