주요 변경사항
다음 취약점을 수정했습니다.
- CVE-2021-3450: OpenSSL - X509_V_FLAG_X509_STRICT를 사용할 때 CA 인증서 검사의 우회(높음)
- 이 OpenSSL 취약점은 Node.js에서 악용될 수 있습니다. 자세한 내용은 https://www.openssl.org/news/secadv/20210325.txt에서 볼 수 있습니다.
- 영향받는 버전:
- 15.x, 14.x, 12.x, 10.x 릴리스 라인의 모든 버전
- CVE-2021-3449: OpenSSL - signature_algorithms 처리 중 NULL 포인터 역참조(높음)
- 이 OpenSSL 취약점은 Node.js에서 악용될 수 있습니다. 자세한 내용은 https://www.openssl.org/news/secadv/20210325.txt에서 볼 수 있습니다.
- 영향받는 버전:
- 15.x, 14.x, 12.x, 10.x 릴리스 라인의 모든 버전
- CVE-2020-7774: npm 업그레이드 - 프로토타입 오염을 고치려고 y18n을 업데이트함(높음)
- y18n npm 모듈의 취약점으로 프로토타입을 오염시켜서 악용될 수 있습니다. 자세한 내용은 https://github.com/advisories/GHSA-c4w7-xm78-47vh에서 볼 수 있습니다.
- 영향받는 버전:
- 14.x, 12.x, 10.x 릴리스 라인의 모든 버전
다른 주요 변경사항
- [
b6f4901221] - (SEMVER-MINOR) fs: add support for async iterators tofsPromises.writeFile(HiroyukiYagihashi) #37490 - [
0709cbb7fe] - (SEMVER-MINOR) net: allow net.BlockList to use net.SocketAddress objects (James M Snell) #37917 - [
daa8a7bbcf] - (SEMVER-MINOR) net: add SocketAddress class (James M Snell) #37917 - [
a4169ce519] - (SEMVER-MINOR) net: make net.BlockList cloneable (James M Snell) #37917 - [
669b81c68b] - (SEMVER-MINOR) net,tls: add abort signal support to connect (Nitzan Uziely) #37735 - [
a1123f0a29] - (SEMVER-MINOR) readline: add AbortSignal support to interface (Nitzan Uziely) #37932
Commits
- [
ac69b95e47] - crypto: use correct webcrypto RSASSA-PKCS1-v1_5 algorithm name (Filip Skokan) #38029 - [
960c6be229] - crypto: add buffering to randomInt (Tobias Nießen) #35110 - [
4ef102d34e] - deps: update to cjs-module-lexer@1.1.1 (Guy Bedford) #37992 - [
f0e77149a4] - deps: update archs files for OpenSSL-1.1.1k (Hassaan Pasha) #37916 - [
bbdcdad2c6] - deps: upgrade openssl sources to 1.1.1k+quic (Hassaan Pasha) #37916 - [
913ec56798] - deps: cjs-module-lexer: cherry-pick 22093e765f (pezhmanparsaee) #37895 - [
afc6ab2122] - doc: fix asyncLocalStorage.run() description (Darkripper214) #38023 - [
b40d35d649] - doc: document how to unref stdin when using readline.Interface (Anu Pasumarthy) #38019 - [
ce14080473] - doc: move psmarshall to collaborators emeriti (Peter Marshall) #37994 - [
ae70aa3c63] - doc: add distinctive color for code elements inside links (Antoine du Hamel) #37950 - [
8792c7c96b] - doc: add missing events.on metadata (Anna Henningsen) #37965 - [
a57dc06adf] - doc: improve Buffer’s encoding documentation (Michaël Zasso) #37945 - [
f3fabb57cf] - doc: add missing cleanup step in OpenSSL upgrade (Tobias Nießen) #37927 - [
13c3924af8] - doc: add Windows-specific info to subprocess.kill() (João Lucas Lucchetta) #34867 - [
b6f4901221] - (SEMVER-MINOR) fs: add support for async iterators tofsPromises.writeFile(HiroyukiYagihashi) #37490 - [
ad7e34446c] - fs: fix chown abort (Darshan Sen) #38004 - [
d86aca9a77] - http: optimize debug function correctly (Michaël Zasso) #37966 - [
062541aae5] - http2: add specific error code for custom frames (Anna Henningsen) #37936 - [
8525231902] - lib: change wording in lib/domain.js comment (Akhil Marsonya) #37933 - [
21e399be4c] - lib: change wording in lib/internal/child_process comment (Akhil Marsonya) #37903 - [
3ab9619e56] - module: improve error message for invalid data URL (Antoine du Hamel) #37701 - [
0709cbb7fe] - (SEMVER-MINOR) net: allow net.BlockList to use net.SocketAddress objects (James M Snell) #37917 - [
daa8a7bbcf] - (SEMVER-MINOR) net: add SocketAddress class (James M Snell) #37917 - [
a4169ce519] - (SEMVER-MINOR) net: make net.BlockList cloneable (James M Snell) #37917 - [
669b81c68b] - (SEMVER-MINOR) net,tls: add abort signal support to connect (Nitzan Uziely) #37735 - [
a94cc27cbe] - path: refactor to use more primordials (Akhil Marsonya) #37893 - [
6cc1e15669] - readline: fix pre-aborted signal question handling (Nitzan Uziely) #37929 - [
a1123f0a29] - (SEMVER-MINOR) readline: add AbortSignal support to interface (Nitzan Uziely) #37932 - [
629e72e9f4] - src: fix typo in node_mutex (Tobias Nießen) #38011 - [
e61cc0bfb0] - src: fix typos in crypto comments (Tobias Nießen) #38024 - [
6ad0b6f0f5] - src: fix error handling for CryptoJob::ToResult (Tobias Nießen) #37076 - [
3175559bed] - test: add extra space in test failure output (Qingyu Deng) #37957 - [
0243376cfc] - test: use faster variant for rss (Pooja D P) #36839 - [
b02c352ad6] - test: fix test-tls-no-sslv3 for OpenSSL 3 (Richard Lau) #38027 - [
0db1a1eacf] - test: deflake test-fs-read-optional-params (Luigi Pinca) #37991 - [
4d50975cd7] - test: improve clarity of ALS-enable-disable.js (Darkripper214) #38008 - [
5e15ae05d0] - test: add DataView test case for v8 serdes (Rich Trott) #37955 - [
6d28a24f1c] - tools: update ESLint to 7.23.0 (Luigi Pinca) #37979 - [
51e7a33d54] - tools,doc: add “legacy” badge in the TOC (Antoine du Hamel) #37949 - [
570fbcef93] - url: forbid pipe in URL host (Darshan Sen) #37877
Windows 32-bit Installer: https://nodejs.org/dist/v15.14.0/node-v15.14.0-x86.msi
Windows 64-bit Installer: Coming soon
Windows 32-bit Binary: https://nodejs.org/dist/v15.14.0/win-x86/node.exe
Windows 64-bit Binary: https://nodejs.org/dist/v15.14.0/win-x64/node.exe
macOS 64-bit Installer: https://nodejs.org/dist/v15.14.0/node-v15.14.0.pkg
macOS 64-bit Binary: https://nodejs.org/dist/v15.14.0/node-v15.14.0-darwin-x64.tar.gz
Linux 64-bit Binary: https://nodejs.org/dist/v15.14.0/node-v15.14.0-linux-x64.tar.xz
Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v15.14.0/node-v15.14.0-linux-ppc64le.tar.xz
Linux s390x 64-bit Binary: https://nodejs.org/dist/v15.14.0/node-v15.14.0-linux-s390x.tar.xz
AIX 64-bit Binary: https://nodejs.org/dist/v15.14.0/node-v15.14.0-aix-ppc64.tar.gz
ARMv7 32-bit Binary: https://nodejs.org/dist/v15.14.0/node-v15.14.0-linux-armv7l.tar.xz
ARMv8 64-bit Binary: https://nodejs.org/dist/v15.14.0/node-v15.14.0-linux-arm64.tar.xz
Source Code: Coming soon
Other release files: https://nodejs.org/dist/v15.14.0/
Documentation: https://nodejs.org/docs/v15.14.0/api/
SHASUMS
1 | -----BEGIN PGP SIGNED MESSAGE----- |