주요 변경사항
- CVE-2021-22930: 스트림 취소시 http2를 종료할 때 메모리 해제 후 참조 문제 (높음)
- Node.js는 공격자가 메모리 손상을 일으켜 프로세스의 동작을 변경할 수 있는
메모리 해제 후 참조(use-after-free)에 취약합니다.
자세한 내용은 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930에서 볼 수 있습니다.
- Node.js는 공격자가 메모리 손상을 일으켜 프로세스의 동작을 변경할 수 있는
이 릴리스는 Node.js 14.17.0과 14.17.1에서 ICU 업데이트 때문에 다시 발생한 국제화 관련 회귀 문제도 수정합니다.
Commits
- [
86477b2b53] - benchmark: output JSON-compatible numbers (Michaël Zasso) #38778 - [
f9693cf0a0] - benchmark: fix http elapsed time (Antoine du Hamel) #38743 - [
1ab4f81abc] - build: fix building with external builtins (Momtchil Momtchev) #39091 - [
a657f250f1] - build: reconfigure when gyp files change on Windows (Joyee Cheung) #39066 - [
6962c647d6] - Revert “build: work around bug in MSBuild v16.10.0” (Michaël Zasso) #38977 - [
069cf59e56] - build: make build-addons errors fail the build (Richard Lau) #38983 - [
d341561ae0] - build: fix commit-queue default branch (Mary Marchini) #38998 - [
0736dd833a] - build: don’t pass python override to V8 build (Richard Lau) #38969 - [
49a000683a] - build: correct Xcode spelling in .gitignore (bl-ue) #38895 - [
1ffbe3d5da] - build: remove outdated dont-land-on-v6.x label (Michaël Zasso) #38886 - [
7f53a0b349] - build: add lto build to CI (Jiawen Geng) #38567 - [
a6f8ba8f0c] - build: allow LTO with Clang 3.9.1+ (Jesse Chan) #38751 - [
b5b1d1fb79] - build: replace non-POSIX test -a|o (Issam E. Maghni) #38731 - [
fc2b1ec308] - child_process: refactor to usevalidateBoolean(Qingyu Deng) #38927 - [
55ea29eedd] - child_process: retain reference to data with advanced serialization (Anna Henningsen) #38728 - [
716ee1531c] - debugger: rename internal library for clarity (Rich Trott) #39080 - [
b7ee9d8287] - debugger: use ERR_DEBUGGER_STARTUP_ERROR in _inspect.js (Rich Trott) #39024 - [
5d4d23dcf3] - debugger: use error codes in debugger REPL (Rich Trott) #39024 - [
a3991d7c18] - debugger: use ERR_DEBUGGER_ERROR in debugger client (Rich Trott) #39024 - [
052e1c5385] - debugger: removed unused function argument (Rich Trott) #38850 - [
f9a4dcb30c] - debugger: refactorinspect_replto use primordials (Antoine du Hamel) #38551 - [
ad8056659f] - debugger: refactor to use internal modules (Antoine du Hamel) #38550 - [
b5724a1984] - debugger: disable only the lint rules required by current file state (Rich Trott) #38529 - [
34659f2b7a] - debugger: avoid non-ASCII char in code file (Rich Trott) #38529 - [
ae90756582] - debugger: wrap lines longer than 80 chars (Rich Trott) #38529 - [
b30ff35a36] - debugger: align message with Node.js standard (Rich Trott) #38400 - [
d74d67f207] - debugger: remove unnecessary boilerplate copyright comment (Rich Trott) #38952 - [
e58f938ab3] - debugger: enable linter oninternal/inspector/inspect_client(Antoine du Hamel) #38417 - [
249acd5e69] - debugger: reduce scope of eslint disable comment (Rich Trott) #38946 - [
0ef5e088c0] - debugger: revise async iterator usage to comply with lint rules (Rich Trott) #38847 - [
79bfb0416b] - debugger: wait for V8 debugger to be enabled (Michaël Zasso) #38811 - [
721edeffd3] - debugger: refactorinternal/inspector/_inspectto use more primordials (Antoine du Hamel) #38406 - [
21ecee1b4b] - debugger: add usage example for--port(Rafael Gonzaga) #38400 - [
cde72213d1] - Revert “debugger: rename internal library for clarity” (Antoine du Hamel) #39446 - [
4c2b813799] - debugger: rename internal library for clarity (Rich Trott) #39080 - [
61da371251] - debugger: apply automatic lint fixes for inspect_repl.js (Rich Trott) #38411 - [
8dd1f70fe3] - debugger: apply automatic lint fixes for _inspect.js (Rich Trott) #38411 - [
fb0ab4c034] - debugger: removed unused function argument (Rich Trott) #38850 - [
9e28c6c946] - debugger: fix race condition/deadlock on initialization (Rich Trott) #38161 - [
a8924fa0fb] - debugger: replace internal use of deprecated API (Rich Trott) #38161 - [
22afb7cbe6] - debugger: allow longer time to connect (Rich Trott) #38161 - [
b172e6f436] - debugger: accommodate line chunking in Windows (Rich Trott) #38161 - [
1da692185a] - debugger: fix inspect restart on Windows (Rich Trott) #38161 - [
0321c5b194] - debugger: remove unused code (Rich Trott) #38161 - [
8bd2a3926a] - debugger: move node-inspect to internal library (Rich Trott) #38161 - [
acf5279c39] - deps: upgrade npm to 6.14.14 (Darcy Clarke) #39553 - [
4efefe02a8] - deps: V8: backport ae7bfb3f03b3 (Michaël Zasso) #39051 - [
5039f21396] - deps: V8: backport 16ffec97e5eb (Michaël Zasso) #39051 - [
9b69069f71] - deps: V8: cherry-pick b0a7f5691113 (Michaël Zasso) #39051 - [
4213e97d26] - deps: V8: cherry-pick 81181a8ad80a (thomasmichaelwallace) #39187 - [
ccecea5f72] - deps: restore minimum ICU version to 65 (Richard Lau) #39068 - [
7557e74cf4] - deps: V8: update build dependencies (Michaël Zasso) #39244 - [
a60a960406] - deps: V8: cherry-pick 895949419186 (Michaël Zasso) #39244 - [
7fdd6ecbb4] - deps: V8: cherry-pick 0b3a4ecf7083 (Michaël Zasso) #39244 - [
4be2e878b7] - deps: V8: cherry-pick 7c182bd65f42 (Michaël Zasso) #39244 - [
a83b01a4af] - deps: V8: cherry-pick 92e6d3317082 (Michaël Zasso) #39244 - [
17eb561184] - deps: V8: backport 1b1eda0876aa (Michaël Zasso) #39244 - [
04032fa1a3] - doc: remove references to deleted freenode channels (devsnek) #39047 - [
797bd73849] - doc: add missing parameter types (Voltrex) #39013 - [
e474e984e5] - doc: clarify that only one Python version is required to build (bl-ue) #38894 - [
cd48ee71d9] - doc: fixed typo in process.md (Derevianchenko Maksym) #38941 - [
41fcbad2b2] - doc: add missing semis after classes (Darshan Sen) #38931 - [
b40529643b] - doc: mark util.inherits as legacy (Voltrex) #38896 - [
b2d836b1ea] - doc: clarify whenreadable._read(...)is called (Shaun Keys) #38726 - [
e36d2a6d6a] - doc: fixed typo in n-api.md (julianjany) #38822 - [
b4f60bb523] - doc: use “Long Term Support” in collaborator guide (Rich Trott) #38841 - [
7a9850a5fb] - doc: use “Long Term Support” in technical values doc (Rich Trott) #38841 - [
dfe9698db0] - doc: use “Long Term Support” in README (Philip) #38839 - [
8699e622fc] - doc: fix grammar infs.md(yotamselementor) #38818 - [
826ae9b2e2] - doc: fixup code sample in http.md (TodorTotev) #38776 - [
8049b69b7f] - doc: document null target pattern (Guy Bedford) #38724 - [
4d9129eb71] - doc: update code examples fornode:urlmodule (fisker Cheung) #38645 - [
2ff671e4c4] - doc,url: clarify domainTo* when built without ICU (Darshan Sen) #38789 - [
9b993edca8] - errors: add ERR_DEBUGGER_STARTUP_ERROR (Rich Trott) #39024 - [
cfccf13e84] - errors: add ERR_DEBUGGER_ERROR (Rich Trott) #39024 - [
bb9a9adc2b] - errors: don’t rekey on primitive type (Benjamin Coe) #39025 - [
d48b91ea2b] - http2: on receiving rst_stream with cancel code add it to pending list (Akshay K) #39423 - [
d8cc2fffd6] - lib: add primordials.SafeArrayIterator (Antoine du Hamel) #36532 - [
e3223edb89] - lib: harden lint checks for globals (Antoine du Hamel) #38419 - [
d4f96bb926] - lib: enforce usingprimordials.globalThisinstead ofglobal(Antoine du Hamel) #38230 - [
ea9003a559] - lib: addglobalThisto primordials (Antoine du Hamel) #38211 - [
097a7874d3] - lib: remove semicolon in preparation for babel/eslint-parser update (Rich Trott) #39094 - [
199fe32cbc] - lib: make internal/options lazy (Joyee Cheung) #38993 - [
2bc2a232af] - lib: add JSDoc typings for child_process (Voltrex) #38222 - [
b0a1984d4d] - lib: fix typos (bl-ue) #38846 - [
6c061d5f2c] - meta: update label-pr-config (Michaël Zasso) #38950 - [
afb61786b9] - module: fix legacynodespecifier resolution to resolve"main"field (Antoine du Hamel) #38979 - [
cd3305a9e4] - node-api: avoid SecondPassCallback crash (Michael Dawson) #38899 - [
e7f266e93d] - src: use SPrintF in ProcessEmitWarning (Darshan Sen) #38758 - [
43fe6c1d27] - src: cleanup uv_fs_t regardless of success or not (legendecas) #38996 - [
dcfb182546] - src: refactor to use locale functions (Darshan Sen) #39014 - [
bee477b000] - src: throw error in LoadBuiltinModuleSource when reading fails (Joyee Cheung) #38904 - [
ff7cc8f9ef] - src: add not-weak DCHECK to PersistentToLocal::Strong (Anna Henningsen) #38875 - [
981217e48a] - src: replaceautos in node_api.cc (Khaidi Chu) #38852 - [
73e199d963] - src: fix typos (bl-ue) #38845 - [
2d32031724] - src: use HandleScope in StreamReq::Done() (Darshan Sen) #38720 - [
2c11d3ec0a] - src: remove commented code innode_file.cc(Juan José Arboleda) #38693 - [
846a138f54] - src: write named pipe info in diagnostic report (legendecas) #38637 - [
7d82200861] - src: replaceautos in node_contextify.cc (Khaidi Chu) #38644 - [
51da7d2048] - src,url: separate some tables out of node_url.cc (Khaidi Chu) #38988 - [
45c2ea3b72] - test: add NumberFormat resolvedOptions test (Richard Lau) #39401 - [
6b2fea38d1] - test: move inspector-cli tests to sequential (Rich Trott) #39079 - [
6447cab7be] - test: improve buffer coverage (Rongjian Zhang) #38538 - [
6f1862eab3] - test: fix name of variable in inspector-cli test (Tobias Nießen) #38869 - [
40093504bc] - test: fix typo (Houssem Chebab) #39045 - [
ab28f9b9a1] - test: remove obsolete TLS test (Rich Trott) #39001 - [
b3b59953fe] - test: improve coverage of lib/events.js (Rongjian Zhang) #38582 - [
c99a09f05f] - test: http outgoing _headers setter null (ycjcl868) #38881 - [
660a97b1d5] - test: suppress warning in test_environment.cc (Daniel Bevenius) #38868 - [
0cca16ac4c] - test: improve coverage of fs internal utils (Rongjian Zhang) #38746 - [
fecad40f27] - test: fix writefile with fd (Nitzan Uziely) #38820 - [
01f00faaa8] - test: simplify test-path-resolve.js (himself65) #38671 - [
504bfd7a88] - test: improve coverage forquestionin readline (Qingyu Deng) #38799 - [
eb91932e77] - test: os, replace custom flatten method with built-in Array.flat (Wael Almattar) #38770 - [
aeea252b96] - test: improve coverage of lib/_http_outgoing.js (Rongjian Zhang) #38734 - [
e265d8ee1b] - test: give js-native-api tests consistent names (Gabriel Schulhof) #38692 - [
99fd8bfc6a] - test: fix flaky inspector-cli tests when breakpionts are restored (Rich Trott) #38431 - [
4d3a1fad28] - test: extend timeout on debugger tests for slower machines (Rich Trott) #38161 - [
dd2642b5db] - test: fix comment typo (Rich Trott) #38161 - [
193ea8fd91] - test: fix test-inspector-cli-address (Rich Trott) #38161 - [
a62826bbe6] - test,debugger: migrate node-inspect tests to core (Rich Trott) #38161 - [
ab45ace9bd] - tools: update babel-eslint-parser to 7.14.5 (Rich Trott) #39094 - [
b8e63b3c08] - tools: update ESLint to 7.29.0 (Rich Trott) #39083 - [
54a250e79c] - tools: update doctool dependencies, migrate to ESM (Michaël Zasso) #38966 - [
443db64eed] - tools: avoid crashing CQ when git push fails (Antoine du Hamel) #36861 - [
547f88b149] - tools: fix typo in commit-queue.sh (bl-ue) #39000 - [
1023433a81] - tools: update ESLint to 7.28.0 (Luigi Pinca) #38955 - [
9b4ae8fbb0] - tools: bump remark-preset-lint-node to 2.3.0 (Rich Trott) #38910 - [
2ad0719e86] - tools: refloat 7 Node.js patches to cpplint.py (Rich Trott) #38851 - [
b7686d0c1e] - tools: bump cpplint to 1.5.5 (Rich Trott) #38851 - [
2ec7c9de57] - tools: remove exception for Node.js 8 and earlier (Rich Trott) #38840 - [
1dc71da302] - tools: update setup-node to setup-node@v2 (pengjie) #38825 - [
fc219d862c] - tools: remove node-inspect from license (Rich Trott) #38161 - [
4bb0bd0f0e] - tools,doc: forbid CJS globals in ESM code snippets (Antoine du Hamel) #38889 - [
58154ce426] - typings: add JSDoc typings for https (Voltrex) #38589 - [
6ea1368a67] - typings: add JSDoc typings for events (Voltrex) #38712 - [
b6942a6138] - url,src: simplify ipv6 logic by using uv_inet_pton (Khaidi Chu) #38842 - [
dd00547ada] - vm: use missing validator (Voltrex) #38935 - [
2c28e00685] - worker: do not look up context twice in PostMessage (Anna Henningsen) #38784
Windows 32-bit Installer: https://nodejs.org/dist/v14.17.4/node-v14.17.4-x86.msi
Windows 64-bit Installer: https://nodejs.org/dist/v14.17.4/node-v14.17.4-x64.msi
Windows 32-bit Binary: https://nodejs.org/dist/v14.17.4/win-x86/node.exe
Windows 64-bit Binary: https://nodejs.org/dist/v14.17.4/win-x64/node.exe
macOS 64-bit Installer: https://nodejs.org/dist/v14.17.4/node-v14.17.4.pkg
macOS Intel 64-bit Binary: https://nodejs.org/dist/v14.17.4/node-v14.17.4-darwin-x64.tar.gz
Linux 64-bit Binary: https://nodejs.org/dist/v14.17.4/node-v14.17.4-linux-x64.tar.xz
Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v14.17.4/node-v14.17.4-linux-ppc64le.tar.xz
Linux s390x 64-bit Binary: https://nodejs.org/dist/v14.17.4/node-v14.17.4-linux-s390x.tar.xz
AIX 64-bit Binary: https://nodejs.org/dist/v14.17.4/node-v14.17.4-aix-ppc64.tar.gz
ARMv7 32-bit Binary: https://nodejs.org/dist/v14.17.4/node-v14.17.4-linux-armv7l.tar.xz
ARMv8 64-bit Binary: https://nodejs.org/dist/v14.17.4/node-v14.17.4-linux-arm64.tar.xz
Source Code: https://nodejs.org/dist/v14.17.4/node-v14.17.4.tar.gz
Other release files: https://nodejs.org/dist/v14.17.4/
Documentation: https://nodejs.org/docs/v14.17.4/api/
SHASUMS
1 | -----BEGIN PGP SIGNED MESSAGE----- |