nodejs/node v21.7.3

2024-04-10, Version 21.7.3 (Current), @RafaelGSS

on GitHub

This is a security release.

Notable Changes

• CVE-2024-27980 - Command injection via args parameter of child_process.spawn without shell option enabled on Windows

Commits

• [9095c914ed] - src: disallow direct .bat and .cmd file spawning (Ben Noordhuis) nodejs-private/node-private#562