This is a security release.
Notable Changes
- CVE-2024-27980 - Command injection via args parameter of
child_process.spawn
without shell option enabled on Windows
Commits
- [
9095c914ed
] - src: disallow direct .bat and .cmd file spawning (Ben Noordhuis) nodejs-private/node-private#562