2021년 8월 31일 보안 릴리스

(2021년 8월 31일 업데이트) 보안 릴리스를 사용할 수 있습니다.

아래의 이슈들에 대해 v14.x, v12.x 버전의 Node.js 릴리스 라인의 업데이트를 사용할 수 있습니다.

npm 6버전 업데이트 - node-tar, arborist, npm cli 모듈

아래는 node-tar 취약점인 CVE-2021-32803
CVE-2021-32804에 대한 초기 보고 및 후속 수정과 관련된 node-tar, arborist, npm cli 모듈의 취약점입니다.
node-tar 모듈과 추가 외부 현상금 보고에 대한 후속 내부 보안 리뷰를 통해 node-tar 및 npm arborist를 포함한 핵심 npm CLI 종속성에서 또 다른 CVE 5개가 수정되었습니다.

자세한 내용은 아래의 링크에서 확인할 수 있습니다.

영향받는 버전:

  • 14.x 및 12.x 릴리스 라인의 모든 버전

다운로드와 릴리스 상세 내용


요약

Node.js 프로젝트는 아래의 내용을 해결하기 위해 2021년 8월 31일 화요일쯤 12.x 및 14.x 릴리스 라인의 새 버전을 출시할 예정입니다.

  • 심각도가 높은 이슈 세 개와 중간 심각도의 이슈 두 개.

영향도

Node.js 14.x 릴리스 라인은 심각도가 높은 이슈 세 개와 중간 심각도의 이슈 두 개에 취약합니다.

Node.js 12.x 릴리스 라인은 심각도가 높은 이슈 세 개와 중간 심각도의 이슈 두 개에 취약합니다.

릴리스 시기

릴리스는 2021년 8월 31일 화요일쯤 사용 가능할 예정입니다.

연락처 및 향후 업데이트

현재 Node.js의 보안 정책은 https://nodejs.org/en/security/에서 볼 수 있습니다.
Node.js의 취약점을 보고하고 싶다면
https://github.com/nodejs/node/blob/master/SECURITY.md에 정리된 절차를 따르기 바랍니다.

Node.js의 보안 취약점과 보안과 관련된 릴리스의 최신 정보를 얻으려면
https://groups.google.com/forum/#!forum/nodejs-sec에서 소수의 공지만 하는
nodejs-sec 메일링 리스트를 구독해 주세요. 이 프로젝트는 nodejs GitHub 조직에서 관리하고 있습니다.

Node v16.8.0(현재 버전)

주요 변경사항

  • [2e90b10f35] - doc: dns.lookup 옵션에 대한 타입 강제가 폐기 예정이 되었습니다.(Antoine du Hamel) #38906
  • [a6d50a18a0] - (SEMVER-MINOR) stream: stream.Duplex.from 유틸리티를 추가했습니다.(Robert Nagy) #39519
  • [af7047a815] - (SEMVER-MINOR) stream: isDisturbed 헬퍼를 추가했습니다.(Robert Nagy) #39628
  • [66400374de] - (SEMVER-MINOR) util: toUSVString을 노출했습니다.(Robert Nagy) #39814

Commits

Windows 32-bit Installer: https://nodejs.org/dist/v16.8.0/node-v16.8.0-x86.msi

Windows 64-bit Installer: https://nodejs.org/dist/v16.8.0/node-v16.8.0-x64.msi

Windows 32-bit Binary: https://nodejs.org/dist/v16.8.0/win-x86/node.exe

Windows 64-bit Binary: https://nodejs.org/dist/v16.8.0/win-x64/node.exe

macOS 64-bit Installer: https://nodejs.org/dist/v16.8.0/node-v16.8.0.pkg

macOS Apple Silicon 64-bit Binary: https://nodejs.org/dist/v16.8.0/node-v16.8.0-darwin-arm64.tar.gz

macOS Intel 64-bit Binary: https://nodejs.org/dist/v16.8.0/node-v16.8.0-darwin-x64.tar.gz

Linux 64-bit Binary: https://nodejs.org/dist/v16.8.0/node-v16.8.0-linux-x64.tar.xz

Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v16.8.0/node-v16.8.0-linux-ppc64le.tar.xz

Linux s390x 64-bit Binary: https://nodejs.org/dist/v16.8.0/node-v16.8.0-linux-s390x.tar.xz

AIX 64-bit Binary: https://nodejs.org/dist/v16.8.0/node-v16.8.0-aix-ppc64.tar.gz

ARMv7 32-bit Binary: https://nodejs.org/dist/v16.8.0/node-v16.8.0-linux-armv7l.tar.xz

ARMv8 64-bit Binary: https://nodejs.org/dist/v16.8.0/node-v16.8.0-linux-arm64.tar.xz

Source Code: https://nodejs.org/dist/v16.8.0/node-v16.8.0.tar.gz

Other release files: https://nodejs.org/dist/v16.8.0/

Documentation: https://nodejs.org/docs/v16.8.0/api/

SHASUMS

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

cc9e8e2600c2ad9ee80be45a850453a5f0237650f8bd4364db4a9f941a5b6e57 node-v16.8.0-aix-ppc64.tar.gz
891e72d166abbb1b838b5113cc8cfaf2fe905dfe77afe84a5af56e426ff74ddf node-v16.8.0-darwin-arm64.tar.gz
f1aa35e99542bdaab51e46917203cf215463982a16862199ecfa200534190119 node-v16.8.0-darwin-arm64.tar.xz
9c013cb82830ab5adb9630ff28046f420a7805bb4a930ec2b3f5b162c5f6de88 node-v16.8.0-darwin-x64.tar.gz
fdcc827192f349bb1f3ec58361cb6a9a783b84d3bc19d51ca2fd5b0968b89f3b node-v16.8.0-darwin-x64.tar.xz
fa04f9a4fd9126fe2c0bf43e3d464d730dd328cc130c3599478530f64489be7f node-v16.8.0-headers.tar.gz
c24263b3f90bc490fba030a7836485b3df0351c8b68c7a83011dd01ed45d95be node-v16.8.0-headers.tar.xz
3f8cbdd3165fb9bf499f0e35bbd2ae4b301f2af5e9f349f82beacdb7278539bb node-v16.8.0-linux-arm64.tar.gz
4d08cda750e42e691d18881b4a443de4c19e0e2c1195e56a15a3ec45aeed895c node-v16.8.0-linux-arm64.tar.xz
7d325b9b8f189c4b59196df933fcb5a8009684f9073977f00a75dc66924fb03d node-v16.8.0-linux-armv7l.tar.gz
86b4d718aa0003e895b845db86851720a9f9ce3e66f031324bfeebd63e4b922f node-v16.8.0-linux-armv7l.tar.xz
437d5de90cb77837d5fc0faae08c3aaa17dbad0309341c5a1934db994196e9c9 node-v16.8.0-linux-ppc64le.tar.gz
eb0a02f5c7b4c2187d034a536ad42311283ac91d761af9d69bd46f2ecbe5abbe node-v16.8.0-linux-ppc64le.tar.xz
45a1784f04b7ff6aee9d15badc8d559ade43c413949592d4d7b7cf727dc9b957 node-v16.8.0-linux-s390x.tar.gz
cefc32542c3521bbd075b218bd2f7444589a537e6c82ff6b64f46765efb07392 node-v16.8.0-linux-s390x.tar.xz
aa1f366b522a9565332096fdc32ed0cd58a2049c0875d839703d3fe58b4c226d node-v16.8.0-linux-x64.tar.gz
85880c0e63c254faa75f8cf6512bc353f1587ba6e65a5e1d7366bf684684ae74 node-v16.8.0-linux-x64.tar.xz
b91e3e368e681cb6e91e01c379382b0921f2d585f2444c7196fdf68d5688547f node-v16.8.0.pkg
0cc13572bc7c5a9bf7a2c5cb2800ff045780e43d0fa6e3eb0f1be46b4bf9a1c6 node-v16.8.0.tar.gz
b8790226312970ba5d8fd98229380c48bf0366eb1a3633091e350a34a4b46392 node-v16.8.0.tar.xz
11032b8841444015f01f56370580e1f14eab997bf4d497a249f719caa4418e52 node-v16.8.0-win-x64.7z
16193b45e18c116ddd062cc1a7ac5d96de9cb2198d4334f345d5718ea6d603f7 node-v16.8.0-win-x64.zip
d2aa238864ae9adb0f3e565ab89021e713bcb5911dbaa4046a59307400d5bbb5 node-v16.8.0-win-x86.7z
d3322f8f1174a92ca72900ae7a189a40b3a402ba7781a00ec1996ff346bdccc8 node-v16.8.0-win-x86.zip
fe18c039bfcca609e2601c10c26fddd335794c1c3065e80e58985e744bb6ffe5 node-v16.8.0-x64.msi
6a2868f3f4df8b0f4d060ae1f305f27d499248c0b260759c058d27d6c90ba66b node-v16.8.0-x86.msi
17031318847f432785f33f2ed9db6328d3ad4ce15602ece56c8077cf6eaca45d win-x64/node.exe
33b4ae0ab35e7180d8d1b5c2f47da889f9edc75617a42cacf249a4c1ac7635b1 win-x64/node.lib
54ad71ddc4cfd97c0319874cc8a2656a35db0cff7b5a45ebe5b970fb0110248b win-x64/node_pdb.7z
0c30e3b24e8096e8a45331186ff1b6729a65f9693bb6409627fb03436765fb9f win-x64/node_pdb.zip
86daf79b0e3090153d8985ec5eb200eb213da34280eac88ebe7df05cb8ea0c45 win-x86/node.exe
407a64a2b21512f6cd8ec1a98c2a8228475d3de02352a191b98bdedb738f3193 win-x86/node.lib
1b2f4e1cb25aae99d48443635778a5793d19b8cb9d868a265c532bedf788e950 win-x86/node_pdb.7z
f58094285001c98e62fa231a0885ec3d3bc0e4407130c41f70682159f12dd2f4 win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEj8yhP+8dDC6RAI4Jdw96mlrhVgAFAmEmrsQACgkQdw96mlrh
VgCDrA/9Ebnj2yLp0/A9x47LwZpZsabDzsg2avWYiZzR7CbuHAsFfT8LeBWrzNZJ
Vorvo397IrNq88MwgkScS6GFXYCUt0WCL0OJ302li1kadp3kAySGU9nXv+rkPAw9
dU+6JCaqcSqicrxVb2dt3/3cx2wo5hhcbcZGq/ubm6Vq0xDRg9XDevkfJyazPar8
Q111uWr0RdmaiX+/5wLMju6j9GDw94goiVQRibaqQzIQVB4i03z3k9KUfXWJXTUS
qeCh2uSZXPFnNNAHbvpt0QyS/DUwlAqW/kpW1frYF8m98kDvunVHIaHLwAdJJWAP
877KGMt6k4I/dkGNCYeM06QFL8o2rhacP8BvuOQhi7uCptl7wvqYYiba40m/W4YP
8vsZN9pBdhBHlXRf6TlBO26kkL1JRAkJEjxzDjy2vVrzLY1R67SkRBF757EweF8F
7T3flaJrbe997uWvgSLChzBildVd8xt/1ob5rXTUXyKrx6FeD20yl8nEyyFvvZd/
Zg5ln94HgHidxitV6j0OUaUVd5g/DFPUN0s4NjZKLvmn34xSqXFsvhrdMNVpxUw6
MUsqiWQh5a/xtN8/DPTTvcuAlm6KIelTgfqB6R1Q694AihvcibIf+fe5HCbQ5elQ
H6M9S6sGU3PfPnz8IrwFWwwFJjZapcBTuCe5lB02AdyZDtXw+eU=
=YB9N
-----END PGP SIGNATURE-----

Node v16.7.0(현재 버전)

주요 변경사항

  • fs:
    • 실험: 재귀 cp 메서드를 추가했습니다.(Benjamin Coe) #39372

Commits

  • [a80c989306] - async_hooks: merge resource_symbol with owner_symbol (Darshan Sen) #38468
  • [69a2a6b6c3] - bootstrap: call _undestroy() inside _destroy for stdout and stderr (Matteo Collina) #39685
  • [5bc31ea0aa] - buffer: add endings option, remove Node.js specific encoding option (James M Snell) #39708
  • [091a579275] - (SEMVER-MINOR) buffer: add Blob.prototype.stream method and other cleanups (James M Snell) #39693
  • [097d898e58] - build: run coverage for inspector protocol changes (Richard Lau) #39725
  • [cf028df0ed] - build: fix V8 build with pointer compression (Michaël Zasso) #39664
  • [9d38400de1] - build: exclude markdown files from some GitHub Actions (Rich Trott) #39565
  • [eeb804a7b7] - build: use lts shorthand in GitHub Actions (Rich Trott) #39538
  • [93a904d0ba] - (SEMVER-MINOR) crypto: implement webcrypto.randomUUID (Michaël Zasso) #39648
  • [3321b65a5a] - debugger: prevent simultaneous heap snapshots (Rich Trott) #39638
  • [6c375e18b6] - debugger: remove undefined parameter (Rich Trott) #39570
  • [103bf20988] - deps: V8: cherry-pick 81814ed44574 (Stephen Belanger) #39719
  • [cf5e5b5711] - deps: upgrade to libuv 1.42.0 (Luigi Pinca) #39525
  • [5f92d2fe6d] - dgram: use simplified validator (Voltrex) #39753
  • [c7e918b06a] - (SEMVER-MINOR) dns: add “tries” option to Resolve options (Luan Devecchi) #39610
  • [5d66646b71] - doc: correct cjs code to match mjs code (Raz Luvaton) #39509
  • [f18bb2a0f1] - doc: fix typo in hmac.paramNames default (Justin) #39766
  • [338a166e83] - doc: fix fs.rmdir recursive option deprecation history (Antoine du Hamel) #39728
  • [bfb1dc0a2c] - doc: fixed variable names in queueMicrotask example (ashish maurya) #39634
  • [08b31f12f8] - doc: change “Version 4 UUID” to “version 4 UUID” (Tobias Nießen) #39682
  • [f5200f9785] - doc: update debugger.md description and examples (Rich Trott) #39661
  • [4700f1e529] - doc: fix color contrast issue in light mode (Rich Trott) #39660
  • [88c83a4698] - (SEMVER-MINOR) doc: add missing change to resolver ctor (Luan Devecchi) #39610
  • [760cafa5ed] - doc: fix typo in url.md (Howie Zhao) #39666
  • [9ab5503693] - doc: add point to ask H1 reporter about credit (Daniel Bevenius) #39585
  • [7514405456] - doc: update min mac ver + move mac arm64 to tier 1 (Ash Cripps) #39586
  • [d7c8c6dcee] - doc: add missing introduced_in metadata (Richard Lau) #39575
  • [8072517097] - doc: add code examples to Writable.destroy() and Writable.destroyed (Juan José Arboleda) #39491
  • [55f47cc2d0] - doc: add String.prototype.at and %TypedArray%.prototype.at (Jordan Harband) #39583
  • [0c0412e2c4] - doc: move NODE_MODULE_VERSION in release guide (Richard Lau) #39544
  • [5df74f9b21] - doc: remove outdated ARM information from release guide (Richard Lau) #39544
  • [8eccb11ea0] - doc: fence command examples in release guide (Richard Lau) #39544
  • [0bd97e1f2d] - doc: update backport labels in release guide (Richard Lau) #39544
  • [2129ad6a0a] - doc: add code example to fs.truncate method (Juan José Arboleda) #39454
  • [3ff5e153ef] - doc: add code example to http.createServer method (Juan José Arboleda) #39455
  • [7d0c869cfa] - doc: add PerformanceObserver buffered document (legendecas) #39514
  • [0dc167a03f] - (SEMVER-MINOR) fs: add recursive cp method (Benjamin Coe) #39372
  • [54dd3df943] - http: decodes url.username and url.password for authorization header (Lew Gordon) #39310
  • [81e62f67bf] - inspector: update inspector_protocol to 89c4adf (Rich Trott) #39650
  • [793fee4915] - inspector: update inspector_protocol to 8ec18cf (Rich Trott) #39614
  • [5afdc1f4c0] - lib: simplify validators (Voltrex) #39753
  • [ca3cb96d25] - lib: cleanup validation (Voltrex) #39652
  • [cc08d3062f] - lib: cleanup instance validation (Voltrex) #39656
  • [2751cdf6f9] - lib: use helper for readability (Voltrex) #39649
  • [c68415cba2] - lib: use validators (Voltrex) #39663
  • [be2d60dd1d] - lib: use validator (Voltrex) #39547
  • [486d51ac0c] - lib: use validateObject (Voltrex) #39605
  • [058e882a2a] - lib: use ERR_ILLEGAL_CONSTRUCTOR (Mestery) #39556
  • [07cadc4432] - meta: consolidate AUTHORS entries for ooHmartY (Rich Trott) #39705
  • [6c788b8030] - meta: consolidate AUTHORS entries for homosaur (Rich Trott) #39705
  • [07351edebe] - meta: consolidate AUTHORS entries for Ayase-252 (Rich Trott) #39705
  • [5fe282769b] - meta: consolidate AUTHORS entries for robin-drexler (Rich Trott) #39705
  • [fc2a626357] - meta: consolidate AUTHORS entries for samshull (Rich Trott) #39705
  • [67cfc66a47] - meta: update AUTHORS (Rich Trott) #39705
  • [91008fbdeb] - meta: consolidate email addresses for MarshallOfSound (Rich Trott) #39651
  • [a76b63536a] - meta: consolidate email addresses for tadjik1 (Rich Trott) #39651
  • [aaab2095db] - meta: consolidate email addresses for szmarczak (Rich Trott) #39651
  • [f413a9d83c] - meta: update AUTHORS (Rich Trott) #39636
  • [7a91d4bfe9] - meta: simplify mailmap (Rich Trott) #39612
  • [4ec5d2de5d] - meta: consolidate emails for tadhgcreedon (Rich Trott) #39611
  • [bb88c38eac] - meta: consolidate emails for timcosta (Rich Trott) #39611
  • [0920a8cf6f] - meta: consolidate emails for timruffles (Rich Trott) #39611
  • [1474a9d4b1] - meta: update AUTHORS (Rich Trott) #39629
  • [c59e3ec685] - meta: add mailmap entry for ryzokuken (Rich Trott) #39596
  • [34f4bb8277] - meta: add mailmap entry for uttampawar (Rich Trott) #39596
  • [fd213edda2] - meta: add mailmap entry for dmabupt (Rich Trott) #39596
  • [6b664e224b] - meta: align README/.mailmap/AUTHORS email entries (Rich Trott) #39505
  • [96d8ecbd66] - meta: add mailmap entry for garygsc (Rich Trott) #39588
  • [16d85f3f48] - meta: add mailmap entry for ttzztztz (Rich Trott) #39588
  • [60ab111fdb] - meta: update AUTHORS (Rich Trott) #39587
  • [b43f87d729] - meta: update .mailmap to remove duplication in AUTHORS (Rich Trott) #39561
  • [6f4a2aa5a4] - meta: add .mailmap entries to remove AUTHORS duplicates (Rich Trott) #39560
  • [86d144c500] - meta: add .mailmap entry to remove duplication in AUTHORS (Rich Trott) #39559
  • [110c088f02] - meta: update collaborator email in AUTHORS/.mailmap (Rich Trott) #39521
  • [72af147bb5] - meta: update collaborator email in README (Rich Trott) #39521
  • [23bc4cfb21] - meta: update collaborator email in AUTHORS/.mailmap (Rich Trott) #39521
  • [e4289728c7] - meta: move gdams to emeritus (Rich Trott) #39539
  • [4df59bc727] - module: add some typings to internal/modules/esm/resolve (Antoine du Hamel) #39504
  • [b5858589d0] - node-api: handle pending exception in cb wrapper (Michael Dawson) #39476
  • [016b7ba616] - perf_hooks: fix PerformanceObserver gc crash (James M Snell) #39550
  • [b37575b67c] - perf_hooks: fix performance timeline wpt failures (legendecas) #39532
  • [64c02eb3cc] - (SEMVER-MINOR) perf_hooks: web performance timeline compliance (legendecas) #39297
  • [7ff21397d6] - policy: fix integrity when DEFAULT_ENCODING is set (Tobias Nießen) #39750
  • [03be967cad] - src: fix TextDecoder final flush size calculation (James M Snell) #39737
  • [9046e78943] - src: fix crash in AfterGetAddrInfo (Anna Henningsen) #39735
  • [2a00ef5ede] - (SEMVER-MINOR) src: fix align in cares_wrap.h (Luan) #39610
  • [60a2b31c68] - src: add cosmetic space character to async_wrap.h file (Juan José Arboleda) #39459
  • [cd9b0bf68c] - stream: ensure text() stream consumer flushes correctly (James M Snell) #39737
  • [f57a0e4d8b] - (SEMVER-MINOR) stream: utility consumers for web and node.js streams (James M Snell) #39594
  • [975edf5330] - stream: clean endWritableNT (Mestery) #39645
  • [9e38fc6757] - (SEMVER-MINOR) stream: add readableDidRead if has been read from (Robert Nagy) #39589
  • [a5ded4a85a] - test: use simplfied validator (voltrexmaster) #39753
  • [53cf53c95a] - (SEMVER-MINOR) test: enable blob.prototype.stream tests (James M Snell) #39693
  • [7e9884598f] - test: update WPT abort tests (Michaël Zasso) #39697
  • [94381fbdf5] - test: update WPT common and resources (Michaël Zasso) #39697
  • [34a041a846] - test: fix test-debugger-heap-profiler for workers (Richard Lau) #39687
  • [9f5acfa90e] - test: increase memory for coverage action (Benjamin Coe) #39690
  • [0be15cedc4] - test: use template to concatenate string (Himadri Ganguly) #39621
  • [952a5282e2] - (SEMVER-MINOR) test: pull Web Platform Tests for WebCryptoAPI (Michaël Zasso) #39648
  • [3622fb1e03] - test: deflake test-http2-buffersize (Luigi Pinca) #39591
  • [1962c7c7b3] - test: convert anonymous function to arrow function (Himadri Ganguly) #39604
  • [635e1a0274] - test: add test-debugger-breakpoint-exists (Rich Trott) #39570
  • [cff2aea5df] - test: add known issues test for debugger heap snapshot race (Rich Trott) #39557
  • [5e1011238a] - tools: bump remark-preset-lint-node to 3.0.0 (Rich Trott) #39755
  • [eb741253fd] - tools: update path-parse in markdown linter package-lock file (Rich Trott) #39729
  • [52a172f983] - tools: fix more build warnings in inspector_protocol (Richard Lau) #39725
  • [77f9c1fa98] - tools: cherry-pick ffb34b6d5dbf0 (Darshan Sen) #39725
  • [b9510d21c9] - tools: update inspector_protocol to e8ba1a7 (Rich Trott) #39694
  • [8d509d8773] - tools: update inspector_protocol to 39ca567 (Rich Trott) #39694
  • [ee7142fa37] - tools: update inspector_protocol to 97d3146 (Rich Trott) #39694
  • [c6323d847d] - Reverttools: fix compiler warning in inspector_protocol” (Rich Trott) #39694
  • [6e19c166e4] - tools: update inspector_protocol to a53e96d31a2755eb16ca37 (Rich Trott) #39694
  • [61c53f39d2] - tools: update inspector_protocol to fe0467fd105a (Rich Trott) #39694
  • [b1b6f20353] - tools: improve error detection in find-inactive-collaborators (Rich Trott) #39617
  • [d1360fcf48] - tools: update ESLint to 7.32.0 (Luigi Pinca) #39602
  • [af1c782cad] - tools: update ESLint to 7.31.0 (Colin Ihrig) #39424
  • [37dda19461] - (SEMVER-MINOR) url,buffer: implement URL.createObjectURL (James M Snell) #39693
  • [dcab88ad38] - worker: add brand checks for detached properties/methods (James M Snell) #39763

Windows 32-bit Installer: https://nodejs.org/dist/v16.7.0/node-v16.7.0-x86.msi

Windows 64-bit Installer: https://nodejs.org/dist/v16.7.0/node-v16.7.0-x64.msi

Windows 32-bit Binary: https://nodejs.org/dist/v16.7.0/win-x86/node.exe

Windows 64-bit Binary: https://nodejs.org/dist/v16.7.0/win-x64/node.exe

macOS 64-bit Installer: https://nodejs.org/dist/v16.7.0/node-v16.7.0.pkg

macOS Apple Silicon 64-bit Binary: https://nodejs.org/dist/v16.7.0/node-v16.7.0-darwin-arm64.tar.gz

macOS Intel 64-bit Binary: https://nodejs.org/dist/v16.7.0/node-v16.7.0-darwin-x64.tar.gz

Linux 64-bit Binary: https://nodejs.org/dist/v16.7.0/node-v16.7.0-linux-x64.tar.xz

Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v16.7.0/node-v16.7.0-linux-ppc64le.tar.xz

Linux s390x 64-bit Binary: https://nodejs.org/dist/v16.7.0/node-v16.7.0-linux-s390x.tar.xz

AIX 64-bit Binary: https://nodejs.org/dist/v16.7.0/node-v16.7.0-aix-ppc64.tar.gz

ARMv7 32-bit Binary: https://nodejs.org/dist/v16.7.0/node-v16.7.0-linux-armv7l.tar.xz

ARMv8 64-bit Binary: https://nodejs.org/dist/v16.7.0/node-v16.7.0-linux-arm64.tar.xz

Source Code: Coming soon

Other release files: https://nodejs.org/dist/v16.7.0/

Documentation: https://nodejs.org/docs/v16.7.0/api/

SHASUMS

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

4c706dbaebab5c5787d36238b32405143742050fb0faccc81d9da6ebf05e8304 node-v16.7.0-aix-ppc64.tar.gz
969875c1a6b2790663d7b25d7641d1e3919225659921a98d2f1e4711bbec5ef3 node-v16.7.0-darwin-arm64.tar.gz
a7d5f71b0b0be342eeff8dbe0a29935e098cab1117af2cd617f988461b1c4a5e node-v16.7.0-darwin-arm64.tar.xz
c9bf23c765c584f635a4065d58dadff9737aeb605676d1e45873eba66adaab8a node-v16.7.0-darwin-x64.tar.gz
29265ebcf44a3a19ffc7ecd2e1ef35db562fc53be58529e74cf1340e21ced9a9 node-v16.7.0-darwin-x64.tar.xz
8b51402dd94b1f77fb661f2db79144b7c0b9056b2d43cff60c7c333caefb11e8 node-v16.7.0-headers.tar.gz
8a398c4e6f1941ac42aea159e3cf0007f68163dd74116d8bb246801692c698f0 node-v16.7.0-headers.tar.xz
8a1b770c81618353ca2f6fd296ccfa7d812e7f40d1e2a2b88579e6d9895ec463 node-v16.7.0-linux-arm64.tar.gz
28775e7d1463052e748d69b145b845e28361c467cabc42dc887003484b6a4ef1 node-v16.7.0-linux-arm64.tar.xz
453019d1514e5f7befe770cef757f2c761e23b3e91b34f98968170f0a504a1ba node-v16.7.0-linux-armv7l.tar.gz
5efff171b966bf93ae34471b2c54d22f1a8a7e3b5128f8b9b6d82e229ce0dbfe node-v16.7.0-linux-armv7l.tar.xz
e8bcc040152cea7564f97d6be6c2b2226417a9ee63b91d456e21744a886d1862 node-v16.7.0-linux-ppc64le.tar.gz
f3a6a599165b943f67a77967f7d304318f12382999013c3d925defe89c95c947 node-v16.7.0-linux-ppc64le.tar.xz
e1f8becb5ba6ec80b2f893e92145fe43b041fc8392414ff6466a624e9afeaa15 node-v16.7.0-linux-s390x.tar.gz
51a3acd86d52da8418400a451f4eca615ae023d17866b018e9e2f02cb1f03286 node-v16.7.0-linux-s390x.tar.xz
13a15e1934d356c9e8f97fcfff411d7d5236e90ed04d6aeeca5f10f529b58a57 node-v16.7.0-linux-x64.tar.gz
32f1563b8bab10981164dfc63a38ab303db6b54e888d5ac4190b4b6777184daf node-v16.7.0-linux-x64.tar.xz
c3ace96357ba98d2dc87d0a4019e233967e576abc36a7db4cb35a4f994fed552 node-v16.7.0.pkg
0c4a82acc5ae67744d56f2c97db54b859f2b3ef8e78deacfb8aed0ed4c7cb690 node-v16.7.0.tar.gz
fa85fdfbd378e587fa04ad9548e7c9f50e690af9575730d3b330cba6fc3f2d37 node-v16.7.0.tar.xz
f7b0e8b0bfcfad7d62eba16fa4db9f085983c12c661bd4c66d8e3bd783befa65 node-v16.7.0-win-x64.7z
d9081e74db8f71e509a5ccedce877eb32eb25c9d95a146d98ff05a24284e4914 node-v16.7.0-win-x64.zip
8fcb32d38c702148250640a5a7967c0e5d5d55cb8202aa40afde9684e8a67ea8 node-v16.7.0-win-x86.7z
21a484ad901a8965e4e19d86fdc923c3d58aa708ae395b36cbdc140542a053c6 node-v16.7.0-win-x86.zip
5646507653636fb6ba2f2f75854fc01dded59631e13dd843d20358ff0580adab node-v16.7.0-x64.msi
6bb969fd41c1105e9829001a21c0882d7ecb45ad93be366671b3e48e7a9f8691 node-v16.7.0-x86.msi
7f33cbe04cb2940427e6dd97867c1fcf3ddd60911d2ae0260da3cab9f6ea6365 win-x64/node.exe
8b9363be29a20a95f48a319434a33bb7021b21b017a343b334697689b471b92f win-x64/node.lib
f61ce6e746861d65d4144e5f37c8e70e52d8fe3a1edfc1152159536f03dbe742 win-x64/node_pdb.7z
2c47b5f606119feea241ae5ce8d47de6dd85f3ef4016f8936fe34459100c45f9 win-x64/node_pdb.zip
8a1ab09efad03051be13622c50123b87475b86000684b4b35495c5da356c9ac5 win-x86/node.exe
944a6428f1ed03da56f6ac82f65051b346f41d69aa43ad8219a528b85babb36c win-x86/node.lib
d93a13cd7335ba1c1a8422427bdb3077a866f900bc1039dabbace94c27d83e30 win-x86/node_pdb.7z
6b5d395cfd2c8f9d4f33d2c9961ed7f80dcbcb15bd57ddf89f7a9b564d96cabb win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEdPEmArbxxOkT+qN606iWE2Q7YgEFAmEcXmMACgkQ06iWE2Q7
YgGAaw/9GxeuTEAK4Lx7DvqhFO9omtPbbA8NiiBRXvs9ZIV3EAf4zWqh4KT7G65+
OtXDcCTpNVjUj8WC+U2DyQuoYRwlJ6TAIui/oGZEY0OHe0d5R87VB7IJlPuNMjD5
hpbETkI+mp7xgEv16TieWRkUkJ9cd7z6qE8c0Mr1+isvlUjcP/wGRco+XQ7V7xeU
/SvvGJAer09kI4oELrhr48GyXLljZkgOQE2q5/MVMNjZIAmnldx/eAK4hT/suzyM
243cEeba4l/K+ZXM3aSMnyvVd3VUQfAtZniQbvzzR0mO1vRYLaIO1R9kU25SCRuF
LS7kRt5zRsvmybBB+IOGQwo/Kfo9UnSxaWwiWNZWJtHbQ50B91lJyzldjTwoPEVs
PRVP1b7+jtoyHEqtqMo5SpRFPF0Tcm1U1mi7tEunubxF8EUOOdizD5EIsBY4Qyol
58Zj8rsMxqeKP2oSgPijgm6u//OvM03YeyRHAxkNXVTO/JVjHNoKiqTkm0hPTEra
cRsFXIHrKKP7fbCXPeNTU1LW4TDmcat8wFl9hhTw7XXVZZt/CYd4yVhry6MVlXWo
8yjUhpptbs1d2ms2VcBPYF6WCrc0EwYQ7NW6NG+OYiXldGWQ9qakBBmKl4AcLfEL
3Hq51d7hkF+oPcbW68vmeuulc8maHTvPMd+W13NjqxPil8wjtqc=
=dKrk
-----END PGP SIGNATURE-----

Node v12.22.5(LTS)

주요 변경사항

  • CVE-2021-3672/CVE-2021-22931: 도메인명에 일반적이지 않은 문자의 부적절한 처리(높음)
    • 도메인 네임 서버가 반환한 호스트 명을 Node.js DNS 라이브러리에서 입력값 유효성 검사를
      하지 않습니다. 이에 Node.js가 원격 코드 실행, XSS에 취약하고, 애플리케이션에
      크래시가 발생할 수 있습니다. 이 유효성 검사 누락 때문에 (도메인 하이재킹이 되는)
      잘못된 호스트 명을 출력할 수 있고 이 라이브러리를 사용하는 애플리케이션에 취약점을
      주입할 수 있습니다. 자세한 내용은
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22931에서 볼 수 있습니다.
  • CVE-2021-22940: 스트림 취소로 http2를 닫을 때의 use after free(높음)
    • 공격자가 프로세스의 동작을 변경하려고 메모리 변조를 악용할 수 있는 곳에서 use after free 공격에
      Node.js가 취약합니다. 이 이슈는 CVE-2021-22930에 대한 수정이 문제를 완전히 해결하지 못했기 때문에
      CVE-2021-22930의 후속 조치입니다. 자세한 내용은
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22940에서 볼 수 있습니다.
  • CVE-2021-22939: rejectUnauthorized 파라미터의 불완전한 유효성 검사(낮음)
    • Node.js https API를 잘못 사용하고 “rejectUnauthorized” 파라미터에 "undefined"를 전달하면
      오류도 반환하지 않고 만료된 인증서를 가진 서버에 연결을 받아들일 것입니다. 자세한 내용은
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22939에서 볼 수 있습니다.

Commits

Windows 32-bit Installer: https://nodejs.org/dist/v12.22.5/node-v12.22.5-x86.msi

Windows 64-bit Installer: https://nodejs.org/dist/v12.22.5/node-v12.22.5-x64.msi

Windows 32-bit Binary: https://nodejs.org/dist/v12.22.5/win-x86/node.exe

Windows 64-bit Binary: https://nodejs.org/dist/v12.22.5/win-x64/node.exe

macOS 64-bit Installer: https://nodejs.org/dist/v12.22.5/node-v12.22.5.pkg

macOS Intel 64-bit Binary: https://nodejs.org/dist/v12.22.5/node-v12.22.5-darwin-x64.tar.gz

Linux 64-bit Binary: https://nodejs.org/dist/v12.22.5/node-v12.22.5-linux-x64.tar.xz

Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v12.22.5/node-v12.22.5-linux-ppc64le.tar.xz

Linux s390x 64-bit Binary: https://nodejs.org/dist/v12.22.5/node-v12.22.5-linux-s390x.tar.xz

AIX 64-bit Binary: https://nodejs.org/dist/v12.22.5/node-v12.22.5-aix-ppc64.tar.gz

SmartOS 64-bit Binary: https://nodejs.org/dist/v12.22.5/node-v12.22.5-sunos-x64.tar.xz

ARMv7 32-bit Binary: https://nodejs.org/dist/v12.22.5/node-v12.22.5-linux-armv7l.tar.xz

ARMv8 64-bit Binary: https://nodejs.org/dist/v12.22.5/node-v12.22.5-linux-arm64.tar.xz

Source Code: https://nodejs.org/dist/v12.22.5/node-v12.22.5.tar.gz

Other release files: https://nodejs.org/dist/v12.22.5/

Documentation: https://nodejs.org/docs/v12.22.5/api/

SHASUMS

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

88ec315734db12686d1ee8cc24c7590f125231b64159b23e8aae3c42083d5480 node-v12.22.5-aix-ppc64.tar.gz
7944aa8bcc25842cac70d7e5454fce3eed1a01867968a3734765a3d6d15a5050 node-v12.22.5-darwin-x64.tar.gz
ee3e7f5d5336de2078cc860356a028238b23dabfb61a9ac3c3345390b7aa9a64 node-v12.22.5-darwin-x64.tar.xz
fc96140443452d6c297857d7065b5c37652a78cc7f1926345fa7684f7723fcc2 node-v12.22.5-headers.tar.gz
6a34def054215d9b9c07e1dcf6c33f0972f65881bbfd89557d65c8e41ac95d8a node-v12.22.5-headers.tar.xz
bfb436a87142e9dc73ed675c81c267490e575f9abfbbc7fa5db227a2ab6b555c node-v12.22.5-linux-arm64.tar.gz
b5f7932ab8bd55aeab087ddc28e03b035350a7f5f929b0cec373351c168f48b0 node-v12.22.5-linux-arm64.tar.xz
0b271c210e26ffb20728dfffa02df47aca896c849968964e2019da67832ee839 node-v12.22.5-linux-armv7l.tar.gz
bdf378d7d35eed3d810145d9b4eaae96224830fbf927a84568ff1c1411d54bcb node-v12.22.5-linux-armv7l.tar.xz
80e042119d98ff4af48e53e6720b696f8c4a2746efbc5d8f5a3857a6b17c1415 node-v12.22.5-linux-ppc64le.tar.gz
7249a1d39642486c27cd00161486673bb1ae9d2f3e5e284097fbab12fc33c0fd node-v12.22.5-linux-ppc64le.tar.xz
d93d1d89a6181bb3c2e04c9bdce2998f19788d576081bb34a5443074d5cad623 node-v12.22.5-linux-s390x.tar.gz
afe6860ea6efa77146e983adcf22aaa5fa38101806fab5c04a8f6354f4421412 node-v12.22.5-linux-s390x.tar.xz
89eaf038c41439dcbc543d1783adc0e9f38ddf07c993c08e111d55fe35dadc21 node-v12.22.5-linux-x64.tar.gz
dde9aeb3fd6994bbadc37f80ec607b24e4681c87d41a27ac838dee7e2ebb887a node-v12.22.5-linux-x64.tar.xz
028a8fadda1a03c5b799d22ec5ca9bb2e2b9cd5cda061e61b247c5edebbd6b6e node-v12.22.5.pkg
72d4f8b840d7c85f15cbd2239c05890c04ddb8f82509dbdeafb0ea5a16ac7159 node-v12.22.5-sunos-x64.tar.gz
6be81560387291ac8905842ed1637162f6a81174492d418bf4607ad4788504a6 node-v12.22.5-sunos-x64.tar.xz
119cf027c9ba0a71268914d02d2aa430f7eeb6adef5a9fa0bc9ed6dd1b12cd8c node-v12.22.5.tar.gz
f927ff6c2ac5a7234596031b18ba03febbcadd2650d375f1a3fd02426687fd14 node-v12.22.5.tar.xz
b61a40a1f51cfc4084c8bf35579bd335c48ebe7e833ab24ff1abb7cf3e27d28d node-v12.22.5-win-x64.7z
dd65b399c28699ba9dfcc3fb158d1c1d361605c92e80aec5ca663ee1d6fb162f node-v12.22.5-win-x64.zip
41f4c0f2dfa71c864dda560208d5fc4cb079e97ef822bc6a7289bc025bb7cf3b node-v12.22.5-win-x86.7z
b5256aa515a58600ce2e8337de0a87fdca8e51f32c15caf5aae09091231945a0 node-v12.22.5-win-x86.zip
6f33477be7491f4911e24400db778f905d2472e5e4ac42b21da5e5965f328c96 node-v12.22.5-x64.msi
4389040aea7ee80135c5aa926277b7c2673c66093d2bad7c27f96fd0603376db node-v12.22.5-x86.msi
c16d71b5a3dfc24f39fe64a3314e95cb6457359024e7834043f555b81664afc7 win-x64/node.exe
28e5c24831deedbf4fb8a9560f2c4f95205479c589f54a9a53ec346f6a5cf8bf win-x64/node.lib
22a430cc5e22c9179120a7354c07a1559ded2b5f5c1067c63d8e9d28a10733ff win-x64/node_pdb.7z
301596333a0f67f5fafe553f3d3ba27113690e39bc3698a21710dc93fd38d7bc win-x64/node_pdb.zip
94702eaed0fed1b8957a960200de06076348a75852d03b1fd54dcf6e9646e7a6 win-x86/node.exe
dad0e6bef1c45f4f43fbf84c33df6b910ace8122eff3f8d39d5ebecd25320ba4 win-x86/node.lib
8e91ab02a99235525a7db217939969cc26cf4ce9d773f6629c61f3e2baa1b814 win-x86/node_pdb.7z
5cf239a1b0ba869ab4a566974d8185918b42cf566b338d4538ff322c6addb5fe win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEETtd49TnjY0x3nIfG1wYoSKGrAFwFAmET+zcACgkQ1wYoSKGr
AFxbFQf/RHldR7NJv/iT+NOVyt4boV6o+qh06aRyITJ17DMB/93LN+6AlIPCQPsP
kbDPid5/WKDvANrFAuTeGGaZjRSKKO3o7FoO8HeZHUQK4ll+L7xCbMtpYD93mMJ2
svjyN57TwF3MjLffUw/Tf70mL7iTehvKrNvcNFqkGJHvKPSkxx30nkWgoJynvVjw
MCzROYgMrKiFPbPHtWmqJ7y43appY2voX/DBPCJ2n9JcD7e/ycL6aEzMN3Dgwhm0
6ggjN1xOT7VPeNkom3My/KWWQVWv1Sw0Hl/wVuSNoxCeIV/38FErDLdCqjEdguLt
isb4vq07Y7R1JGo06Io8m2+iG+c5FQ==
=5G9A
-----END PGP SIGNATURE-----

Node v14.17.5(LTS)

주요 변경사항

  • CVE-2021-3672/CVE-2021-22931: 도메인명에 일반적이지 않은 문자의 부적절한 처리(높음)
    • 도메인 네임 서버가 반환한 호스트 명을 Node.js DNS 라이브러리에서 입력값 유효성 검사를
      하지 않습니다. 이에 Node.js가 원격 코드 실행, XSS에 취약하고, 애플리케이션에
      크래시가 발생할 수 있습니다. 이 유효성 검사 누락 때문에 (도메인 하이재킹이 되는)
      잘못된 호스트 명을 출력할 수 있고 이 라이브러리를 사용하는 애플리케이션에 취약점을
      주입할 수 있습니다. 자세한 내용은
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22931에서 볼 수 있습니다.
  • CVE-2021-22940: 스트림 취소로 http2를 닫을 때의 use after free(높음)
    • 공격자가 프로세스의 동작을 변경하려고 메모리 변조를 악용할 수 있는 곳에서 use after free 공격에
      Node.js가 취약합니다. 이 이슈는 CVE-2021-22930에 대한 수정이 문제를 완전히 해결하지 못했기 때문에
      CVE-2021-22930의 후속 조치입니다. 자세한 내용은
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22940에서 볼 수 있습니다.
  • CVE-2021-22939: rejectUnauthorized 파라미터의 불완전한 유효성 검사(낮음)
    • Node.js https API를 잘못 사용하고 “rejectUnauthorized” 파라미터에 "undefined"를 전달하면
      오류도 반환하지 않고 만료된 인증서를 가진 서버에 연결을 받아들일 것입니다. 자세한 내용은
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22939에서 볼 수 있습니다.

Commits

Windows 32-bit Installer: https://nodejs.org/dist/v14.17.5/node-v14.17.5-x86.msi

Windows 64-bit Installer: https://nodejs.org/dist/v14.17.5/node-v14.17.5-x64.msi

Windows 32-bit Binary: https://nodejs.org/dist/v14.17.5/win-x86/node.exe

Windows 64-bit Binary: https://nodejs.org/dist/v14.17.5/win-x64/node.exe

macOS 64-bit Installer: https://nodejs.org/dist/v14.17.5/node-v14.17.5.pkg

macOS Intel 64-bit Binary: https://nodejs.org/dist/v14.17.5/node-v14.17.5-darwin-x64.tar.gz

Linux 64-bit Binary: https://nodejs.org/dist/v14.17.5/node-v14.17.5-linux-x64.tar.xz

Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v14.17.5/node-v14.17.5-linux-ppc64le.tar.xz

Linux s390x 64-bit Binary: https://nodejs.org/dist/v14.17.5/node-v14.17.5-linux-s390x.tar.xz

AIX 64-bit Binary: https://nodejs.org/dist/v14.17.5/node-v14.17.5-aix-ppc64.tar.gz

ARMv7 32-bit Binary: https://nodejs.org/dist/v14.17.5/node-v14.17.5-linux-armv7l.tar.xz

ARMv8 64-bit Binary: https://nodejs.org/dist/v14.17.5/node-v14.17.5-linux-arm64.tar.xz

Source Code: https://nodejs.org/dist/v14.17.5/node-v14.17.5.tar.gz

Other release files: https://nodejs.org/dist/v14.17.5/

Documentation: https://nodejs.org/docs/v14.17.5/api/

SHASUMS

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

9085e04afb5ac85f70d9ac1080a486022ad14a2e36c0f668cb8a8c23e7f413cf node-v14.17.5-aix-ppc64.tar.gz
2e40ab625b45b9bdfcb963ddd4d65d87ddf1dd37a86b6f8b075cf3d77fe9dc09 node-v14.17.5-darwin-x64.tar.gz
6e1d9e6091b14f5accb03dad7617492442dad83778cc34de45f1818a75b6368b node-v14.17.5-darwin-x64.tar.xz
c8e264312804785020b68ad7afe1c41f3bf2a6aea4bba62f9b8e825cadfdfe49 node-v14.17.5-headers.tar.gz
cc70abea8fdd52c82b45dd9187ee555f6bbe931b33739aa7d8a3c5f25a9f5cac node-v14.17.5-headers.tar.xz
bee6d7fb5dbdd2931e688b33defd449afdfd9cd6e716975864406cda18daca66 node-v14.17.5-linux-arm64.tar.gz
3a2e674b6db50dfde767c427e8f077235bbf6f9236e1b12a4cc3496b12f94bae node-v14.17.5-linux-arm64.tar.xz
c79cc802f6034e9a9583ccbf8ccd17a0d8e0942c136011c0f4c3a475d46614be node-v14.17.5-linux-armv7l.tar.gz
496f7bf14e360026421db1b803575c4f1d3614646ecdaca98d607553579f8904 node-v14.17.5-linux-armv7l.tar.xz
bbcd0142e65614670ac88017290a1b875bfecbe46b35d1a330360b8f2679b85e node-v14.17.5-linux-ppc64le.tar.gz
29f2e1f0e1c13ceb8225bfbfb6ab0a236398eca5ceff602c4f3bc1e7eff88927 node-v14.17.5-linux-ppc64le.tar.xz
469d5a39a81baba588768404b58eb369c14a1667fcb0569c2247461476b6cc0e node-v14.17.5-linux-s390x.tar.gz
7d40eee3d54241403db12fb3bc420cd776e2b02e89100c45cf5e74a73942e7f6 node-v14.17.5-linux-s390x.tar.xz
dc04c7e60235ff73536ba0d9e50638090f60cacabfd83184082dce3b330afc6e node-v14.17.5-linux-x64.tar.gz
2d759de07a50cd7f75bd73d67e97b0d0e095ee3c413efac7d1b3d1e84ed76fff node-v14.17.5-linux-x64.tar.xz
508dca638ee5807601bbaae72307d2413b16cf7f73f92a79b8b070e4c5a83c0b node-v14.17.5.pkg
bd1bb74eae48c7aa7d4519736385e99477d954c6915adefdc3c373be461d1aaa node-v14.17.5.tar.gz
42b1a7ff87580c6058063e943d7d53efa8c236145e6e9c8264ee425b40911fa8 node-v14.17.5.tar.xz
f6e651a76e0158e07ac12753c40739554455f42eec355a651242a28ed979e483 node-v14.17.5-win-x64.7z
a99b7ee08e846e5d1f4e70c4396265542819d79ed9cebcc27760b89571f03cbf node-v14.17.5-win-x64.zip
2f2933bfb42d407b064f83c6047f71b75c55389b4bebf82b7ff5a97f4635ce54 node-v14.17.5-win-x86.7z
122ff403f4fadf9997ff2ceac5e07b6b0efd23294da369a1cf907ec98bf69db7 node-v14.17.5-win-x86.zip
f40926f33c4517a64978050fb8e88110d279a3a15adc962de4002f65ed34e821 node-v14.17.5-x64.msi
53763a06ff498d9deabff2cc6f4041d0a3c3f38f940acb6c8a8339df8d8b3827 node-v14.17.5-x86.msi
a6f14eab020e5b96214b9e08c1add28787526bfc47fa6f449c0e8059908bcb75 win-x64/node.exe
859ceb82ba9af9df5831bb67f45427bfb774aae22e7c0ee52623a3196ec0e1eb win-x64/node.lib
9ccd696aa53573b3882524cf75bcf50ce0e04aca46ac85c11f2705920df9d38b win-x64/node_pdb.7z
113e591eb4c433733ac5ad78764698f230877d441ae28d62faf90a48c7698630 win-x64/node_pdb.zip
23e8f9db8908051153b305b8d1b474d75d6503a1208604d19c39d15799d097c4 win-x86/node.exe
1078be47b9315c81aa3bb989c4bba8ee23e0da9e4854a44006decf45d578833e win-x86/node.lib
facb6feaab3b11bac3b3e571898ebdc9ad0e0049a4d0b14cce0930eb3d8437ac win-x86/node_pdb.7z
795e518e063abdda5866ecf5b4c29683115a6ef83bffb401d4066ada2067d144 win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEETtd49TnjY0x3nIfG1wYoSKGrAFwFAmET+1QACgkQ1wYoSKGr
AFwnXwf/ZTHqyRLj/EzS06OGDdwFOaqY9tU9Cgbqxns98pKV1BbhDAvDKoxzzo+H
9At0g/Sz4t3/p6ElCoh6hhL2DxRHejkktq39ofupz2NP3Ukc/ABomYyPz/EPVJjL
P/ZCJYNB1mwjRDhRpjcAXT3bF53T0+O1rx6T9Xexnp3K3B47dYB+0JSYx7Jh7/0O
JKhBIVOoNXGodNCyW7QLnj4ETg2TywGe2cil2zYeUTO/EOQaWzOxbcI7FFhoBLXw
MRlcOhrmjqJ94rriI9EQzEzIuqvcbnBd/rYe0cWcKfIdjAo+Iqz3p3HD3kzACBML
8C8A/5gTD2hEXplT2mjwUlFK3t8qTg==
=yMp/
-----END PGP SIGNATURE-----

Node v16.6.2(현재 버전)

주요 변경사항

  • CVE-2021-3672/CVE-2021-22931: 도메인명에 일반적이지 않은 문자의 부적절한 처리(높음)
    • 도메인 네임 서버가 반환한 호스트 명을 Node.js DNS 라이브러리에서 입력값 유효성 검사를
      하지 않습니다. 이에 Node.js가 원격 코드 실행, XSS에 취약하고, 애플리케이션에
      크래시가 발생할 수 있습니다. 이 유효성 검사 누락 때문에 (도메인 하이재킹이 되는)
      잘못된 호스트 명을 출력할 수 있고 이 라이브러리를 사용하는 애플리케이션에 취약점을
      주입할 수 있습니다. 자세한 내용은
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22931에서 볼 수 있습니다.
  • CVE-2021-22940: 스트림 취소로 http2를 닫을 때의 use after free(높음)
    • 공격자가 프로세스의 동작을 변경하려고 메모리 변조를 악용할 수 있는 곳에서 use after free 공격에
      Node.js가 취약합니다. 이 이슈는 CVE-2021-22930에 대한 수정이 문제를 완전히 해결하지 못했기 때문에
      CVE-2021-22930의 후속 조치입니다. 자세한 내용은
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22940에서 볼 수 있습니다.
  • CVE-2021-22939: rejectUnauthorized 파라미터의 불완전한 유효성 검사(낮음)
    • Node.js https API를 잘못 사용하고 “rejectUnauthorized” 파라미터에 "undefined"를 전달하면
      오류도 반환하지 않고 만료된 인증서를 가진 서버에 연결을 받아들일 것입니다. 자세한 내용은
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22939에서 볼 수 있습니다.

Commits

Windows 32-bit Installer: https://nodejs.org/dist/v16.6.2/node-v16.6.2-x86.msi

Windows 64-bit Installer: https://nodejs.org/dist/v16.6.2/node-v16.6.2-x64.msi

Windows 32-bit Binary: https://nodejs.org/dist/v16.6.2/win-x86/node.exe

Windows 64-bit Binary: https://nodejs.org/dist/v16.6.2/win-x64/node.exe

macOS 64-bit Installer: https://nodejs.org/dist/v16.6.2/node-v16.6.2.pkg

macOS Apple Silicon 64-bit Binary: https://nodejs.org/dist/v16.6.2/node-v16.6.2-darwin-arm64.tar.gz

macOS Intel 64-bit Binary: https://nodejs.org/dist/v16.6.2/node-v16.6.2-darwin-x64.tar.gz

Linux 64-bit Binary: https://nodejs.org/dist/v16.6.2/node-v16.6.2-linux-x64.tar.xz

Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v16.6.2/node-v16.6.2-linux-ppc64le.tar.xz

Linux s390x 64-bit Binary: https://nodejs.org/dist/v16.6.2/node-v16.6.2-linux-s390x.tar.xz

AIX 64-bit Binary: https://nodejs.org/dist/v16.6.2/node-v16.6.2-aix-ppc64.tar.gz

ARMv7 32-bit Binary: https://nodejs.org/dist/v16.6.2/node-v16.6.2-linux-armv7l.tar.xz

ARMv8 64-bit Binary: https://nodejs.org/dist/v16.6.2/node-v16.6.2-linux-arm64.tar.xz

Source Code: https://nodejs.org/dist/v16.6.2/node-v16.6.2.tar.gz

Other release files: https://nodejs.org/dist/v16.6.2/

Documentation: https://nodejs.org/docs/v16.6.2/api/

SHASUMS

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

2a51635501451a88f6addc192a79b6d36cc40dcf3a198a54037ab26fa6305043 node-v16.6.2-aix-ppc64.tar.gz
29e46e83f6837ff1c815c49f590c25fa51b0811a6590c62120a9d464ba431fc6 node-v16.6.2-darwin-arm64.tar.gz
befbfdec7c2118689544ef596e990aae2fcd1227707c6a8475056be14ce2ee8d node-v16.6.2-darwin-arm64.tar.xz
74e95aca0ea88ed2d9270dccc1e3e62500912be5fef1528bb11f178c468f312c node-v16.6.2-darwin-x64.tar.gz
21c9417c38d9bee140c659f7cf11806ec866af3f7053bd17ec45757a902c9956 node-v16.6.2-darwin-x64.tar.xz
7764da71e22d57746d65eb408dc80cbd7f6eed7f38b558684fa60571d1c69b26 node-v16.6.2-headers.tar.gz
e4bf9c8db91d149d9f3cebd79621571079ffb9d92dca10e7d260120ff99b428e node-v16.6.2-headers.tar.xz
c51a94f28a29c390d20445d9b334a9808d3166bd244ebc03852d23c0b17a93ca node-v16.6.2-linux-arm64.tar.gz
d885ffcef367a010e2b21a283ec96721e92b29f222de5d943bc7188e48f30349 node-v16.6.2-linux-arm64.tar.xz
1ba5287c941cef2da53c0d80db7db7124971b1c933f222ca7f2eb833e1817f35 node-v16.6.2-linux-armv7l.tar.gz
9756e763910ab7277346307fb5c4d34370ab3bb7d957129f58a65bf69f2af93b node-v16.6.2-linux-armv7l.tar.xz
a966ea0d258c0e4a2c23b77f49f85bd7a4a4ff674fcd0d625a7fa48370d14d15 node-v16.6.2-linux-ppc64le.tar.gz
c2ee7961f1f217b0cc57a15efc3372b0495f6e1775a3e7f50b153b9db7c46be9 node-v16.6.2-linux-ppc64le.tar.xz
31e27413ff29607af54fcf842105a5290f2556add1b009b8e28240f96f742638 node-v16.6.2-linux-s390x.tar.gz
c3d6b4f7bf055f257abc07862743b614bdba00fd096a863eaadc700ae0939c98 node-v16.6.2-linux-s390x.tar.xz
913913f62416b96dee5f463b54e1adebaf669dd2ff3b047d6290deadc3003d97 node-v16.6.2-linux-x64.tar.gz
90c88cf6ca06dcd6d20c2b6dba5ff84d1f831446c25ef650f86e86bb94239353 node-v16.6.2-linux-x64.tar.xz
5bb14dafbac87efb74d3e050a90de68eb407ecadd52f12a1b4e937ec59884792 node-v16.6.2.pkg
e8df4a0084c379a37c11b315b7d068760a38598119d7ca9262977adcbbb58933 node-v16.6.2.tar.gz
8794cba1f971e4200a38690c76d7cc0a3bd1cba96fbf4305dfbe21fc459d79eb node-v16.6.2.tar.xz
152e36fe0493f37d3be939c7f9c3a975c9f39a3346d66787b59e2db28ed2eeb6 node-v16.6.2-win-x64.7z
e7e05eb133fce48b76b4db6714d80aea90872afec176599585bc1aa457fb41b9 node-v16.6.2-win-x64.zip
b40c0f3bf401ff56c558de3a24b33101273c622e664e1e5df4d08444aa4ae7df node-v16.6.2-win-x86.7z
b7324b70ed37e14878cde39cd69099368513068495b25d97f1423591c0206685 node-v16.6.2-win-x86.zip
6cb05e722749c98cc9d0d1b2ef0c3a4c5c05da83a00b4ef04cee0bd4a3cfbbc7 node-v16.6.2-x64.msi
22b21336d6ae8d16a1e45d38bd198831aa27ddf8a61d52831cfbd3ba5d2866e0 node-v16.6.2-x86.msi
9c99a5255dabc044bd262df07ec8e6ba3351e38d003121ed8739906bf5f0eb42 win-x64/node.exe
e7484e4552df7e992e5d409e518aa467555769dc85917da408d41f85c4f2823d win-x64/node.lib
a44ba1e9c42f84d80a9c29871a22c687e7f35ae358a898813d50b02866b8d6e9 win-x64/node_pdb.7z
bfdfedc1829855dcb1545661963dcb98d72ea517a4be3926a8c35f5120a72637 win-x64/node_pdb.zip
5dc410d110cb86a0e9fd58f30b5c1208915e733e3ab222e71fbdb0aa1a3755f3 win-x86/node.exe
7821ab6af3cef68eee042ef6b7fb2185eafff8bd4e4c988c8fc6c1d0242d2bcd win-x86/node.lib
cee7fe2c53d99e9c7bca0e7485a35c49d0f01ad131a790199cdb68e1383b946d win-x86/node_pdb.7z
32f1c9673025980c1563bf173c02bf3ae81a0a8c0e30673a3e906b3adff0519a win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEETtd49TnjY0x3nIfG1wYoSKGrAFwFAmET+3QACgkQ1wYoSKGr
AFxCGAgAs2V2hTNMfXb7C82V45tyi5tg2CIWtv98Ewc5py0tuVPbWmUO8enPP0AO
u4VAidwH3q4FT1xlVakC3QQL9qf13yi5fdLyHxfToCu2TP4U1avV8CWymdG/gPYz
wn6IBurWn/a3RRnva+euUEUubSAvRk5QrujAgkmcuAkXXQAo1pjbKjeKJ2NLnVeC
9dUISRz7XtmYEmAO8Fyszv/7JbZuNthd/VITDY9taWfN46nlcYwLSA54vqYj5nG9
AJoCKd5t/T5CMGOAc1/rtytFrXVBiCcSQLilFFy7In0oVQeT3EvtQmQENfdbwr3r
uCe9lxACJp/+lq2VZXlKFQpkzDxong==
=6UuH
-----END PGP SIGNATURE-----

2021년 8월 보안 릴리스

(2021년 8월 11일 업데이트) 보안 릴리스를 사용할 수 있습니다.

다음 이슈에 대해 v16.x, v14.x, v12.x 버전의 Node.js 릴리스 라인의 업데이트를 이용할 수 있습니다.

c-ares 업그레이드 - 도메인명에 일반적이지 않은 문자의 부적절한 처리(높음) (CVE-2021-22931)

도메인 네임 서버가 반환한 호스트 명을 Node.js DNS 라이브러리에서 입력값 유효성 검사를 하지 않습니다.
이에 Node.js가 원격 코드 실행, XSS에 취약하고, 애플리케이션에 크래시가 발생할 수 있습니다.
이 유효성 검사 누락 때문에 (도메인 하이재킹이 되는) 잘못된 호스트 명을 출력할 수 있고 이 라이브러리를
사용하는 애플리케이션에 취약점을 주입할 수 있습니다.

자세한 내용은 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22931에서 볼 수 있습니다.

영향받는 버전:

  • 16.x, 14.x, 12.x 릴리스 라인의 모든 버전

이 취약점을 보고해 준 Fraunhofer SIT의 Philipp Jeitner에게 감사드립니다.

스트림 취소로 http2를 닫을 때의 use after free(높음) (CVE-2021-22940)

공격자가 프로세스의 동작을 변경하려고 메모리 변조를 악용할 수 있는 곳에서 use after free 공격에
Node.js가 취약합니다. 이 이슈는 CVE-2021-22930에 대한 수정이 문제를 완전히 해결하지 못했기 때문에
CVE-2021-22930의 후속 조치입니다.

자세한 내용은 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22940에서 볼 수 있습니다.

영향받는 버전:

  • 16.x, 14.x, 12.x 릴리스 라인의 모든 버전

원래의 취약점을 보고하고 잔여 이슈도 찾도록 도와준 Eran Levin(exx8)에게 감사드립니다.

rejectUnauthorized 파라미터의 불완전한 유효성 검사(낮음) (CVE-2021-22939)

Node.js https API를 잘못 사용하고 “rejectUnauthorized” 파라미터에 "undefined"를 전달하면
오류도 반환하지 않고 만료된 인증서를 가진 서버에 연결을 받아들일 것입니다.

자세한 내용은 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22939에서 볼 수 있습니다.

영향받는 버전:

  • 16.x, 14.x, 12.x 릴리스 라인의 모든 버전

이 취약점을 보고해 준 HTTP Toolkit의 Tim Perry에게 감사드립니다.

다운로드와 릴리스 상세 내용


요약

다음 이슈를 해결하려고 Node.js 프로젝트는 2021년 8월 11일 수요일쯤 지원하는 모든 릴리스 라인의 최신 버전을 릴리스할 것입니다.

  • 높은 심각도의 이슈 두 개와 낮은 심각도의 이슈 한 개

영향

Node.js 16.x 릴리스 라인은 높은 심각도의 이슈 두 개와 낮은 심각도의 이슈 하나에 취약합니다.

Node.js 14.x 릴리스 라인은 높은 심각도의 이슈 두 개와 낮은 심각도의 이슈 하나에 취약합니다.

Node.js 12.x 릴리스 라인은 높은 심각도의 이슈 두 개와 낮은 심각도의 이슈 하나에 취약합니다.

릴리스 시기

릴리스는 2021년 8월 11일 수요일쯤 사용 가능할 예정입니다.

연락처 및 향후 업데이트

현재 Node.js의 보안 정책은 https://nodejs.org/en/security/에서 볼 수 있습니다.
Node.js의 취약점을 보고하고 싶다면
https://github.com/nodejs/node/blob/master/SECURITY.md에 정리된 절차를 따르기 바랍니다.

Node.js의 보안 취약점과 보안과 관련된 릴리스의 최신 정보를 얻으려면
https://groups.google.com/forum/#!forum/nodejs-sec에서 소수의 공지만 하는
nodejs-sec 메일링 리스트를 구독해 주세요. 이 프로젝트는 nodejs GitHub 조직에서 관리하고 있습니다.

Node v16.6.1(현재 버전)

주요 변경사항

  • npm을 7.20.3으로 업데이트했습니다.(npm team) #39579
  • 일부 네이티브 모듈에 영향을 줄 수 있는 V8 9.2의 ABI 호환성을 깨뜨린 변경사항을 되돌렸습니다.(Michaël Zasso) #39624
  • 최소한 Webpack과 Jest에 영향을 준다고 밝혀진 오류 처리의 버그를 수정했습니다.(Guy Bedford) #39593

Commits

  • [6c769ccedf] - build: override python executable path on configure (legendecas) #39465
  • [cbf6a01c17] - crypto: fix generateKeyPair with encoding ‘jwk’ (himself65) #39319
  • [3091295609] - deps: revert ABI-breaking change from V8 9.2 (Michaël Zasso) #39624
  • [06d7b8e8c8] - deps: upgrade npm to 7.20.3 (npm team) #39579
  • [7b612fadc2] - doc: fix crypto.hkdf callback derivedKey type (Filip Skokan) #39453
  • [7a731efd97] - doc,lib,test: rename HKDF ‘key’ argument (Tobias Nießen) #39474
  • [93bbaa0ce9] - module: fix ERR_REQUIRE_ESM error for null frames (Guy Bedford) #39593
  • [e13162de09] - module: refine enrichCJSError (Antoine du Hamel) #39507
  • [815fbec6f1] - repl: do not include legacy getter/setter methods in completion (Anna Henningsen) #39576
  • [0405c8d3f0] - zlib: avoid converting Uint8Array instances to Buffer (Antoine du Hamel) #39492

Windows 32-bit Installer: https://nodejs.org/dist/v16.6.1/node-v16.6.1-x86.msi

Windows 64-bit Installer: https://nodejs.org/dist/v16.6.1/node-v16.6.1-x64.msi

Windows 32-bit Binary: https://nodejs.org/dist/v16.6.1/win-x86/node.exe

Windows 64-bit Binary: https://nodejs.org/dist/v16.6.1/win-x64/node.exe

macOS 64-bit Installer: https://nodejs.org/dist/v16.6.1/node-v16.6.1.pkg

macOS Apple Silicon 64-bit Binary: https://nodejs.org/dist/v16.6.1/node-v16.6.1-darwin-arm64.tar.gz

macOS Intel 64-bit Binary: https://nodejs.org/dist/v16.6.1/node-v16.6.1-darwin-x64.tar.gz

Linux 64-bit Binary: https://nodejs.org/dist/v16.6.1/node-v16.6.1-linux-x64.tar.xz

Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v16.6.1/node-v16.6.1-linux-ppc64le.tar.xz

Linux s390x 64-bit Binary: https://nodejs.org/dist/v16.6.1/node-v16.6.1-linux-s390x.tar.xz

AIX 64-bit Binary: https://nodejs.org/dist/v16.6.1/node-v16.6.1-aix-ppc64.tar.gz

ARMv7 32-bit Binary: https://nodejs.org/dist/v16.6.1/node-v16.6.1-linux-armv7l.tar.xz

ARMv8 64-bit Binary: https://nodejs.org/dist/v16.6.1/node-v16.6.1-linux-arm64.tar.xz

Source Code: https://nodejs.org/dist/v16.6.1/node-v16.6.1.tar.gz

Other release files: https://nodejs.org/dist/v16.6.1/

Documentation: https://nodejs.org/docs/v16.6.1/api/

SHASUMS

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

02581dbbfc2886dec326c3fca70c0f17e82491563057889dc630e5c055754c02 node-v16.6.1-aix-ppc64.tar.gz
8b766a2bcc686f968146b09892f24cfbeaebb547a4d50744d9af80def5221613 node-v16.6.1-darwin-arm64.tar.gz
3565e5c86067325db710490a6d2a41d1044e944d9346046e813543ec92ee7a4e node-v16.6.1-darwin-arm64.tar.xz
bca84deb7bf6c57537b3af44997d985045c95b5048fc5665cdc7f54d5c147516 node-v16.6.1-darwin-x64.tar.gz
711fea396b0a1c564b519c909be3afc938f75ad95d3ea9125e2187eb7e3ce1bf node-v16.6.1-darwin-x64.tar.xz
a87003ca6f43a23d611637b4a39b5d255f1a0ed5ad9423134fc9ed61a6fca364 node-v16.6.1-headers.tar.gz
3c9bfa2d4594ff8f4baee01652ceb2a05c5d5e44100afd94a7ee6b347721e1e0 node-v16.6.1-headers.tar.xz
ecab5720035b6bb97564b05df527d49a37489dcba6a244c0f1c7c801bb2755f7 node-v16.6.1-linux-arm64.tar.gz
59867dccc1f392416e9301a94b9df19faa38d0b0d1d2f1cea174835dff1a1cb0 node-v16.6.1-linux-arm64.tar.xz
04268fda50beb3aa116e150adcd3175cde17166b1f40079765da281fa73cc6cb node-v16.6.1-linux-armv7l.tar.gz
903e30b38f67bb128d2e1ff520fc2fdabede1029338010b1304c9c081236859e node-v16.6.1-linux-armv7l.tar.xz
9830281e2d553590c4a53d5d8327a2887df5b65452f5fa55ccd9ae597fcc247b node-v16.6.1-linux-ppc64le.tar.gz
9392e583f24d41c1e5f5625171d963fa01e924b3b38cdd7632f249e8e491e958 node-v16.6.1-linux-ppc64le.tar.xz
fec6745555b477fbb62440b0306c8b4717980778bf8f0d5fd497915508775bd0 node-v16.6.1-linux-s390x.tar.gz
878cb8dfe48312fe40ab9fc320395e8322e8d9e1db4821539dcc6e2b006d8616 node-v16.6.1-linux-s390x.tar.xz
e7e4149626ccd0653783ee8aef81eb50fa7ada2f9f7cbc031969b3b1ac3ffa6b node-v16.6.1-linux-x64.tar.gz
ff95e86c3161859251cf659a76be63d99fc45e2380addf634812e5afebac961a node-v16.6.1-linux-x64.tar.xz
1ab44e48c45c9fdc8a91b7339f610f7e0d87801640769c041d8649d00157d79f node-v16.6.1.pkg
36467b8a4e7e3bacc2f4f1709a83b0506429d1999bc461e5e363bc91d3437c09 node-v16.6.1.tar.gz
79b1ea058cc67f2a69462cd5f2467a1efe08c64299c053da70384ce1a0e3e557 node-v16.6.1.tar.xz
5b85e20f14c0c9a9c4ac6f867f8bcf47a09c645930707f7b766322065e719ed3 node-v16.6.1-win-x64.7z
ec5dce1e182172cc7edc8d56c377f4d106232b2b14127bd2a1565497448504e9 node-v16.6.1-win-x64.zip
a798038fcae1c02e831d42e5d7ca76b643905fd9716bf11a4357cfa903148fea node-v16.6.1-win-x86.7z
395ce9ac6c7204ccac8f16dfa158306ec42cf1a1ffc29f40076dcdafe78bd328 node-v16.6.1-win-x86.zip
b3f74a4b6c8d31bb33b08228c6797b1f6d10b0bcf096f2d7287bcc225dfb237d node-v16.6.1-x64.msi
7a5a849bc890aee91a2ff0285fe90e6ddc793b4f265792ce70b50595f6e0543b node-v16.6.1-x86.msi
cb88167e067634cc8053a5204364fbb3fcabe5f6b3b1a67b38f67c21ad72acb3 win-x64/node.exe
e7484e4552df7e992e5d409e518aa467555769dc85917da408d41f85c4f2823d win-x64/node.lib
0eae256767c33fb44eab2c02972d1d835bcf6e6a430b6698e9120aeb4c49124f win-x64/node_pdb.7z
a40ddd793650ff3801aa149523ce98a9a4c66bbf9fc69d0cea0c9eaaba635d28 win-x64/node_pdb.zip
c0bb2eb9118c32a2ec9c3dffc7155adbb29962d5ec88d337e30488e6e983993c win-x86/node.exe
7821ab6af3cef68eee042ef6b7fb2185eafff8bd4e4c988c8fc6c1d0242d2bcd win-x86/node.lib
b83ed322a47a81b56200e744457e286a07d7c48e15b8a71a63a9c0fc73276ce5 win-x86/node_pdb.7z
ea5cfb3d53b8614d5f4941ffac6f8277e6998cc2f85f3a26e0838db533b21c61 win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEj8yhP+8dDC6RAI4Jdw96mlrhVgAFAmEI+QAACgkQdw96mlrh
VgBSxw/+NGa6SVZ7iXM6FWFVq+nfuiCy6bbUov6sbTnk9h1XXN4nHdPfVoJU50Jh
Act+AVa2DOrf60JXl8YhATxkx5H3x4ksB9u6lVByhwdGFXnhw6tgtMNKPoHvakEb
hOdXWLCi6KIQpfhR7gpuxvUTjpn3fHJxMfb/YXnJHX0DEct+7XnwAjpuY3XtldUr
sfDTBtQQVH/7CpevnTHjsARoWnRC8EZ2kZ2QD8DpdQPTkfcwQElashnuHLeFCYSV
oPQtFn0moKDvfMl7+AHARBSYPtloJ1ySfaYZk/0DA+cDVmAhlbmmIem7E0vyn3lf
MWdEiEegDOZk8kSymQIg4jpeJxLkAhipbvOsKhFuIyBIk5nPMlZE5kWa/VsQUZfc
ruhQB8uDyHJB2QEixfwBl8UV4Zbe4uaawVgeykAo6qBkONGv5NdKUWO7wHVOYtgT
dAK3ggfAR2BWF75Qn4f44PBHOOiZDwoBolAGN5Xa5x/TwOL7hmAAGFNU4m3yy/8Q
60lKs9HrW1t+FJT/vLR/sbMB1hvdTWvaK06knrCpZ+n4jjxwWK6oYkVjZD94TSlz
aBbj+OOcO2MG9nGzqVDseAK8pwpHo9okiHd7xbuSNXRVsh28cOVEWVYpRkRWPu1f
/YUnd9apXKduE74AcYx7xMPLJinHwwGhd1BPeP/WrF3bQ3/58EQ=
=MTC/
-----END PGP SIGNATURE-----

Node v12.22.4(LTS)

주요 변경사항

  • CVE-2021-22930: 스트림 취소시 http2를 종료할 때 메모리 해제 후 참조 문제 (높음)

Commits

Windows 32-bit Installer: https://nodejs.org/dist/v12.22.4/node-v12.22.4-x86.msi

Windows 64-bit Installer: https://nodejs.org/dist/v12.22.4/node-v12.22.4-x64.msi

Windows 32-bit Binary: https://nodejs.org/dist/v12.22.4/win-x86/node.exe

Windows 64-bit Binary: https://nodejs.org/dist/v12.22.4/win-x64/node.exe

macOS 64-bit Installer: https://nodejs.org/dist/v12.22.4/node-v12.22.4.pkg

macOS Intel 64-bit Binary: https://nodejs.org/dist/v12.22.4/node-v12.22.4-darwin-x64.tar.gz

Linux 64-bit Binary: https://nodejs.org/dist/v12.22.4/node-v12.22.4-linux-x64.tar.xz

Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v12.22.4/node-v12.22.4-linux-ppc64le.tar.xz

Linux s390x 64-bit Binary: https://nodejs.org/dist/v12.22.4/node-v12.22.4-linux-s390x.tar.xz

AIX 64-bit Binary: https://nodejs.org/dist/v12.22.4/node-v12.22.4-aix-ppc64.tar.gz

SmartOS 64-bit Binary: https://nodejs.org/dist/v12.22.4/node-v12.22.4-sunos-x64.tar.xz

ARMv7 32-bit Binary: https://nodejs.org/dist/v12.22.4/node-v12.22.4-linux-armv7l.tar.xz

ARMv8 64-bit Binary: https://nodejs.org/dist/v12.22.4/node-v12.22.4-linux-arm64.tar.xz

Source Code: https://nodejs.org/dist/v12.22.4/node-v12.22.4.tar.gz

Other release files: https://nodejs.org/dist/v12.22.4/

Documentation: https://nodejs.org/docs/v12.22.4/api/

SHASUMS

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

efc0252457e8bbc4d703a672e2f58a4da9ebc14eb07e7a16c9dab2fbc732f6a5 node-v12.22.4-aix-ppc64.tar.gz
6e6842468ff8b50562098e41f9fb6af7c3acbefbd018696f4ac7c2d9b7faac48 node-v12.22.4-darwin-x64.tar.gz
0c8fe8b0c6c8d34eda207d81431dfe7669de62e26b9ba900f81281b12e0d87aa node-v12.22.4-darwin-x64.tar.xz
a13fded3cc808fe8396b97af065450db8e458bdcb7171cfc4e19e6ff0006eee4 node-v12.22.4-headers.tar.gz
8c66ac12087638124967bfc91f55722119018f9ff8fc3be79171f75935d811f1 node-v12.22.4-headers.tar.xz
c104dff52409d27836f7c4529c7f3cce6c76a521b8b834e338bcbf6eed4abc18 node-v12.22.4-linux-arm64.tar.gz
db84c7a5a34ffdaabcc3edd715f0ce71158306b10e3d85c8a3d4f894eeab8cf8 node-v12.22.4-linux-arm64.tar.xz
8d5164221a89c3ae4e7cbb5a5bb5b22fd3bf87d058295fe97e1b1e3376fafe33 node-v12.22.4-linux-armv7l.tar.gz
2484a2f7161eda044e0b83c421a734ff615d869eea9fc501b687edb6efa889eb node-v12.22.4-linux-armv7l.tar.xz
2f8243adeb44aba9f1ff7ca62f79c923fd08093787e3b045e40c96d56311f733 node-v12.22.4-linux-ppc64le.tar.gz
cf7c930124a62bc7255977643fdc902b4edcdc084d4b062f6c5b0ef8efd09234 node-v12.22.4-linux-ppc64le.tar.xz
a26088c02efa4cf07c5b8aaf9bf1678c83991bc8ef36683cd5846563d67e2730 node-v12.22.4-linux-s390x.tar.gz
d080306bb610e73e4d36303773927551b781254e2960d6886c6878933a3ef3f4 node-v12.22.4-linux-s390x.tar.xz
2dde8a22ad15b8e270fee42ab40de71aed7bd97c10e7d04cd826430400fff601 node-v12.22.4-linux-x64.tar.gz
b699789d93a8d1435bf0b90a859423c9595148830a9304a78b4795d9104a128b node-v12.22.4-linux-x64.tar.xz
4f1894cd9e8ded74b72cad2686b01bf8fa50cbe2154a6f0f3735800868c1c7f2 node-v12.22.4.pkg
466efc26a1fd5ed4881e943ed90d62eff307cac85802b4aacaa468b72e4e1fdb node-v12.22.4-sunos-x64.tar.gz
91db23b05a146166a5093eb30ee22a379a61a23eca492824b3192887b912d23c node-v12.22.4-sunos-x64.tar.xz
613b5a895d85d72b4aa495bdf0ffa483ad8b33635a173c4beb94d2842db740f5 node-v12.22.4.tar.gz
44cd4eab131e5282fc923e9e720d983a0b44c12e4aa4f6c3598dc97ae1e4cd4c node-v12.22.4.tar.xz
ddf59d18b64fdd4c3d1376195ad474dab50805e1c29be49368f01970d561066b node-v12.22.4-win-x64.7z
b0f0981a417fad6eca2e012958fd2597ce51f441cc8615ca121752ea1c29de0c node-v12.22.4-win-x64.zip
0001277cb16722efde2ce3ed9314432a63a4919b79e0d40253775468c3238f30 node-v12.22.4-win-x86.7z
dabb1adb657c941d61dde77d7b703d50c8b93ceba98f4b2064bcdff334bbfbb8 node-v12.22.4-win-x86.zip
5caf61f114e46f04fdb57fc1607b62156d80afc6cf52e39854938ba09f6e9476 node-v12.22.4-x64.msi
687f43f366451ad1a8c2b1fbd19ebb816722ed86e68554be207de9ce47a030c6 node-v12.22.4-x86.msi
29398272a82800e055dbca73c976afe4ee0030b42b6436b5b993eb96774372c7 win-x64/node.exe
28e5c24831deedbf4fb8a9560f2c4f95205479c589f54a9a53ec346f6a5cf8bf win-x64/node.lib
3940b0fc29b083bb042b96a22349b80e16c1622acb69de7bb8788aaadc93e9bb win-x64/node_pdb.7z
6d0f10e5399955c92857404fbce668366615e2ddc4f31d40a91ff31a8b10aa6f win-x64/node_pdb.zip
9f9265a24ea3dc71e2df7951d7b0978ff54e43c4ed20b9935fd44e40f3086bcb win-x86/node.exe
dad0e6bef1c45f4f43fbf84c33df6b910ace8122eff3f8d39d5ebecd25320ba4 win-x86/node.lib
5e54a615f013ed6c89c6b569c570c5089901edf328152ac806382dfb69e7ba4c win-x86/node_pdb.7z
69b88e655b4b8eff5975105d25566a71ddecfbf1f1c6f0f08210eca5ce35a040 win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEyC+jrhy+3Gvka5NgxDzsRcF6uTwFAmEC2vsACgkQxDzsRcF6
uTw/tw/+MnzYxvM25CUEAEwTe9USs2IC6ro0e6+LL2F/XkEaECt8eOtfpZhF+4Yj
SzL+A82RxctYZEn6nOzTyrRV0PGH8sce4zV7KlK/fwD7xBQ2WmL5V2pffgTEPe7G
brWtdRHBsQg3Y3MfwhZdxldhNbcsrfD1L+rkcybTtYYJHfV2QgwjftBk3/hTs7Ma
EKZFlPapAXW1EeXEg+q7dMtrjxq/McIfoud+gsb5oouJ9bZ2ie2hVR6JS0xkLpix
FVf/v1uqBqQiFaQNOhQawajI8UN6hcOA2OwHO6kCCHUSOdy9aCMYQajaq0RmSD/t
VaElU98+35emRwbPyBTbfoXfDwqAhlHTUgn/7iExBCqIJU37FrkPghXJPQBgK7Rs
x8upnGl/239iyyw7/ATkO9Ibta4fKLMQc3ZF5Go+0M6omCfLPoMLAt3jrUyRKJvF
k+oOhKInTgPD0xm+n2S8rl5NbjsBUOW1WVONrvp1KcQBM4rvh/AZT8U09ejP1pZq
vFddPRYF1pyNnGtyTdpi1jcPWgcEnSSror51rYeUlE5UJtshICq7bALXNHiusEFe
iihjzTi4ef/eLyzxTYSNvGfBBO+Tt61O5r7r6xmRWG7HPZ+QxZd/rBsUk6zdvpFR
PQIAIOzSYDpp+pfULl78La9hY/1KEVbxvg+TWm+VZiyrc2aajaE=
=GiEb
-----END PGP SIGNATURE-----

Node v14.17.4(LTS)

주요 변경사항

  • CVE-2021-22930: 스트림 취소시 http2를 종료할 때 메모리 해제 후 참조 문제 (높음)

이 릴리스는 Node.js 14.17.0과 14.17.1에서 ICU 업데이트 때문에 다시 발생한 국제화 관련 회귀 문제도 수정합니다.

Commits

Windows 32-bit Installer: https://nodejs.org/dist/v14.17.4/node-v14.17.4-x86.msi

Windows 64-bit Installer: https://nodejs.org/dist/v14.17.4/node-v14.17.4-x64.msi

Windows 32-bit Binary: https://nodejs.org/dist/v14.17.4/win-x86/node.exe

Windows 64-bit Binary: https://nodejs.org/dist/v14.17.4/win-x64/node.exe

macOS 64-bit Installer: https://nodejs.org/dist/v14.17.4/node-v14.17.4.pkg

macOS Intel 64-bit Binary: https://nodejs.org/dist/v14.17.4/node-v14.17.4-darwin-x64.tar.gz

Linux 64-bit Binary: https://nodejs.org/dist/v14.17.4/node-v14.17.4-linux-x64.tar.xz

Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v14.17.4/node-v14.17.4-linux-ppc64le.tar.xz

Linux s390x 64-bit Binary: https://nodejs.org/dist/v14.17.4/node-v14.17.4-linux-s390x.tar.xz

AIX 64-bit Binary: https://nodejs.org/dist/v14.17.4/node-v14.17.4-aix-ppc64.tar.gz

ARMv7 32-bit Binary: https://nodejs.org/dist/v14.17.4/node-v14.17.4-linux-armv7l.tar.xz

ARMv8 64-bit Binary: https://nodejs.org/dist/v14.17.4/node-v14.17.4-linux-arm64.tar.xz

Source Code: https://nodejs.org/dist/v14.17.4/node-v14.17.4.tar.gz

Other release files: https://nodejs.org/dist/v14.17.4/

Documentation: https://nodejs.org/docs/v14.17.4/api/

SHASUMS

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

58e4ca29b0585ebeb1dbf5a701d9959dda219b5bdf6d8363213f51a779d395da node-v14.17.4-aix-ppc64.tar.gz
5c055a295e030cb789e2925b4c0647f7aaf461ffe5f2a08145c0605fb83ad4e0 node-v14.17.4-darwin-x64.tar.gz
f86bb831a371b3720e4d0037e4e77ffa427afdbd14e96d9fd16202fbbd84ce7d node-v14.17.4-darwin-x64.tar.xz
24fa6a3925027980e32cfa2555d1cc9eca989db6c0890fe1e12e1c9f9ef4baa7 node-v14.17.4-headers.tar.gz
9515893f1f6b844b179120d95e34ee2edbd47741291456ab69913184bdb9368c node-v14.17.4-headers.tar.xz
88b130c8f08a2baafb4e4c953ad46ba69cc60210da7d95c558c7ae3456beb825 node-v14.17.4-linux-arm64.tar.gz
4c42f31e7b52980e6bb930a7c2872e6e29533828c40623ba39e1c847e9ee6c89 node-v14.17.4-linux-arm64.tar.xz
e5452a8786ea018fe9c588ffe05ca4b4b66d6a7cda1f6352bda9bd0d0421e325 node-v14.17.4-linux-armv7l.tar.gz
df65ca9aea52b693b82638077a46218ae555160a20a8a5b0edd15ff0b3438c2b node-v14.17.4-linux-armv7l.tar.xz
67dc73c42d08b5b365da37354568555e404aa902bf17dfe35f5b3ecbf699700b node-v14.17.4-linux-ppc64le.tar.gz
255fffa3b2a78b86aa7dce7b65442bb2092d99be74d2f326f1dd66f7a1931b5d node-v14.17.4-linux-ppc64le.tar.xz
b169c8b3821e3360be90bde075e28bf4632c5d36ce97d8c30b10411abc960ac8 node-v14.17.4-linux-s390x.tar.gz
3e086d99c3e303a05657c04053df9e31e46a7cdf0245b1022ddecd0fc0e14663 node-v14.17.4-linux-s390x.tar.xz
99cc7115a30fe62abf06145d57b314092c9bf27499da85413a12f50140199619 node-v14.17.4-linux-x64.tar.gz
db18c54ebe01974d46198b08729249acbb0dcdc9aea82b53eec913f8c56035c6 node-v14.17.4-linux-x64.tar.xz
aaf06036afcc730971e9048b72ea6c79659a1fcc15d810ed822d33f51c35c848 node-v14.17.4.pkg
70c75f21ac601ae9e0fd86bdfd4e13e4d302f42b4fafcd6d21804b043a571c36 node-v14.17.4.tar.gz
ae7bf4e784f8c8027ffa1e3757f37d2bd5925d0c48988c4d7f07e4515853cf2c node-v14.17.4.tar.xz
0de71309336bc324bc5155867dc9d8d6337d83c1eed4777141ae83e967b3aca1 node-v14.17.4-win-x64.7z
d82a3ca777b4dccc97aa391eb483325cda731e0ae9b3a5669dbf34bb8defde6e node-v14.17.4-win-x64.zip
67caaa209d2d938f763f1a9ab08b3e30c06b2f18bf5c5d90b1198d0ddbd35feb node-v14.17.4-win-x86.7z
6564c13aa47240231eff9c28fdafa479dda3186fbc7e2bbc97bb5b791ccd0419 node-v14.17.4-win-x86.zip
e889da1ee06e576de4f31c3e6e0f12c73cfec495a53db4dd166fd58b0fea9f22 node-v14.17.4-x64.msi
296378f482fed803adfc0dd63870ebdd925adfadd0f2e0e04a3c2ccd2b16999e node-v14.17.4-x86.msi
dcef8bbee862ffbf498327d2ab0b9e1ccfc412d8e2270cbc0e45b0e6a1cdca86 win-x64/node.exe
859ceb82ba9af9df5831bb67f45427bfb774aae22e7c0ee52623a3196ec0e1eb win-x64/node.lib
bd9b1ff379588006a22d27b2cfbfa8e9a6291c4eb44ab4ec4819d971e56c0485 win-x64/node_pdb.7z
65ffd6a70fb9164d1a340683462edf64c52dd05f9363d7add276d79bcc92e93f win-x64/node_pdb.zip
300c4e8ca527361eab0e9128dd15913cf9e4edd0d3b00c3d623ab925d5fa2f91 win-x86/node.exe
1078be47b9315c81aa3bb989c4bba8ee23e0da9e4854a44006decf45d578833e win-x86/node.lib
e3c8ad2df1de6be3478479ae2f45a88402c423850dda7bf7aab1f76432f4efc9 win-x86/node_pdb.7z
c5a49448e192b41e8f93992055f773f5d3915f1ee908d8b1c596020e84aafe62 win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEyC+jrhy+3Gvka5NgxDzsRcF6uTwFAmEC2xcACgkQxDzsRcF6
uTz1SA/9FMgXqtX3xlVsqkhFSQEtf/PkqcnOxPvQ164R7iVeffzD/9I0mFrAAD/Q
nfVQWol6r6aZ60PzvUw3MsDj1SZgUDxIH0PvnQRjNr98HG4G3JZuDJeEwUe2JyA+
k9jK2TeYZECwKXRVqJ48Ge2A7iYdz9JS64ZTsxXwSiJjOuF5P3jRN4Xp/w9/jGT9
aB3PC/PtbpQ2W7TAGgChRZyDI/YJQsSwQ8ZNw7qSjfKHyTzJAyUO30bBBuivyDP4
GiF5CM4dhkGE0/2+ickCm7A7bDnkrSEQkmtuUkT2aVQsx4nZr3O/Uh9+zZirxm23
8F9oVJPLirwnULUmEVr9ekCkdkli6jak7xgL/4TepupjN7Hm+SxPZ9yB5LJWGSWk
TL8M1MoGo2hAlmXr0WABL9lDJylEmqr2fxuK6Ik8zWs+qUEseIWgiTb1PvN7Tak3
b4ZIlq6aZduv6yZxOCuypUKMk5RPv7awpSSquO8pT4Z6V0ODs/Xsnm8qdy8Mm3AR
qW4b9ocQcrjba8Mmy97jjsLegGuAMtLUwwf8EZIVoQil7Xelp2k+gNo7Rz9VCcno
Di8sSBaKjD9aNiJ06meDiFJ97B5RwLKzU8pEeGY51oKZF5rcpoqKPZU4w1ruM8Q/
1n92BYY1Py3aZTdCrPTBDnEpLIBywpNcneFEFZpgvHX+D/1ujRw=
=Tzuk
-----END PGP SIGNATURE-----