주요 변경사항
- CVE-2021-22930: 스트림 취소시 http2를 종료할 때 메모리 해제 후 참조 문제 (높음)
- Node.js는 공격자가 메모리 손상을 일으켜 프로세스의 동작을 변경할 수 있는
메모리 해제 후 참조(use-after-free)에 취약합니다.
자세한 내용은 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930에서 볼 수 있습니다.
- Node.js는 공격자가 메모리 손상을 일으켜 프로세스의 동작을 변경할 수 있는
Commits
- [
499e56babe] - build: fix label-pr workflow (Michaël Zasso) #38399 - [
98ac3c4108] - build: label PRs with GitHub Action instead of nodejs-github-bot (Phillip Johnsen) #38301 - [
ddc8dde150] - deps: upgrade npm to 6.14.14 (Darcy Clarke) #39553 - [
e11a862eed] - deps: update to c-ares 1.17.1 (Danny Sonnenschein) #36207 - [
39e9cd540f] - deps: restore minimum ICU version to 65 (Richard Lau) #39068 - [
e459c79b02] - deps: V8: cherry-pick 035c305ce776 (Michaël Zasso) #38497 - [
b3c698a5d8] - deps: update to cjs-module-lexer@1.2.1 (Guy Bedford) #38450 - [
7d5a2f9588] - deps: update to cjs-module-lexer@1.1.1 (Guy Bedford) #37992 - [
906b43e586] - deps: V8: update build dependencies (Michaël Zasso) #39245 - [
15b91fa3fa] - deps: V8: backport 895949419186 (Michaël Zasso) #39245 - [
8046daf09f] - deps: V8: cherry-pick 0b3a4ecf7083 (Michaël Zasso) #39245 - [
f4377b13a6] - deps: V8: cherry-pick 7c182bd65f42 (Michaël Zasso) #39245 - [
add7b5b4c2] - deps: V8: cherry-pick cc641f6be756 (Michaël Zasso) #39245 - [
a73275f056] - deps: V8: cherry-pick 7b3332844212 (Michaël Zasso) #39245 - [
492b0d6b37] - deps: V8: cherry-pick e6f62a41f5ee (Michaël Zasso) #39245 - [
2b54156260] - deps: V8: cherry-pick 92e6d3317082 (Michaël Zasso) #39245 - [
bbceab4d91] - deps: V8: backport 1b1eda0876aa (Michaël Zasso) #39245 - [
93a1a3c5ae] - deps: V8: cherry-pick 530080c44af2 (Milad Fa) #38509 - [
b263f2585a] - http2: on receiving rst_stream with cancel code add it to pending list (Akshay K) #39423 - [
3e4bc1b0d3] - module: fix legacynodespecifier resolution to resolve"main"field (Antoine du Hamel) #38979 - [
f552c45676] - src: move CHECK in AddIsolateFinishedCallback (Fedor Indutny) #38010 - [
30ce0e66ae] - src: update cares_wrap OpenBSD defines (Anna Henningsen) #38670
Windows 32-bit Installer: https://nodejs.org/dist/v12.22.4/node-v12.22.4-x86.msi
Windows 64-bit Installer: https://nodejs.org/dist/v12.22.4/node-v12.22.4-x64.msi
Windows 32-bit Binary: https://nodejs.org/dist/v12.22.4/win-x86/node.exe
Windows 64-bit Binary: https://nodejs.org/dist/v12.22.4/win-x64/node.exe
macOS 64-bit Installer: https://nodejs.org/dist/v12.22.4/node-v12.22.4.pkg
macOS Intel 64-bit Binary: https://nodejs.org/dist/v12.22.4/node-v12.22.4-darwin-x64.tar.gz
Linux 64-bit Binary: https://nodejs.org/dist/v12.22.4/node-v12.22.4-linux-x64.tar.xz
Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v12.22.4/node-v12.22.4-linux-ppc64le.tar.xz
Linux s390x 64-bit Binary: https://nodejs.org/dist/v12.22.4/node-v12.22.4-linux-s390x.tar.xz
AIX 64-bit Binary: https://nodejs.org/dist/v12.22.4/node-v12.22.4-aix-ppc64.tar.gz
SmartOS 64-bit Binary: https://nodejs.org/dist/v12.22.4/node-v12.22.4-sunos-x64.tar.xz
ARMv7 32-bit Binary: https://nodejs.org/dist/v12.22.4/node-v12.22.4-linux-armv7l.tar.xz
ARMv8 64-bit Binary: https://nodejs.org/dist/v12.22.4/node-v12.22.4-linux-arm64.tar.xz
Source Code: https://nodejs.org/dist/v12.22.4/node-v12.22.4.tar.gz
Other release files: https://nodejs.org/dist/v12.22.4/
Documentation: https://nodejs.org/docs/v12.22.4/api/
SHASUMS
1 | -----BEGIN PGP SIGNED MESSAGE----- |