(2021년 8월 31일 업데이트) 보안 릴리스를 사용할 수 있습니다.

아래의 이슈들에 대해 v14.x, v12.x 버전의 Node.js 릴리스 라인의 업데이트를 사용할 수 있습니다.

npm 6버전 업데이트 - node-tar, arborist, npm cli 모듈

아래는 node-tar 취약점인 CVE-2021-32803과
CVE-2021-32804에 대한 초기 보고 및 후속 수정과 관련된 node-tar, arborist, npm cli 모듈의 취약점입니다.
node-tar 모듈과 추가 외부 현상금 보고에 대한 후속 내부 보안 리뷰를 통해 node-tar 및 npm arborist를 포함한 핵심 npm CLI 종속성에서 또 다른 CVE 5개가 수정되었습니다.

자세한 내용은 아래의 링크에서 확인할 수 있습니다.

• CVE-2021-37701
• CVE-2021-37712
• CVE-2021-37713
• CVE-2021-39134
• CVE-2021-39135

영향받는 버전:

• 14.x 및 12.x 릴리스 라인의 모든 버전

다운로드와 릴리스 상세 내용

• Node.js v12.22.6(LTS)
• Node.js v14.17.6(LTS)

요약

Node.js 프로젝트는 아래의 내용을 해결하기 위해 2021년 8월 31일 화요일쯤 12.x 및 14.x 릴리스 라인의 새 버전을 출시할 예정입니다.

• 심각도가 높은 이슈 세 개와 중간 심각도의 이슈 두 개.

영향도

Node.js 14.x 릴리스 라인은 심각도가 높은 이슈 세 개와 중간 심각도의 이슈 두 개에 취약합니다.

Node.js 12.x 릴리스 라인은 심각도가 높은 이슈 세 개와 중간 심각도의 이슈 두 개에 취약합니다.

릴리스 시기

릴리스는 2021년 8월 31일 화요일쯤 사용 가능할 예정입니다.

연락처 및 향후 업데이트

현재 Node.js의 보안 정책은 https://nodejs.org/en/security/에서 볼 수 있습니다.
Node.js의 취약점을 보고하고 싶다면
https://github.com/nodejs/node/blob/master/SECURITY.md에 정리된 절차를 따르기 바랍니다.

Node.js의 보안 취약점과 보안과 관련된 릴리스의 최신 정보를 얻으려면
https://groups.google.com/forum/#!forum/nodejs-sec에서 소수의 공지만 하는
nodejs-sec 메일링 리스트를 구독해 주세요. 이 프로젝트는 nodejs GitHub 조직에서 관리하고 있습니다.

주요 변경사항

• [2e90b10f35] - doc: dns.lookup 옵션에 대한 타입 강제가 폐기 예정이 되었습니다.(Antoine du Hamel) #38906
• [a6d50a18a0] - (SEMVER-MINOR) stream: stream.Duplex.from 유틸리티를 추가했습니다.(Robert Nagy) #39519
• [af7047a815] - (SEMVER-MINOR) stream: isDisturbed 헬퍼를 추가했습니다.(Robert Nagy) #39628
• [66400374de] - (SEMVER-MINOR) util: toUSVString을 노출했습니다.(Robert Nagy) #39814

Commits

• [90bf247a55] - build: fix update authors commit (Mestery) #39858
• [c968372e37] - build: add authors.yml (Tierney Cyren) #35831
• [3f284cf65c] - build: add option to hide console window (Cheng Zhao) #39712
• [a01e3ab41d] - deps: V8: cherry-pick 00bb1a77c03e (Darshan Sen) #39829
• [cce95c4c5b] - deps: upgrade npm to 7.21.0 (Myles Borins) #39813
• [254810a22e] - doc: add duplicate CVE check in sec. release doc (Daniel Bevenius) #39845
• [8c50d16712] - doc: improve description of the triagers team (Michaël Zasso) #39833
• [c02165d992] - doc: update instructions for cc (Michael Dawson) #39674
• [208305fd8f] - doc: move util.toUSVString() outside of deprecated group (Luigi Pinca) #39840
• [2e90b10f35] - doc: deprecate type coercion for dns.lookup options (Antoine du Hamel) #38906
• [8460a3216c] - doc: deprecate using non-boolean values in the verbatim option (Antoine du Hamel) #38906
• [3041d57201] - doc: fix malformed changelog entries (Rich Trott) #39791
• [2b02f747c3] - doc: fix lint errors in packages.md (Rich Trott) #39792
• [a387600d8f] - doc: add example of self-reference in scoped packages (Jesús Leganés-Combarro 'piranna) #37630
• [7a25bf3a6d] - doc: add himadriganguly as a triager (Himadri Ganguly) #39757
• [d1900f43ce] - fs: combine require() and destructure (Colin Ihrig) #39806
• [158d4464d2] - meta: add gyp as owner of gyp files and tools/gyp (Mary Marchini) #34847
• [8fa38500f2] - policy: canonicalize before resolving specifiers (Bradley Farias) #37863
• [a7a217be13] - repl: fix tla function hoisting (Don Jayamanne) #39745
• [3a8399ee61] - src: return Maybe<bool> from InitializeContextRuntime() (Darshan Sen) #39695
• [a704c9dfce] - (SEMVER-MINOR) src: call overload ctor from the original ctor (Darshan Sen) #39768
• [0918ea0683] - (SEMVER-MINOR) src: add a constructor overload for CallbackScope (Darshan Sen) #39768
• [a6d50a18a0] - (SEMVER-MINOR) stream: duplexify (Robert Nagy) #39519
• [af7047a815] - (SEMVER-MINOR) stream: add isDisturbed helper (Robert Nagy) #39628
• [f98311a7c8] - tools: update workflow to open a pull request (Rich Trott) #39825
• [d33f897509] - tools: use find-inactive-collaborators to modify README.md (Rich Trott) #39825
• [d82ee96861] - tools: update gyp-next to v0.9.5 (Jiawen Geng) #39818
• [79079ea01b] - tools: fix markdown linting (Rich Trott) #39832
• [01093b07cc] - tools: update markdown linter dependencies and move to ESM (Antoine du Hamel) #39801
• [9dc0c91392] - tools: update rollup to latest version in markdown linter (Rich Trott) #39797
• [c34e2534ab] - tools: update markdown lint dependencies (Rich Trott) #39770
• [66400374de] - (SEMVER-MINOR) util: expose toUSVString (Robert Nagy) #39814

Windows 32-bit Installer: https://nodejs.org/dist/v16.8.0/node-v16.8.0-x86.msi

Windows 64-bit Installer: https://nodejs.org/dist/v16.8.0/node-v16.8.0-x64.msi

Windows 32-bit Binary: https://nodejs.org/dist/v16.8.0/win-x86/node.exe

Windows 64-bit Binary: https://nodejs.org/dist/v16.8.0/win-x64/node.exe

macOS 64-bit Installer: https://nodejs.org/dist/v16.8.0/node-v16.8.0.pkg

macOS Apple Silicon 64-bit Binary: https://nodejs.org/dist/v16.8.0/node-v16.8.0-darwin-arm64.tar.gz

macOS Intel 64-bit Binary: https://nodejs.org/dist/v16.8.0/node-v16.8.0-darwin-x64.tar.gz

Linux 64-bit Binary: https://nodejs.org/dist/v16.8.0/node-v16.8.0-linux-x64.tar.xz

Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v16.8.0/node-v16.8.0-linux-ppc64le.tar.xz

Linux s390x 64-bit Binary: https://nodejs.org/dist/v16.8.0/node-v16.8.0-linux-s390x.tar.xz

AIX 64-bit Binary: https://nodejs.org/dist/v16.8.0/node-v16.8.0-aix-ppc64.tar.gz

ARMv7 32-bit Binary: https://nodejs.org/dist/v16.8.0/node-v16.8.0-linux-armv7l.tar.xz

ARMv8 64-bit Binary: https://nodejs.org/dist/v16.8.0/node-v16.8.0-linux-arm64.tar.xz

Source Code: https://nodejs.org/dist/v16.8.0/node-v16.8.0.tar.gz

Other release files: https://nodejs.org/dist/v16.8.0/

Documentation: https://nodejs.org/docs/v16.8.0/api/

SHASUMS

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

cc9e8e2600c2ad9ee80be45a850453a5f0237650f8bd4364db4a9f941a5b6e57  node-v16.8.0-aix-ppc64.tar.gz
891e72d166abbb1b838b5113cc8cfaf2fe905dfe77afe84a5af56e426ff74ddf  node-v16.8.0-darwin-arm64.tar.gz
f1aa35e99542bdaab51e46917203cf215463982a16862199ecfa200534190119  node-v16.8.0-darwin-arm64.tar.xz
9c013cb82830ab5adb9630ff28046f420a7805bb4a930ec2b3f5b162c5f6de88  node-v16.8.0-darwin-x64.tar.gz
fdcc827192f349bb1f3ec58361cb6a9a783b84d3bc19d51ca2fd5b0968b89f3b  node-v16.8.0-darwin-x64.tar.xz
fa04f9a4fd9126fe2c0bf43e3d464d730dd328cc130c3599478530f64489be7f  node-v16.8.0-headers.tar.gz
c24263b3f90bc490fba030a7836485b3df0351c8b68c7a83011dd01ed45d95be  node-v16.8.0-headers.tar.xz
3f8cbdd3165fb9bf499f0e35bbd2ae4b301f2af5e9f349f82beacdb7278539bb  node-v16.8.0-linux-arm64.tar.gz
4d08cda750e42e691d18881b4a443de4c19e0e2c1195e56a15a3ec45aeed895c  node-v16.8.0-linux-arm64.tar.xz
7d325b9b8f189c4b59196df933fcb5a8009684f9073977f00a75dc66924fb03d  node-v16.8.0-linux-armv7l.tar.gz
86b4d718aa0003e895b845db86851720a9f9ce3e66f031324bfeebd63e4b922f  node-v16.8.0-linux-armv7l.tar.xz
437d5de90cb77837d5fc0faae08c3aaa17dbad0309341c5a1934db994196e9c9  node-v16.8.0-linux-ppc64le.tar.gz
eb0a02f5c7b4c2187d034a536ad42311283ac91d761af9d69bd46f2ecbe5abbe  node-v16.8.0-linux-ppc64le.tar.xz
45a1784f04b7ff6aee9d15badc8d559ade43c413949592d4d7b7cf727dc9b957  node-v16.8.0-linux-s390x.tar.gz
cefc32542c3521bbd075b218bd2f7444589a537e6c82ff6b64f46765efb07392  node-v16.8.0-linux-s390x.tar.xz
aa1f366b522a9565332096fdc32ed0cd58a2049c0875d839703d3fe58b4c226d  node-v16.8.0-linux-x64.tar.gz
85880c0e63c254faa75f8cf6512bc353f1587ba6e65a5e1d7366bf684684ae74  node-v16.8.0-linux-x64.tar.xz
b91e3e368e681cb6e91e01c379382b0921f2d585f2444c7196fdf68d5688547f  node-v16.8.0.pkg
0cc13572bc7c5a9bf7a2c5cb2800ff045780e43d0fa6e3eb0f1be46b4bf9a1c6  node-v16.8.0.tar.gz
b8790226312970ba5d8fd98229380c48bf0366eb1a3633091e350a34a4b46392  node-v16.8.0.tar.xz
11032b8841444015f01f56370580e1f14eab997bf4d497a249f719caa4418e52  node-v16.8.0-win-x64.7z
16193b45e18c116ddd062cc1a7ac5d96de9cb2198d4334f345d5718ea6d603f7  node-v16.8.0-win-x64.zip
d2aa238864ae9adb0f3e565ab89021e713bcb5911dbaa4046a59307400d5bbb5  node-v16.8.0-win-x86.7z
d3322f8f1174a92ca72900ae7a189a40b3a402ba7781a00ec1996ff346bdccc8  node-v16.8.0-win-x86.zip
fe18c039bfcca609e2601c10c26fddd335794c1c3065e80e58985e744bb6ffe5  node-v16.8.0-x64.msi
6a2868f3f4df8b0f4d060ae1f305f27d499248c0b260759c058d27d6c90ba66b  node-v16.8.0-x86.msi
17031318847f432785f33f2ed9db6328d3ad4ce15602ece56c8077cf6eaca45d  win-x64/node.exe
33b4ae0ab35e7180d8d1b5c2f47da889f9edc75617a42cacf249a4c1ac7635b1  win-x64/node.lib
54ad71ddc4cfd97c0319874cc8a2656a35db0cff7b5a45ebe5b970fb0110248b  win-x64/node_pdb.7z
0c30e3b24e8096e8a45331186ff1b6729a65f9693bb6409627fb03436765fb9f  win-x64/node_pdb.zip
86daf79b0e3090153d8985ec5eb200eb213da34280eac88ebe7df05cb8ea0c45  win-x86/node.exe
407a64a2b21512f6cd8ec1a98c2a8228475d3de02352a191b98bdedb738f3193  win-x86/node.lib
1b2f4e1cb25aae99d48443635778a5793d19b8cb9d868a265c532bedf788e950  win-x86/node_pdb.7z
f58094285001c98e62fa231a0885ec3d3bc0e4407130c41f70682159f12dd2f4  win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEj8yhP+8dDC6RAI4Jdw96mlrhVgAFAmEmrsQACgkQdw96mlrh
VgCDrA/9Ebnj2yLp0/A9x47LwZpZsabDzsg2avWYiZzR7CbuHAsFfT8LeBWrzNZJ
Vorvo397IrNq88MwgkScS6GFXYCUt0WCL0OJ302li1kadp3kAySGU9nXv+rkPAw9
dU+6JCaqcSqicrxVb2dt3/3cx2wo5hhcbcZGq/ubm6Vq0xDRg9XDevkfJyazPar8
Q111uWr0RdmaiX+/5wLMju6j9GDw94goiVQRibaqQzIQVB4i03z3k9KUfXWJXTUS
qeCh2uSZXPFnNNAHbvpt0QyS/DUwlAqW/kpW1frYF8m98kDvunVHIaHLwAdJJWAP
877KGMt6k4I/dkGNCYeM06QFL8o2rhacP8BvuOQhi7uCptl7wvqYYiba40m/W4YP
8vsZN9pBdhBHlXRf6TlBO26kkL1JRAkJEjxzDjy2vVrzLY1R67SkRBF757EweF8F
7T3flaJrbe997uWvgSLChzBildVd8xt/1ob5rXTUXyKrx6FeD20yl8nEyyFvvZd/
Zg5ln94HgHidxitV6j0OUaUVd5g/DFPUN0s4NjZKLvmn34xSqXFsvhrdMNVpxUw6
MUsqiWQh5a/xtN8/DPTTvcuAlm6KIelTgfqB6R1Q694AihvcibIf+fe5HCbQ5elQ
H6M9S6sGU3PfPnz8IrwFWwwFJjZapcBTuCe5lB02AdyZDtXw+eU=
=YB9N
-----END PGP SIGNATURE-----

주요 변경사항

• fs:
  • 실험: 재귀 cp 메서드를 추가했습니다.(Benjamin Coe) #39372

Commits

• [a80c989306] - async_hooks: merge resource_symbol with owner_symbol (Darshan Sen) #38468
• [69a2a6b6c3] - bootstrap: call _undestroy() inside _destroy for stdout and stderr (Matteo Collina) #39685
• [5bc31ea0aa] - buffer: add endings option, remove Node.js specific encoding option (James M Snell) #39708
• [091a579275] - (SEMVER-MINOR) buffer: add Blob.prototype.stream method and other cleanups (James M Snell) #39693
• [097d898e58] - build: run coverage for inspector protocol changes (Richard Lau) #39725
• [cf028df0ed] - build: fix V8 build with pointer compression (Michaël Zasso) #39664
• [9d38400de1] - build: exclude markdown files from some GitHub Actions (Rich Trott) #39565
• [eeb804a7b7] - build: use lts shorthand in GitHub Actions (Rich Trott) #39538
• [93a904d0ba] - (SEMVER-MINOR) crypto: implement webcrypto.randomUUID (Michaël Zasso) #39648
• [3321b65a5a] - debugger: prevent simultaneous heap snapshots (Rich Trott) #39638
• [6c375e18b6] - debugger: remove undefined parameter (Rich Trott) #39570
• [103bf20988] - deps: V8: cherry-pick 81814ed44574 (Stephen Belanger) #39719
• [cf5e5b5711] - deps: upgrade to libuv 1.42.0 (Luigi Pinca) #39525
• [5f92d2fe6d] - dgram: use simplified validator (Voltrex) #39753
• [c7e918b06a] - (SEMVER-MINOR) dns: add “tries” option to Resolve options (Luan Devecchi) #39610
• [5d66646b71] - doc: correct cjs code to match mjs code (Raz Luvaton) #39509
• [f18bb2a0f1] - doc: fix typo in hmac.paramNames default (Justin) #39766
• [338a166e83] - doc: fix fs.rmdir recursive option deprecation history (Antoine du Hamel) #39728
• [bfb1dc0a2c] - doc: fixed variable names in queueMicrotask example (ashish maurya) #39634
• [08b31f12f8] - doc: change “Version 4 UUID” to “version 4 UUID” (Tobias Nießen) #39682
• [f5200f9785] - doc: update debugger.md description and examples (Rich Trott) #39661
• [4700f1e529] - doc: fix color contrast issue in light mode (Rich Trott) #39660
• [88c83a4698] - (SEMVER-MINOR) doc: add missing change to resolver ctor (Luan Devecchi) #39610
• [760cafa5ed] - doc: fix typo in url.md (Howie Zhao) #39666
• [9ab5503693] - doc: add point to ask H1 reporter about credit (Daniel Bevenius) #39585
• [7514405456] - doc: update min mac ver + move mac arm64 to tier 1 (Ash Cripps) #39586
• [d7c8c6dcee] - doc: add missing introduced_in metadata (Richard Lau) #39575
• [8072517097] - doc: add code examples to Writable.destroy() and Writable.destroyed (Juan José Arboleda) #39491
• [55f47cc2d0] - doc: add String.prototype.at and %TypedArray%.prototype.at (Jordan Harband) #39583
• [0c0412e2c4] - doc: move NODE_MODULE_VERSION in release guide (Richard Lau) #39544
• [5df74f9b21] - doc: remove outdated ARM information from release guide (Richard Lau) #39544
• [8eccb11ea0] - doc: fence command examples in release guide (Richard Lau) #39544
• [0bd97e1f2d] - doc: update backport labels in release guide (Richard Lau) #39544
• [2129ad6a0a] - doc: add code example to fs.truncate method (Juan José Arboleda) #39454
• [3ff5e153ef] - doc: add code example to http.createServer method (Juan José Arboleda) #39455
• [7d0c869cfa] - doc: add PerformanceObserver buffered document (legendecas) #39514
• [0dc167a03f] - (SEMVER-MINOR) fs: add recursive cp method (Benjamin Coe) #39372
• [54dd3df943] - http: decodes url.username and url.password for authorization header (Lew Gordon) #39310
• [81e62f67bf] - inspector: update inspector_protocol to 89c4adf (Rich Trott) #39650
• [793fee4915] - inspector: update inspector_protocol to 8ec18cf (Rich Trott) #39614
• [5afdc1f4c0] - lib: simplify validators (Voltrex) #39753
• [ca3cb96d25] - lib: cleanup validation (Voltrex) #39652
• [cc08d3062f] - lib: cleanup instance validation (Voltrex) #39656
• [2751cdf6f9] - lib: use helper for readability (Voltrex) #39649
• [c68415cba2] - lib: use validators (Voltrex) #39663
• [be2d60dd1d] - lib: use validator (Voltrex) #39547
• [486d51ac0c] - lib: use validateObject (Voltrex) #39605
• [058e882a2a] - lib: use ERR_ILLEGAL_CONSTRUCTOR (Mestery) #39556
• [07cadc4432] - meta: consolidate AUTHORS entries for ooHmartY (Rich Trott) #39705
• [6c788b8030] - meta: consolidate AUTHORS entries for homosaur (Rich Trott) #39705
• [07351edebe] - meta: consolidate AUTHORS entries for Ayase-252 (Rich Trott) #39705
• [5fe282769b] - meta: consolidate AUTHORS entries for robin-drexler (Rich Trott) #39705
• [fc2a626357] - meta: consolidate AUTHORS entries for samshull (Rich Trott) #39705
• [67cfc66a47] - meta: update AUTHORS (Rich Trott) #39705
• [91008fbdeb] - meta: consolidate email addresses for MarshallOfSound (Rich Trott) #39651
• [a76b63536a] - meta: consolidate email addresses for tadjik1 (Rich Trott) #39651
• [aaab2095db] - meta: consolidate email addresses for szmarczak (Rich Trott) #39651
• [f413a9d83c] - meta: update AUTHORS (Rich Trott) #39636
• [7a91d4bfe9] - meta: simplify mailmap (Rich Trott) #39612
• [4ec5d2de5d] - meta: consolidate emails for tadhgcreedon (Rich Trott) #39611
• [bb88c38eac] - meta: consolidate emails for timcosta (Rich Trott) #39611
• [0920a8cf6f] - meta: consolidate emails for timruffles (Rich Trott) #39611
• [1474a9d4b1] - meta: update AUTHORS (Rich Trott) #39629
• [c59e3ec685] - meta: add mailmap entry for ryzokuken (Rich Trott) #39596
• [34f4bb8277] - meta: add mailmap entry for uttampawar (Rich Trott) #39596
• [fd213edda2] - meta: add mailmap entry for dmabupt (Rich Trott) #39596
• [6b664e224b] - meta: align README/.mailmap/AUTHORS email entries (Rich Trott) #39505
• [96d8ecbd66] - meta: add mailmap entry for garygsc (Rich Trott) #39588
• [16d85f3f48] - meta: add mailmap entry for ttzztztz (Rich Trott) #39588
• [60ab111fdb] - meta: update AUTHORS (Rich Trott) #39587
• [b43f87d729] - meta: update .mailmap to remove duplication in AUTHORS (Rich Trott) #39561
• [6f4a2aa5a4] - meta: add .mailmap entries to remove AUTHORS duplicates (Rich Trott) #39560
• [86d144c500] - meta: add .mailmap entry to remove duplication in AUTHORS (Rich Trott) #39559
• [110c088f02] - meta: update collaborator email in AUTHORS/.mailmap (Rich Trott) #39521
• [72af147bb5] - meta: update collaborator email in README (Rich Trott) #39521
• [23bc4cfb21] - meta: update collaborator email in AUTHORS/.mailmap (Rich Trott) #39521
• [e4289728c7] - meta: move gdams to emeritus (Rich Trott) #39539
• [4df59bc727] - module: add some typings to internal/modules/esm/resolve (Antoine du Hamel) #39504
• [b5858589d0] - node-api: handle pending exception in cb wrapper (Michael Dawson) #39476
• [016b7ba616] - perf_hooks: fix PerformanceObserver gc crash (James M Snell) #39550
• [b37575b67c] - perf_hooks: fix performance timeline wpt failures (legendecas) #39532
• [64c02eb3cc] - (SEMVER-MINOR) perf_hooks: web performance timeline compliance (legendecas) #39297
• [7ff21397d6] - policy: fix integrity when DEFAULT_ENCODING is set (Tobias Nießen) #39750
• [03be967cad] - src: fix TextDecoder final flush size calculation (James M Snell) #39737
• [9046e78943] - src: fix crash in AfterGetAddrInfo (Anna Henningsen) #39735
• [2a00ef5ede] - (SEMVER-MINOR) src: fix align in cares_wrap.h (Luan) #39610
• [60a2b31c68] - src: add cosmetic space character to async_wrap.h file (Juan José Arboleda) #39459
• [cd9b0bf68c] - stream: ensure text() stream consumer flushes correctly (James M Snell) #39737
• [f57a0e4d8b] - (SEMVER-MINOR) stream: utility consumers for web and node.js streams (James M Snell) #39594
• [975edf5330] - stream: clean endWritableNT (Mestery) #39645
• [9e38fc6757] - (SEMVER-MINOR) stream: add readableDidRead if has been read from (Robert Nagy) #39589
• [a5ded4a85a] - test: use simplfied validator (voltrexmaster) #39753
• [53cf53c95a] - (SEMVER-MINOR) test: enable blob.prototype.stream tests (James M Snell) #39693
• [7e9884598f] - test: update WPT abort tests (Michaël Zasso) #39697
• [94381fbdf5] - test: update WPT common and resources (Michaël Zasso) #39697
• [34a041a846] - test: fix test-debugger-heap-profiler for workers (Richard Lau) #39687
• [9f5acfa90e] - test: increase memory for coverage action (Benjamin Coe) #39690
• [0be15cedc4] - test: use template to concatenate string (Himadri Ganguly) #39621
• [952a5282e2] - (SEMVER-MINOR) test: pull Web Platform Tests for WebCryptoAPI (Michaël Zasso) #39648
• [3622fb1e03] - test: deflake test-http2-buffersize (Luigi Pinca) #39591
• [1962c7c7b3] - test: convert anonymous function to arrow function (Himadri Ganguly) #39604
• [635e1a0274] - test: add test-debugger-breakpoint-exists (Rich Trott) #39570
• [cff2aea5df] - test: add known issues test for debugger heap snapshot race (Rich Trott) #39557
• [5e1011238a] - tools: bump remark-preset-lint-node to 3.0.0 (Rich Trott) #39755
• [eb741253fd] - tools: update path-parse in markdown linter package-lock file (Rich Trott) #39729
• [52a172f983] - tools: fix more build warnings in inspector_protocol (Richard Lau) #39725
• [77f9c1fa98] - tools: cherry-pick ffb34b6d5dbf0 (Darshan Sen) #39725
• [b9510d21c9] - tools: update inspector_protocol to e8ba1a7 (Rich Trott) #39694
• [8d509d8773] - tools: update inspector_protocol to 39ca567 (Rich Trott) #39694
• [ee7142fa37] - tools: update inspector_protocol to 97d3146 (Rich Trott) #39694
• [c6323d847d] - Revert “tools: fix compiler warning in inspector_protocol” (Rich Trott) #39694
• [6e19c166e4] - tools: update inspector_protocol to a53e96d31a2755eb16ca37 (Rich Trott) #39694
• [61c53f39d2] - tools: update inspector_protocol to fe0467fd105a (Rich Trott) #39694
• [b1b6f20353] - tools: improve error detection in find-inactive-collaborators (Rich Trott) #39617
• [d1360fcf48] - tools: update ESLint to 7.32.0 (Luigi Pinca) #39602
• [af1c782cad] - tools: update ESLint to 7.31.0 (Colin Ihrig) #39424
• [37dda19461] - (SEMVER-MINOR) url,buffer: implement URL.createObjectURL (James M Snell) #39693
• [dcab88ad38] - worker: add brand checks for detached properties/methods (James M Snell) #39763

Windows 32-bit Installer: https://nodejs.org/dist/v16.7.0/node-v16.7.0-x86.msi

Windows 64-bit Installer: https://nodejs.org/dist/v16.7.0/node-v16.7.0-x64.msi

Windows 32-bit Binary: https://nodejs.org/dist/v16.7.0/win-x86/node.exe

Windows 64-bit Binary: https://nodejs.org/dist/v16.7.0/win-x64/node.exe

macOS 64-bit Installer: https://nodejs.org/dist/v16.7.0/node-v16.7.0.pkg

macOS Apple Silicon 64-bit Binary: https://nodejs.org/dist/v16.7.0/node-v16.7.0-darwin-arm64.tar.gz

macOS Intel 64-bit Binary: https://nodejs.org/dist/v16.7.0/node-v16.7.0-darwin-x64.tar.gz

Linux 64-bit Binary: https://nodejs.org/dist/v16.7.0/node-v16.7.0-linux-x64.tar.xz

Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v16.7.0/node-v16.7.0-linux-ppc64le.tar.xz

Linux s390x 64-bit Binary: https://nodejs.org/dist/v16.7.0/node-v16.7.0-linux-s390x.tar.xz

AIX 64-bit Binary: https://nodejs.org/dist/v16.7.0/node-v16.7.0-aix-ppc64.tar.gz

ARMv7 32-bit Binary: https://nodejs.org/dist/v16.7.0/node-v16.7.0-linux-armv7l.tar.xz

ARMv8 64-bit Binary: https://nodejs.org/dist/v16.7.0/node-v16.7.0-linux-arm64.tar.xz

Source Code: Coming soon

Other release files: https://nodejs.org/dist/v16.7.0/

Documentation: https://nodejs.org/docs/v16.7.0/api/

SHASUMS

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

4c706dbaebab5c5787d36238b32405143742050fb0faccc81d9da6ebf05e8304  node-v16.7.0-aix-ppc64.tar.gz
969875c1a6b2790663d7b25d7641d1e3919225659921a98d2f1e4711bbec5ef3  node-v16.7.0-darwin-arm64.tar.gz
a7d5f71b0b0be342eeff8dbe0a29935e098cab1117af2cd617f988461b1c4a5e  node-v16.7.0-darwin-arm64.tar.xz
c9bf23c765c584f635a4065d58dadff9737aeb605676d1e45873eba66adaab8a  node-v16.7.0-darwin-x64.tar.gz
29265ebcf44a3a19ffc7ecd2e1ef35db562fc53be58529e74cf1340e21ced9a9  node-v16.7.0-darwin-x64.tar.xz
8b51402dd94b1f77fb661f2db79144b7c0b9056b2d43cff60c7c333caefb11e8  node-v16.7.0-headers.tar.gz
8a398c4e6f1941ac42aea159e3cf0007f68163dd74116d8bb246801692c698f0  node-v16.7.0-headers.tar.xz
8a1b770c81618353ca2f6fd296ccfa7d812e7f40d1e2a2b88579e6d9895ec463  node-v16.7.0-linux-arm64.tar.gz
28775e7d1463052e748d69b145b845e28361c467cabc42dc887003484b6a4ef1  node-v16.7.0-linux-arm64.tar.xz
453019d1514e5f7befe770cef757f2c761e23b3e91b34f98968170f0a504a1ba  node-v16.7.0-linux-armv7l.tar.gz
5efff171b966bf93ae34471b2c54d22f1a8a7e3b5128f8b9b6d82e229ce0dbfe  node-v16.7.0-linux-armv7l.tar.xz
e8bcc040152cea7564f97d6be6c2b2226417a9ee63b91d456e21744a886d1862  node-v16.7.0-linux-ppc64le.tar.gz
f3a6a599165b943f67a77967f7d304318f12382999013c3d925defe89c95c947  node-v16.7.0-linux-ppc64le.tar.xz
e1f8becb5ba6ec80b2f893e92145fe43b041fc8392414ff6466a624e9afeaa15  node-v16.7.0-linux-s390x.tar.gz
51a3acd86d52da8418400a451f4eca615ae023d17866b018e9e2f02cb1f03286  node-v16.7.0-linux-s390x.tar.xz
13a15e1934d356c9e8f97fcfff411d7d5236e90ed04d6aeeca5f10f529b58a57  node-v16.7.0-linux-x64.tar.gz
32f1563b8bab10981164dfc63a38ab303db6b54e888d5ac4190b4b6777184daf  node-v16.7.0-linux-x64.tar.xz
c3ace96357ba98d2dc87d0a4019e233967e576abc36a7db4cb35a4f994fed552  node-v16.7.0.pkg
0c4a82acc5ae67744d56f2c97db54b859f2b3ef8e78deacfb8aed0ed4c7cb690  node-v16.7.0.tar.gz
fa85fdfbd378e587fa04ad9548e7c9f50e690af9575730d3b330cba6fc3f2d37  node-v16.7.0.tar.xz
f7b0e8b0bfcfad7d62eba16fa4db9f085983c12c661bd4c66d8e3bd783befa65  node-v16.7.0-win-x64.7z
d9081e74db8f71e509a5ccedce877eb32eb25c9d95a146d98ff05a24284e4914  node-v16.7.0-win-x64.zip
8fcb32d38c702148250640a5a7967c0e5d5d55cb8202aa40afde9684e8a67ea8  node-v16.7.0-win-x86.7z
21a484ad901a8965e4e19d86fdc923c3d58aa708ae395b36cbdc140542a053c6  node-v16.7.0-win-x86.zip
5646507653636fb6ba2f2f75854fc01dded59631e13dd843d20358ff0580adab  node-v16.7.0-x64.msi
6bb969fd41c1105e9829001a21c0882d7ecb45ad93be366671b3e48e7a9f8691  node-v16.7.0-x86.msi
7f33cbe04cb2940427e6dd97867c1fcf3ddd60911d2ae0260da3cab9f6ea6365  win-x64/node.exe
8b9363be29a20a95f48a319434a33bb7021b21b017a343b334697689b471b92f  win-x64/node.lib
f61ce6e746861d65d4144e5f37c8e70e52d8fe3a1edfc1152159536f03dbe742  win-x64/node_pdb.7z
2c47b5f606119feea241ae5ce8d47de6dd85f3ef4016f8936fe34459100c45f9  win-x64/node_pdb.zip
8a1ab09efad03051be13622c50123b87475b86000684b4b35495c5da356c9ac5  win-x86/node.exe
944a6428f1ed03da56f6ac82f65051b346f41d69aa43ad8219a528b85babb36c  win-x86/node.lib
d93a13cd7335ba1c1a8422427bdb3077a866f900bc1039dabbace94c27d83e30  win-x86/node_pdb.7z
6b5d395cfd2c8f9d4f33d2c9961ed7f80dcbcb15bd57ddf89f7a9b564d96cabb  win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEdPEmArbxxOkT+qN606iWE2Q7YgEFAmEcXmMACgkQ06iWE2Q7
YgGAaw/9GxeuTEAK4Lx7DvqhFO9omtPbbA8NiiBRXvs9ZIV3EAf4zWqh4KT7G65+
OtXDcCTpNVjUj8WC+U2DyQuoYRwlJ6TAIui/oGZEY0OHe0d5R87VB7IJlPuNMjD5
hpbETkI+mp7xgEv16TieWRkUkJ9cd7z6qE8c0Mr1+isvlUjcP/wGRco+XQ7V7xeU
/SvvGJAer09kI4oELrhr48GyXLljZkgOQE2q5/MVMNjZIAmnldx/eAK4hT/suzyM
243cEeba4l/K+ZXM3aSMnyvVd3VUQfAtZniQbvzzR0mO1vRYLaIO1R9kU25SCRuF
LS7kRt5zRsvmybBB+IOGQwo/Kfo9UnSxaWwiWNZWJtHbQ50B91lJyzldjTwoPEVs
PRVP1b7+jtoyHEqtqMo5SpRFPF0Tcm1U1mi7tEunubxF8EUOOdizD5EIsBY4Qyol
58Zj8rsMxqeKP2oSgPijgm6u//OvM03YeyRHAxkNXVTO/JVjHNoKiqTkm0hPTEra
cRsFXIHrKKP7fbCXPeNTU1LW4TDmcat8wFl9hhTw7XXVZZt/CYd4yVhry6MVlXWo
8yjUhpptbs1d2ms2VcBPYF6WCrc0EwYQ7NW6NG+OYiXldGWQ9qakBBmKl4AcLfEL
3Hq51d7hkF+oPcbW68vmeuulc8maHTvPMd+W13NjqxPil8wjtqc=
=dKrk
-----END PGP SIGNATURE-----

주요 변경사항

• CVE-2021-3672/CVE-2021-22931: 도메인명에 일반적이지 않은 문자의 부적절한 처리(높음)
  • 도메인 네임 서버가 반환한 호스트 명을 Node.js DNS 라이브러리에서 입력값 유효성 검사를
    하지 않습니다. 이에 Node.js가 원격 코드 실행, XSS에 취약하고, 애플리케이션에
    크래시가 발생할 수 있습니다. 이 유효성 검사 누락 때문에 (도메인 하이재킹이 되는)
    잘못된 호스트 명을 출력할 수 있고 이 라이브러리를 사용하는 애플리케이션에 취약점을
    주입할 수 있습니다. 자세한 내용은
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22931에서 볼 수 있습니다.
• CVE-2021-22940: 스트림 취소로 http2를 닫을 때의 use after free(높음)
  • 공격자가 프로세스의 동작을 변경하려고 메모리 변조를 악용할 수 있는 곳에서 use after free 공격에
    Node.js가 취약합니다. 이 이슈는 CVE-2021-22930에 대한 수정이 문제를 완전히 해결하지 못했기 때문에
    CVE-2021-22930의 후속 조치입니다. 자세한 내용은
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22940에서 볼 수 있습니다.
• CVE-2021-22939: rejectUnauthorized 파라미터의 불완전한 유효성 검사(낮음)
  • Node.js https API를 잘못 사용하고 “rejectUnauthorized” 파라미터에 "undefined"를 전달하면
    오류도 반환하지 않고 만료된 인증서를 가진 서버에 연결을 받아들일 것입니다. 자세한 내용은
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22939에서 볼 수 있습니다.

Commits

• [5f947db68c] - deps: update c-ares to 1.17.2 (Beth Griggs) #39724
• [42695ea34b] - deps: reflect c-ares source tree (Beth Griggs) #39653
• [e4c9156b32] - deps: apply missed updates from c-ares 1.17.1 (Beth Griggs) #39653
• [9cd1f53103] - http2: add tests for cancel event while client is paused reading (Akshay K) #39622
• [2008c9722f] - http2: update handling of rst_stream with error code NGHTTP2_CANCEL (Akshay K) #39622
• [1780bbc329] - tls: validate “rejectUnauthorized: undefined” (Matteo Collina) nodejs-private/node-private#276

Windows 32-bit Installer: https://nodejs.org/dist/v12.22.5/node-v12.22.5-x86.msi

Windows 64-bit Installer: https://nodejs.org/dist/v12.22.5/node-v12.22.5-x64.msi

Windows 32-bit Binary: https://nodejs.org/dist/v12.22.5/win-x86/node.exe

Windows 64-bit Binary: https://nodejs.org/dist/v12.22.5/win-x64/node.exe

macOS 64-bit Installer: https://nodejs.org/dist/v12.22.5/node-v12.22.5.pkg

macOS Intel 64-bit Binary: https://nodejs.org/dist/v12.22.5/node-v12.22.5-darwin-x64.tar.gz

Linux 64-bit Binary: https://nodejs.org/dist/v12.22.5/node-v12.22.5-linux-x64.tar.xz

Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v12.22.5/node-v12.22.5-linux-ppc64le.tar.xz

Linux s390x 64-bit Binary: https://nodejs.org/dist/v12.22.5/node-v12.22.5-linux-s390x.tar.xz

AIX 64-bit Binary: https://nodejs.org/dist/v12.22.5/node-v12.22.5-aix-ppc64.tar.gz

SmartOS 64-bit Binary: https://nodejs.org/dist/v12.22.5/node-v12.22.5-sunos-x64.tar.xz

ARMv7 32-bit Binary: https://nodejs.org/dist/v12.22.5/node-v12.22.5-linux-armv7l.tar.xz

ARMv8 64-bit Binary: https://nodejs.org/dist/v12.22.5/node-v12.22.5-linux-arm64.tar.xz

Source Code: https://nodejs.org/dist/v12.22.5/node-v12.22.5.tar.gz

Other release files: https://nodejs.org/dist/v12.22.5/

Documentation: https://nodejs.org/docs/v12.22.5/api/

SHASUMS

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

88ec315734db12686d1ee8cc24c7590f125231b64159b23e8aae3c42083d5480  node-v12.22.5-aix-ppc64.tar.gz
7944aa8bcc25842cac70d7e5454fce3eed1a01867968a3734765a3d6d15a5050  node-v12.22.5-darwin-x64.tar.gz
ee3e7f5d5336de2078cc860356a028238b23dabfb61a9ac3c3345390b7aa9a64  node-v12.22.5-darwin-x64.tar.xz
fc96140443452d6c297857d7065b5c37652a78cc7f1926345fa7684f7723fcc2  node-v12.22.5-headers.tar.gz
6a34def054215d9b9c07e1dcf6c33f0972f65881bbfd89557d65c8e41ac95d8a  node-v12.22.5-headers.tar.xz
bfb436a87142e9dc73ed675c81c267490e575f9abfbbc7fa5db227a2ab6b555c  node-v12.22.5-linux-arm64.tar.gz
b5f7932ab8bd55aeab087ddc28e03b035350a7f5f929b0cec373351c168f48b0  node-v12.22.5-linux-arm64.tar.xz
0b271c210e26ffb20728dfffa02df47aca896c849968964e2019da67832ee839  node-v12.22.5-linux-armv7l.tar.gz
bdf378d7d35eed3d810145d9b4eaae96224830fbf927a84568ff1c1411d54bcb  node-v12.22.5-linux-armv7l.tar.xz
80e042119d98ff4af48e53e6720b696f8c4a2746efbc5d8f5a3857a6b17c1415  node-v12.22.5-linux-ppc64le.tar.gz
7249a1d39642486c27cd00161486673bb1ae9d2f3e5e284097fbab12fc33c0fd  node-v12.22.5-linux-ppc64le.tar.xz
d93d1d89a6181bb3c2e04c9bdce2998f19788d576081bb34a5443074d5cad623  node-v12.22.5-linux-s390x.tar.gz
afe6860ea6efa77146e983adcf22aaa5fa38101806fab5c04a8f6354f4421412  node-v12.22.5-linux-s390x.tar.xz
89eaf038c41439dcbc543d1783adc0e9f38ddf07c993c08e111d55fe35dadc21  node-v12.22.5-linux-x64.tar.gz
dde9aeb3fd6994bbadc37f80ec607b24e4681c87d41a27ac838dee7e2ebb887a  node-v12.22.5-linux-x64.tar.xz
028a8fadda1a03c5b799d22ec5ca9bb2e2b9cd5cda061e61b247c5edebbd6b6e  node-v12.22.5.pkg
72d4f8b840d7c85f15cbd2239c05890c04ddb8f82509dbdeafb0ea5a16ac7159  node-v12.22.5-sunos-x64.tar.gz
6be81560387291ac8905842ed1637162f6a81174492d418bf4607ad4788504a6  node-v12.22.5-sunos-x64.tar.xz
119cf027c9ba0a71268914d02d2aa430f7eeb6adef5a9fa0bc9ed6dd1b12cd8c  node-v12.22.5.tar.gz
f927ff6c2ac5a7234596031b18ba03febbcadd2650d375f1a3fd02426687fd14  node-v12.22.5.tar.xz
b61a40a1f51cfc4084c8bf35579bd335c48ebe7e833ab24ff1abb7cf3e27d28d  node-v12.22.5-win-x64.7z
dd65b399c28699ba9dfcc3fb158d1c1d361605c92e80aec5ca663ee1d6fb162f  node-v12.22.5-win-x64.zip
41f4c0f2dfa71c864dda560208d5fc4cb079e97ef822bc6a7289bc025bb7cf3b  node-v12.22.5-win-x86.7z
b5256aa515a58600ce2e8337de0a87fdca8e51f32c15caf5aae09091231945a0  node-v12.22.5-win-x86.zip
6f33477be7491f4911e24400db778f905d2472e5e4ac42b21da5e5965f328c96  node-v12.22.5-x64.msi
4389040aea7ee80135c5aa926277b7c2673c66093d2bad7c27f96fd0603376db  node-v12.22.5-x86.msi
c16d71b5a3dfc24f39fe64a3314e95cb6457359024e7834043f555b81664afc7  win-x64/node.exe
28e5c24831deedbf4fb8a9560f2c4f95205479c589f54a9a53ec346f6a5cf8bf  win-x64/node.lib
22a430cc5e22c9179120a7354c07a1559ded2b5f5c1067c63d8e9d28a10733ff  win-x64/node_pdb.7z
301596333a0f67f5fafe553f3d3ba27113690e39bc3698a21710dc93fd38d7bc  win-x64/node_pdb.zip
94702eaed0fed1b8957a960200de06076348a75852d03b1fd54dcf6e9646e7a6  win-x86/node.exe
dad0e6bef1c45f4f43fbf84c33df6b910ace8122eff3f8d39d5ebecd25320ba4  win-x86/node.lib
8e91ab02a99235525a7db217939969cc26cf4ce9d773f6629c61f3e2baa1b814  win-x86/node_pdb.7z
5cf239a1b0ba869ab4a566974d8185918b42cf566b338d4538ff322c6addb5fe  win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEETtd49TnjY0x3nIfG1wYoSKGrAFwFAmET+zcACgkQ1wYoSKGr
AFxbFQf/RHldR7NJv/iT+NOVyt4boV6o+qh06aRyITJ17DMB/93LN+6AlIPCQPsP
kbDPid5/WKDvANrFAuTeGGaZjRSKKO3o7FoO8HeZHUQK4ll+L7xCbMtpYD93mMJ2
svjyN57TwF3MjLffUw/Tf70mL7iTehvKrNvcNFqkGJHvKPSkxx30nkWgoJynvVjw
MCzROYgMrKiFPbPHtWmqJ7y43appY2voX/DBPCJ2n9JcD7e/ycL6aEzMN3Dgwhm0
6ggjN1xOT7VPeNkom3My/KWWQVWv1Sw0Hl/wVuSNoxCeIV/38FErDLdCqjEdguLt
isb4vq07Y7R1JGo06Io8m2+iG+c5FQ==
=5G9A
-----END PGP SIGNATURE-----

주요 변경사항

• CVE-2021-3672/CVE-2021-22931: 도메인명에 일반적이지 않은 문자의 부적절한 처리(높음)
  • 도메인 네임 서버가 반환한 호스트 명을 Node.js DNS 라이브러리에서 입력값 유효성 검사를
    하지 않습니다. 이에 Node.js가 원격 코드 실행, XSS에 취약하고, 애플리케이션에
    크래시가 발생할 수 있습니다. 이 유효성 검사 누락 때문에 (도메인 하이재킹이 되는)
    잘못된 호스트 명을 출력할 수 있고 이 라이브러리를 사용하는 애플리케이션에 취약점을
    주입할 수 있습니다. 자세한 내용은
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22931에서 볼 수 있습니다.
• CVE-2021-22940: 스트림 취소로 http2를 닫을 때의 use after free(높음)
  • 공격자가 프로세스의 동작을 변경하려고 메모리 변조를 악용할 수 있는 곳에서 use after free 공격에
    Node.js가 취약합니다. 이 이슈는 CVE-2021-22930에 대한 수정이 문제를 완전히 해결하지 못했기 때문에
    CVE-2021-22930의 후속 조치입니다. 자세한 내용은
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22940에서 볼 수 있습니다.
• CVE-2021-22939: rejectUnauthorized 파라미터의 불완전한 유효성 검사(낮음)
  • Node.js https API를 잘못 사용하고 “rejectUnauthorized” 파라미터에 "undefined"를 전달하면
    오류도 반환하지 않고 만료된 인증서를 가진 서버에 연결을 받아들일 것입니다. 자세한 내용은
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22939에서 볼 수 있습니다.

Commits

• [4923b59e0b] - deps: update c-ares to 1.17.2 (Beth Griggs) #39724
• [847a4c6a8a] - deps: reflect c-ares source tree (Beth Griggs) #39653
• [33208e2f89] - deps: apply missed updates from c-ares 1.17.1 (Beth Griggs) #39653
• [af5c1af9a4] - http2: add tests for cancel event while client is paused reading (Akshay K) #39622
• [434872e838] - http2: update handling of rst_stream with error code NGHTTP2_CANCEL (Akshay K) #39622
• [35b86110e4] - tls: validate “rejectUnauthorized: undefined” (Matteo Collina) nodejs-private/node-private#276

Windows 32-bit Installer: https://nodejs.org/dist/v14.17.5/node-v14.17.5-x86.msi

Windows 64-bit Installer: https://nodejs.org/dist/v14.17.5/node-v14.17.5-x64.msi

Windows 32-bit Binary: https://nodejs.org/dist/v14.17.5/win-x86/node.exe

Windows 64-bit Binary: https://nodejs.org/dist/v14.17.5/win-x64/node.exe

macOS 64-bit Installer: https://nodejs.org/dist/v14.17.5/node-v14.17.5.pkg

macOS Intel 64-bit Binary: https://nodejs.org/dist/v14.17.5/node-v14.17.5-darwin-x64.tar.gz

Linux 64-bit Binary: https://nodejs.org/dist/v14.17.5/node-v14.17.5-linux-x64.tar.xz

Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v14.17.5/node-v14.17.5-linux-ppc64le.tar.xz

Linux s390x 64-bit Binary: https://nodejs.org/dist/v14.17.5/node-v14.17.5-linux-s390x.tar.xz

AIX 64-bit Binary: https://nodejs.org/dist/v14.17.5/node-v14.17.5-aix-ppc64.tar.gz

ARMv7 32-bit Binary: https://nodejs.org/dist/v14.17.5/node-v14.17.5-linux-armv7l.tar.xz

ARMv8 64-bit Binary: https://nodejs.org/dist/v14.17.5/node-v14.17.5-linux-arm64.tar.xz

Source Code: https://nodejs.org/dist/v14.17.5/node-v14.17.5.tar.gz

Other release files: https://nodejs.org/dist/v14.17.5/

Documentation: https://nodejs.org/docs/v14.17.5/api/

SHASUMS

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

9085e04afb5ac85f70d9ac1080a486022ad14a2e36c0f668cb8a8c23e7f413cf  node-v14.17.5-aix-ppc64.tar.gz
2e40ab625b45b9bdfcb963ddd4d65d87ddf1dd37a86b6f8b075cf3d77fe9dc09  node-v14.17.5-darwin-x64.tar.gz
6e1d9e6091b14f5accb03dad7617492442dad83778cc34de45f1818a75b6368b  node-v14.17.5-darwin-x64.tar.xz
c8e264312804785020b68ad7afe1c41f3bf2a6aea4bba62f9b8e825cadfdfe49  node-v14.17.5-headers.tar.gz
cc70abea8fdd52c82b45dd9187ee555f6bbe931b33739aa7d8a3c5f25a9f5cac  node-v14.17.5-headers.tar.xz
bee6d7fb5dbdd2931e688b33defd449afdfd9cd6e716975864406cda18daca66  node-v14.17.5-linux-arm64.tar.gz
3a2e674b6db50dfde767c427e8f077235bbf6f9236e1b12a4cc3496b12f94bae  node-v14.17.5-linux-arm64.tar.xz
c79cc802f6034e9a9583ccbf8ccd17a0d8e0942c136011c0f4c3a475d46614be  node-v14.17.5-linux-armv7l.tar.gz
496f7bf14e360026421db1b803575c4f1d3614646ecdaca98d607553579f8904  node-v14.17.5-linux-armv7l.tar.xz
bbcd0142e65614670ac88017290a1b875bfecbe46b35d1a330360b8f2679b85e  node-v14.17.5-linux-ppc64le.tar.gz
29f2e1f0e1c13ceb8225bfbfb6ab0a236398eca5ceff602c4f3bc1e7eff88927  node-v14.17.5-linux-ppc64le.tar.xz
469d5a39a81baba588768404b58eb369c14a1667fcb0569c2247461476b6cc0e  node-v14.17.5-linux-s390x.tar.gz
7d40eee3d54241403db12fb3bc420cd776e2b02e89100c45cf5e74a73942e7f6  node-v14.17.5-linux-s390x.tar.xz
dc04c7e60235ff73536ba0d9e50638090f60cacabfd83184082dce3b330afc6e  node-v14.17.5-linux-x64.tar.gz
2d759de07a50cd7f75bd73d67e97b0d0e095ee3c413efac7d1b3d1e84ed76fff  node-v14.17.5-linux-x64.tar.xz
508dca638ee5807601bbaae72307d2413b16cf7f73f92a79b8b070e4c5a83c0b  node-v14.17.5.pkg
bd1bb74eae48c7aa7d4519736385e99477d954c6915adefdc3c373be461d1aaa  node-v14.17.5.tar.gz
42b1a7ff87580c6058063e943d7d53efa8c236145e6e9c8264ee425b40911fa8  node-v14.17.5.tar.xz
f6e651a76e0158e07ac12753c40739554455f42eec355a651242a28ed979e483  node-v14.17.5-win-x64.7z
a99b7ee08e846e5d1f4e70c4396265542819d79ed9cebcc27760b89571f03cbf  node-v14.17.5-win-x64.zip
2f2933bfb42d407b064f83c6047f71b75c55389b4bebf82b7ff5a97f4635ce54  node-v14.17.5-win-x86.7z
122ff403f4fadf9997ff2ceac5e07b6b0efd23294da369a1cf907ec98bf69db7  node-v14.17.5-win-x86.zip
f40926f33c4517a64978050fb8e88110d279a3a15adc962de4002f65ed34e821  node-v14.17.5-x64.msi
53763a06ff498d9deabff2cc6f4041d0a3c3f38f940acb6c8a8339df8d8b3827  node-v14.17.5-x86.msi
a6f14eab020e5b96214b9e08c1add28787526bfc47fa6f449c0e8059908bcb75  win-x64/node.exe
859ceb82ba9af9df5831bb67f45427bfb774aae22e7c0ee52623a3196ec0e1eb  win-x64/node.lib
9ccd696aa53573b3882524cf75bcf50ce0e04aca46ac85c11f2705920df9d38b  win-x64/node_pdb.7z
113e591eb4c433733ac5ad78764698f230877d441ae28d62faf90a48c7698630  win-x64/node_pdb.zip
23e8f9db8908051153b305b8d1b474d75d6503a1208604d19c39d15799d097c4  win-x86/node.exe
1078be47b9315c81aa3bb989c4bba8ee23e0da9e4854a44006decf45d578833e  win-x86/node.lib
facb6feaab3b11bac3b3e571898ebdc9ad0e0049a4d0b14cce0930eb3d8437ac  win-x86/node_pdb.7z
795e518e063abdda5866ecf5b4c29683115a6ef83bffb401d4066ada2067d144  win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEETtd49TnjY0x3nIfG1wYoSKGrAFwFAmET+1QACgkQ1wYoSKGr
AFwnXwf/ZTHqyRLj/EzS06OGDdwFOaqY9tU9Cgbqxns98pKV1BbhDAvDKoxzzo+H
9At0g/Sz4t3/p6ElCoh6hhL2DxRHejkktq39ofupz2NP3Ukc/ABomYyPz/EPVJjL
P/ZCJYNB1mwjRDhRpjcAXT3bF53T0+O1rx6T9Xexnp3K3B47dYB+0JSYx7Jh7/0O
JKhBIVOoNXGodNCyW7QLnj4ETg2TywGe2cil2zYeUTO/EOQaWzOxbcI7FFhoBLXw
MRlcOhrmjqJ94rriI9EQzEzIuqvcbnBd/rYe0cWcKfIdjAo+Iqz3p3HD3kzACBML
8C8A/5gTD2hEXplT2mjwUlFK3t8qTg==
=yMp/
-----END PGP SIGNATURE-----

주요 변경사항

• CVE-2021-3672/CVE-2021-22931: 도메인명에 일반적이지 않은 문자의 부적절한 처리(높음)
  • 도메인 네임 서버가 반환한 호스트 명을 Node.js DNS 라이브러리에서 입력값 유효성 검사를
    하지 않습니다. 이에 Node.js가 원격 코드 실행, XSS에 취약하고, 애플리케이션에
    크래시가 발생할 수 있습니다. 이 유효성 검사 누락 때문에 (도메인 하이재킹이 되는)
    잘못된 호스트 명을 출력할 수 있고 이 라이브러리를 사용하는 애플리케이션에 취약점을
    주입할 수 있습니다. 자세한 내용은
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22931에서 볼 수 있습니다.
• CVE-2021-22940: 스트림 취소로 http2를 닫을 때의 use after free(높음)
  • 공격자가 프로세스의 동작을 변경하려고 메모리 변조를 악용할 수 있는 곳에서 use after free 공격에
    Node.js가 취약합니다. 이 이슈는 CVE-2021-22930에 대한 수정이 문제를 완전히 해결하지 못했기 때문에
    CVE-2021-22930의 후속 조치입니다. 자세한 내용은
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22940에서 볼 수 있습니다.
• CVE-2021-22939: rejectUnauthorized 파라미터의 불완전한 유효성 검사(낮음)
  • Node.js https API를 잘못 사용하고 “rejectUnauthorized” 파라미터에 "undefined"를 전달하면
    오류도 반환하지 않고 만료된 인증서를 가진 서버에 연결을 받아들일 것입니다. 자세한 내용은
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22939에서 볼 수 있습니다.

Commits

• [054537cdc2] - deps: update c-ares to 1.17.2 (Beth Griggs) #39724
• [ac544905b6] - deps: reflect c-ares source tree (Beth Griggs) #39653
• [a914b23cbc] - deps: apply missed updates from c-ares 1.17.1 (Beth Griggs) #39653
• [31d5773654] - http2: add tests for cancel event while client is paused reading (Akshay K) #39622
• [a3c33d4ce7] - http2: update handling of rst_stream with error code NGHTTP2_CANCEL (Akshay K) #39622
• [6c7fff6f1d] - tls: validate “rejectUnauthorized: undefined” (Matteo Collina) nodejs-private/node-private#276

Windows 32-bit Installer: https://nodejs.org/dist/v16.6.2/node-v16.6.2-x86.msi

Windows 64-bit Installer: https://nodejs.org/dist/v16.6.2/node-v16.6.2-x64.msi

Windows 32-bit Binary: https://nodejs.org/dist/v16.6.2/win-x86/node.exe

Windows 64-bit Binary: https://nodejs.org/dist/v16.6.2/win-x64/node.exe

macOS 64-bit Installer: https://nodejs.org/dist/v16.6.2/node-v16.6.2.pkg

macOS Apple Silicon 64-bit Binary: https://nodejs.org/dist/v16.6.2/node-v16.6.2-darwin-arm64.tar.gz

macOS Intel 64-bit Binary: https://nodejs.org/dist/v16.6.2/node-v16.6.2-darwin-x64.tar.gz

Linux 64-bit Binary: https://nodejs.org/dist/v16.6.2/node-v16.6.2-linux-x64.tar.xz

Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v16.6.2/node-v16.6.2-linux-ppc64le.tar.xz

Linux s390x 64-bit Binary: https://nodejs.org/dist/v16.6.2/node-v16.6.2-linux-s390x.tar.xz

AIX 64-bit Binary: https://nodejs.org/dist/v16.6.2/node-v16.6.2-aix-ppc64.tar.gz

ARMv7 32-bit Binary: https://nodejs.org/dist/v16.6.2/node-v16.6.2-linux-armv7l.tar.xz

ARMv8 64-bit Binary: https://nodejs.org/dist/v16.6.2/node-v16.6.2-linux-arm64.tar.xz

Source Code: https://nodejs.org/dist/v16.6.2/node-v16.6.2.tar.gz

Other release files: https://nodejs.org/dist/v16.6.2/

Documentation: https://nodejs.org/docs/v16.6.2/api/

SHASUMS

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

2a51635501451a88f6addc192a79b6d36cc40dcf3a198a54037ab26fa6305043  node-v16.6.2-aix-ppc64.tar.gz
29e46e83f6837ff1c815c49f590c25fa51b0811a6590c62120a9d464ba431fc6  node-v16.6.2-darwin-arm64.tar.gz
befbfdec7c2118689544ef596e990aae2fcd1227707c6a8475056be14ce2ee8d  node-v16.6.2-darwin-arm64.tar.xz
74e95aca0ea88ed2d9270dccc1e3e62500912be5fef1528bb11f178c468f312c  node-v16.6.2-darwin-x64.tar.gz
21c9417c38d9bee140c659f7cf11806ec866af3f7053bd17ec45757a902c9956  node-v16.6.2-darwin-x64.tar.xz
7764da71e22d57746d65eb408dc80cbd7f6eed7f38b558684fa60571d1c69b26  node-v16.6.2-headers.tar.gz
e4bf9c8db91d149d9f3cebd79621571079ffb9d92dca10e7d260120ff99b428e  node-v16.6.2-headers.tar.xz
c51a94f28a29c390d20445d9b334a9808d3166bd244ebc03852d23c0b17a93ca  node-v16.6.2-linux-arm64.tar.gz
d885ffcef367a010e2b21a283ec96721e92b29f222de5d943bc7188e48f30349  node-v16.6.2-linux-arm64.tar.xz
1ba5287c941cef2da53c0d80db7db7124971b1c933f222ca7f2eb833e1817f35  node-v16.6.2-linux-armv7l.tar.gz
9756e763910ab7277346307fb5c4d34370ab3bb7d957129f58a65bf69f2af93b  node-v16.6.2-linux-armv7l.tar.xz
a966ea0d258c0e4a2c23b77f49f85bd7a4a4ff674fcd0d625a7fa48370d14d15  node-v16.6.2-linux-ppc64le.tar.gz
c2ee7961f1f217b0cc57a15efc3372b0495f6e1775a3e7f50b153b9db7c46be9  node-v16.6.2-linux-ppc64le.tar.xz
31e27413ff29607af54fcf842105a5290f2556add1b009b8e28240f96f742638  node-v16.6.2-linux-s390x.tar.gz
c3d6b4f7bf055f257abc07862743b614bdba00fd096a863eaadc700ae0939c98  node-v16.6.2-linux-s390x.tar.xz
913913f62416b96dee5f463b54e1adebaf669dd2ff3b047d6290deadc3003d97  node-v16.6.2-linux-x64.tar.gz
90c88cf6ca06dcd6d20c2b6dba5ff84d1f831446c25ef650f86e86bb94239353  node-v16.6.2-linux-x64.tar.xz
5bb14dafbac87efb74d3e050a90de68eb407ecadd52f12a1b4e937ec59884792  node-v16.6.2.pkg
e8df4a0084c379a37c11b315b7d068760a38598119d7ca9262977adcbbb58933  node-v16.6.2.tar.gz
8794cba1f971e4200a38690c76d7cc0a3bd1cba96fbf4305dfbe21fc459d79eb  node-v16.6.2.tar.xz
152e36fe0493f37d3be939c7f9c3a975c9f39a3346d66787b59e2db28ed2eeb6  node-v16.6.2-win-x64.7z
e7e05eb133fce48b76b4db6714d80aea90872afec176599585bc1aa457fb41b9  node-v16.6.2-win-x64.zip
b40c0f3bf401ff56c558de3a24b33101273c622e664e1e5df4d08444aa4ae7df  node-v16.6.2-win-x86.7z
b7324b70ed37e14878cde39cd69099368513068495b25d97f1423591c0206685  node-v16.6.2-win-x86.zip
6cb05e722749c98cc9d0d1b2ef0c3a4c5c05da83a00b4ef04cee0bd4a3cfbbc7  node-v16.6.2-x64.msi
22b21336d6ae8d16a1e45d38bd198831aa27ddf8a61d52831cfbd3ba5d2866e0  node-v16.6.2-x86.msi
9c99a5255dabc044bd262df07ec8e6ba3351e38d003121ed8739906bf5f0eb42  win-x64/node.exe
e7484e4552df7e992e5d409e518aa467555769dc85917da408d41f85c4f2823d  win-x64/node.lib
a44ba1e9c42f84d80a9c29871a22c687e7f35ae358a898813d50b02866b8d6e9  win-x64/node_pdb.7z
bfdfedc1829855dcb1545661963dcb98d72ea517a4be3926a8c35f5120a72637  win-x64/node_pdb.zip
5dc410d110cb86a0e9fd58f30b5c1208915e733e3ab222e71fbdb0aa1a3755f3  win-x86/node.exe
7821ab6af3cef68eee042ef6b7fb2185eafff8bd4e4c988c8fc6c1d0242d2bcd  win-x86/node.lib
cee7fe2c53d99e9c7bca0e7485a35c49d0f01ad131a790199cdb68e1383b946d  win-x86/node_pdb.7z
32f1c9673025980c1563bf173c02bf3ae81a0a8c0e30673a3e906b3adff0519a  win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEETtd49TnjY0x3nIfG1wYoSKGrAFwFAmET+3QACgkQ1wYoSKGr
AFxCGAgAs2V2hTNMfXb7C82V45tyi5tg2CIWtv98Ewc5py0tuVPbWmUO8enPP0AO
u4VAidwH3q4FT1xlVakC3QQL9qf13yi5fdLyHxfToCu2TP4U1avV8CWymdG/gPYz
wn6IBurWn/a3RRnva+euUEUubSAvRk5QrujAgkmcuAkXXQAo1pjbKjeKJ2NLnVeC
9dUISRz7XtmYEmAO8Fyszv/7JbZuNthd/VITDY9taWfN46nlcYwLSA54vqYj5nG9
AJoCKd5t/T5CMGOAc1/rtytFrXVBiCcSQLilFFy7In0oVQeT3EvtQmQENfdbwr3r
uCe9lxACJp/+lq2VZXlKFQpkzDxong==
=6UuH
-----END PGP SIGNATURE-----

(2021년 8월 11일 업데이트) 보안 릴리스를 사용할 수 있습니다.

다음 이슈에 대해 v16.x, v14.x, v12.x 버전의 Node.js 릴리스 라인의 업데이트를 이용할 수 있습니다.

c-ares 업그레이드 - 도메인명에 일반적이지 않은 문자의 부적절한 처리(높음) (CVE-2021-22931)

도메인 네임 서버가 반환한 호스트 명을 Node.js DNS 라이브러리에서 입력값 유효성 검사를 하지 않습니다.
이에 Node.js가 원격 코드 실행, XSS에 취약하고, 애플리케이션에 크래시가 발생할 수 있습니다.
이 유효성 검사 누락 때문에 (도메인 하이재킹이 되는) 잘못된 호스트 명을 출력할 수 있고 이 라이브러리를
사용하는 애플리케이션에 취약점을 주입할 수 있습니다.

자세한 내용은 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22931에서 볼 수 있습니다.

영향받는 버전:

• 16.x, 14.x, 12.x 릴리스 라인의 모든 버전

이 취약점을 보고해 준 Fraunhofer SIT의 Philipp Jeitner에게 감사드립니다.

스트림 취소로 http2를 닫을 때의 use after free(높음) (CVE-2021-22940)

공격자가 프로세스의 동작을 변경하려고 메모리 변조를 악용할 수 있는 곳에서 use after free 공격에
Node.js가 취약합니다. 이 이슈는 CVE-2021-22930에 대한 수정이 문제를 완전히 해결하지 못했기 때문에
CVE-2021-22930의 후속 조치입니다.

자세한 내용은 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22940에서 볼 수 있습니다.

영향받는 버전:

• 16.x, 14.x, 12.x 릴리스 라인의 모든 버전

원래의 취약점을 보고하고 잔여 이슈도 찾도록 도와준 Eran Levin(exx8)에게 감사드립니다.

rejectUnauthorized 파라미터의 불완전한 유효성 검사(낮음) (CVE-2021-22939)

Node.js https API를 잘못 사용하고 “rejectUnauthorized” 파라미터에 "undefined"를 전달하면
오류도 반환하지 않고 만료된 인증서를 가진 서버에 연결을 받아들일 것입니다.

자세한 내용은 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22939에서 볼 수 있습니다.

영향받는 버전:

• 16.x, 14.x, 12.x 릴리스 라인의 모든 버전

이 취약점을 보고해 준 HTTP Toolkit의 Tim Perry에게 감사드립니다.

다운로드와 릴리스 상세 내용

• Node.js v12.22.5(LTS)
• Node.js v14.17.5(LTS)
• Node.js v16.6.2(현재 버전)

요약

다음 이슈를 해결하려고 Node.js 프로젝트는 2021년 8월 11일 수요일쯤 지원하는 모든 릴리스 라인의 최신 버전을 릴리스할 것입니다.

• 높은 심각도의 이슈 두 개와 낮은 심각도의 이슈 한 개

영향

Node.js 16.x 릴리스 라인은 높은 심각도의 이슈 두 개와 낮은 심각도의 이슈 하나에 취약합니다.

Node.js 14.x 릴리스 라인은 높은 심각도의 이슈 두 개와 낮은 심각도의 이슈 하나에 취약합니다.

Node.js 12.x 릴리스 라인은 높은 심각도의 이슈 두 개와 낮은 심각도의 이슈 하나에 취약합니다.

릴리스 시기

릴리스는 2021년 8월 11일 수요일쯤 사용 가능할 예정입니다.

연락처 및 향후 업데이트

현재 Node.js의 보안 정책은 https://nodejs.org/en/security/에서 볼 수 있습니다.
Node.js의 취약점을 보고하고 싶다면
https://github.com/nodejs/node/blob/master/SECURITY.md에 정리된 절차를 따르기 바랍니다.

Node.js의 보안 취약점과 보안과 관련된 릴리스의 최신 정보를 얻으려면
https://groups.google.com/forum/#!forum/nodejs-sec에서 소수의 공지만 하는
nodejs-sec 메일링 리스트를 구독해 주세요. 이 프로젝트는 nodejs GitHub 조직에서 관리하고 있습니다.

주요 변경사항

• npm을 7.20.3으로 업데이트했습니다.(npm team) #39579
• 일부 네이티브 모듈에 영향을 줄 수 있는 V8 9.2의 ABI 호환성을 깨뜨린 변경사항을 되돌렸습니다.(Michaël Zasso) #39624
• 최소한 Webpack과 Jest에 영향을 준다고 밝혀진 오류 처리의 버그를 수정했습니다.(Guy Bedford) #39593

Commits

• [6c769ccedf] - build: override python executable path on configure (legendecas) #39465
• [cbf6a01c17] - crypto: fix generateKeyPair with encoding ‘jwk’ (himself65) #39319
• [3091295609] - deps: revert ABI-breaking change from V8 9.2 (Michaël Zasso) #39624
• [06d7b8e8c8] - deps: upgrade npm to 7.20.3 (npm team) #39579
• [7b612fadc2] - doc: fix crypto.hkdf callback derivedKey type (Filip Skokan) #39453
• [7a731efd97] - doc,lib,test: rename HKDF ‘key’ argument (Tobias Nießen) #39474
• [93bbaa0ce9] - module: fix ERR_REQUIRE_ESM error for null frames (Guy Bedford) #39593
• [e13162de09] - module: refine enrichCJSError (Antoine du Hamel) #39507
• [815fbec6f1] - repl: do not include legacy getter/setter methods in completion (Anna Henningsen) #39576
• [0405c8d3f0] - zlib: avoid converting Uint8Array instances to Buffer (Antoine du Hamel) #39492

Windows 32-bit Installer: https://nodejs.org/dist/v16.6.1/node-v16.6.1-x86.msi

Windows 64-bit Installer: https://nodejs.org/dist/v16.6.1/node-v16.6.1-x64.msi

Windows 32-bit Binary: https://nodejs.org/dist/v16.6.1/win-x86/node.exe

Windows 64-bit Binary: https://nodejs.org/dist/v16.6.1/win-x64/node.exe

macOS 64-bit Installer: https://nodejs.org/dist/v16.6.1/node-v16.6.1.pkg

macOS Apple Silicon 64-bit Binary: https://nodejs.org/dist/v16.6.1/node-v16.6.1-darwin-arm64.tar.gz

macOS Intel 64-bit Binary: https://nodejs.org/dist/v16.6.1/node-v16.6.1-darwin-x64.tar.gz

Linux 64-bit Binary: https://nodejs.org/dist/v16.6.1/node-v16.6.1-linux-x64.tar.xz

Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v16.6.1/node-v16.6.1-linux-ppc64le.tar.xz

Linux s390x 64-bit Binary: https://nodejs.org/dist/v16.6.1/node-v16.6.1-linux-s390x.tar.xz

AIX 64-bit Binary: https://nodejs.org/dist/v16.6.1/node-v16.6.1-aix-ppc64.tar.gz

ARMv7 32-bit Binary: https://nodejs.org/dist/v16.6.1/node-v16.6.1-linux-armv7l.tar.xz

ARMv8 64-bit Binary: https://nodejs.org/dist/v16.6.1/node-v16.6.1-linux-arm64.tar.xz

Source Code: https://nodejs.org/dist/v16.6.1/node-v16.6.1.tar.gz

Other release files: https://nodejs.org/dist/v16.6.1/

Documentation: https://nodejs.org/docs/v16.6.1/api/

SHASUMS

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

02581dbbfc2886dec326c3fca70c0f17e82491563057889dc630e5c055754c02  node-v16.6.1-aix-ppc64.tar.gz
8b766a2bcc686f968146b09892f24cfbeaebb547a4d50744d9af80def5221613  node-v16.6.1-darwin-arm64.tar.gz
3565e5c86067325db710490a6d2a41d1044e944d9346046e813543ec92ee7a4e  node-v16.6.1-darwin-arm64.tar.xz
bca84deb7bf6c57537b3af44997d985045c95b5048fc5665cdc7f54d5c147516  node-v16.6.1-darwin-x64.tar.gz
711fea396b0a1c564b519c909be3afc938f75ad95d3ea9125e2187eb7e3ce1bf  node-v16.6.1-darwin-x64.tar.xz
a87003ca6f43a23d611637b4a39b5d255f1a0ed5ad9423134fc9ed61a6fca364  node-v16.6.1-headers.tar.gz
3c9bfa2d4594ff8f4baee01652ceb2a05c5d5e44100afd94a7ee6b347721e1e0  node-v16.6.1-headers.tar.xz
ecab5720035b6bb97564b05df527d49a37489dcba6a244c0f1c7c801bb2755f7  node-v16.6.1-linux-arm64.tar.gz
59867dccc1f392416e9301a94b9df19faa38d0b0d1d2f1cea174835dff1a1cb0  node-v16.6.1-linux-arm64.tar.xz
04268fda50beb3aa116e150adcd3175cde17166b1f40079765da281fa73cc6cb  node-v16.6.1-linux-armv7l.tar.gz
903e30b38f67bb128d2e1ff520fc2fdabede1029338010b1304c9c081236859e  node-v16.6.1-linux-armv7l.tar.xz
9830281e2d553590c4a53d5d8327a2887df5b65452f5fa55ccd9ae597fcc247b  node-v16.6.1-linux-ppc64le.tar.gz
9392e583f24d41c1e5f5625171d963fa01e924b3b38cdd7632f249e8e491e958  node-v16.6.1-linux-ppc64le.tar.xz
fec6745555b477fbb62440b0306c8b4717980778bf8f0d5fd497915508775bd0  node-v16.6.1-linux-s390x.tar.gz
878cb8dfe48312fe40ab9fc320395e8322e8d9e1db4821539dcc6e2b006d8616  node-v16.6.1-linux-s390x.tar.xz
e7e4149626ccd0653783ee8aef81eb50fa7ada2f9f7cbc031969b3b1ac3ffa6b  node-v16.6.1-linux-x64.tar.gz
ff95e86c3161859251cf659a76be63d99fc45e2380addf634812e5afebac961a  node-v16.6.1-linux-x64.tar.xz
1ab44e48c45c9fdc8a91b7339f610f7e0d87801640769c041d8649d00157d79f  node-v16.6.1.pkg
36467b8a4e7e3bacc2f4f1709a83b0506429d1999bc461e5e363bc91d3437c09  node-v16.6.1.tar.gz
79b1ea058cc67f2a69462cd5f2467a1efe08c64299c053da70384ce1a0e3e557  node-v16.6.1.tar.xz
5b85e20f14c0c9a9c4ac6f867f8bcf47a09c645930707f7b766322065e719ed3  node-v16.6.1-win-x64.7z
ec5dce1e182172cc7edc8d56c377f4d106232b2b14127bd2a1565497448504e9  node-v16.6.1-win-x64.zip
a798038fcae1c02e831d42e5d7ca76b643905fd9716bf11a4357cfa903148fea  node-v16.6.1-win-x86.7z
395ce9ac6c7204ccac8f16dfa158306ec42cf1a1ffc29f40076dcdafe78bd328  node-v16.6.1-win-x86.zip
b3f74a4b6c8d31bb33b08228c6797b1f6d10b0bcf096f2d7287bcc225dfb237d  node-v16.6.1-x64.msi
7a5a849bc890aee91a2ff0285fe90e6ddc793b4f265792ce70b50595f6e0543b  node-v16.6.1-x86.msi
cb88167e067634cc8053a5204364fbb3fcabe5f6b3b1a67b38f67c21ad72acb3  win-x64/node.exe
e7484e4552df7e992e5d409e518aa467555769dc85917da408d41f85c4f2823d  win-x64/node.lib
0eae256767c33fb44eab2c02972d1d835bcf6e6a430b6698e9120aeb4c49124f  win-x64/node_pdb.7z
a40ddd793650ff3801aa149523ce98a9a4c66bbf9fc69d0cea0c9eaaba635d28  win-x64/node_pdb.zip
c0bb2eb9118c32a2ec9c3dffc7155adbb29962d5ec88d337e30488e6e983993c  win-x86/node.exe
7821ab6af3cef68eee042ef6b7fb2185eafff8bd4e4c988c8fc6c1d0242d2bcd  win-x86/node.lib
b83ed322a47a81b56200e744457e286a07d7c48e15b8a71a63a9c0fc73276ce5  win-x86/node_pdb.7z
ea5cfb3d53b8614d5f4941ffac6f8277e6998cc2f85f3a26e0838db533b21c61  win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEj8yhP+8dDC6RAI4Jdw96mlrhVgAFAmEI+QAACgkQdw96mlrh
VgBSxw/+NGa6SVZ7iXM6FWFVq+nfuiCy6bbUov6sbTnk9h1XXN4nHdPfVoJU50Jh
Act+AVa2DOrf60JXl8YhATxkx5H3x4ksB9u6lVByhwdGFXnhw6tgtMNKPoHvakEb
hOdXWLCi6KIQpfhR7gpuxvUTjpn3fHJxMfb/YXnJHX0DEct+7XnwAjpuY3XtldUr
sfDTBtQQVH/7CpevnTHjsARoWnRC8EZ2kZ2QD8DpdQPTkfcwQElashnuHLeFCYSV
oPQtFn0moKDvfMl7+AHARBSYPtloJ1ySfaYZk/0DA+cDVmAhlbmmIem7E0vyn3lf
MWdEiEegDOZk8kSymQIg4jpeJxLkAhipbvOsKhFuIyBIk5nPMlZE5kWa/VsQUZfc
ruhQB8uDyHJB2QEixfwBl8UV4Zbe4uaawVgeykAo6qBkONGv5NdKUWO7wHVOYtgT
dAK3ggfAR2BWF75Qn4f44PBHOOiZDwoBolAGN5Xa5x/TwOL7hmAAGFNU4m3yy/8Q
60lKs9HrW1t+FJT/vLR/sbMB1hvdTWvaK06knrCpZ+n4jjxwWK6oYkVjZD94TSlz
aBbj+OOcO2MG9nGzqVDseAK8pwpHo9okiHd7xbuSNXRVsh28cOVEWVYpRkRWPu1f
/YUnd9apXKduE74AcYx7xMPLJinHwwGhd1BPeP/WrF3bQ3/58EQ=
=MTC/
-----END PGP SIGNATURE-----

주요 변경사항

• CVE-2021-22930: 스트림 취소시 http2를 종료할 때 메모리 해제 후 참조 문제 (높음)
  • Node.js는 공격자가 메모리 손상을 일으켜 프로세스의 동작을 변경할 수 있는
    메모리 해제 후 참조(use-after-free)에 취약합니다.
    자세한 내용은 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930에서 볼 수 있습니다.

Commits

• [499e56babe] - build: fix label-pr workflow (Michaël Zasso) #38399
• [98ac3c4108] - build: label PRs with GitHub Action instead of nodejs-github-bot (Phillip Johnsen) #38301
• [ddc8dde150] - deps: upgrade npm to 6.14.14 (Darcy Clarke) #39553
• [e11a862eed] - deps: update to c-ares 1.17.1 (Danny Sonnenschein) #36207
• [39e9cd540f] - deps: restore minimum ICU version to 65 (Richard Lau) #39068
• [e459c79b02] - deps: V8: cherry-pick 035c305ce776 (Michaël Zasso) #38497
• [b3c698a5d8] - deps: update to cjs-module-lexer@1.2.1 (Guy Bedford) #38450
• [7d5a2f9588] - deps: update to cjs-module-lexer@1.1.1 (Guy Bedford) #37992
• [906b43e586] - deps: V8: update build dependencies (Michaël Zasso) #39245
• [15b91fa3fa] - deps: V8: backport 895949419186 (Michaël Zasso) #39245
• [8046daf09f] - deps: V8: cherry-pick 0b3a4ecf7083 (Michaël Zasso) #39245
• [f4377b13a6] - deps: V8: cherry-pick 7c182bd65f42 (Michaël Zasso) #39245
• [add7b5b4c2] - deps: V8: cherry-pick cc641f6be756 (Michaël Zasso) #39245
• [a73275f056] - deps: V8: cherry-pick 7b3332844212 (Michaël Zasso) #39245
• [492b0d6b37] - deps: V8: cherry-pick e6f62a41f5ee (Michaël Zasso) #39245
• [2b54156260] - deps: V8: cherry-pick 92e6d3317082 (Michaël Zasso) #39245
• [bbceab4d91] - deps: V8: backport 1b1eda0876aa (Michaël Zasso) #39245
• [93a1a3c5ae] - deps: V8: cherry-pick 530080c44af2 (Milad Fa) #38509
• [b263f2585a] - http2: on receiving rst_stream with cancel code add it to pending list (Akshay K) #39423
• [3e4bc1b0d3] - module: fix legacy node specifier resolution to resolve "main" field (Antoine du Hamel) #38979
• [f552c45676] - src: move CHECK in AddIsolateFinishedCallback (Fedor Indutny) #38010
• [30ce0e66ae] - src: update cares_wrap OpenBSD defines (Anna Henningsen) #38670

Windows 32-bit Installer: https://nodejs.org/dist/v12.22.4/node-v12.22.4-x86.msi

Windows 64-bit Installer: https://nodejs.org/dist/v12.22.4/node-v12.22.4-x64.msi

Windows 32-bit Binary: https://nodejs.org/dist/v12.22.4/win-x86/node.exe

Windows 64-bit Binary: https://nodejs.org/dist/v12.22.4/win-x64/node.exe

macOS 64-bit Installer: https://nodejs.org/dist/v12.22.4/node-v12.22.4.pkg

macOS Intel 64-bit Binary: https://nodejs.org/dist/v12.22.4/node-v12.22.4-darwin-x64.tar.gz

Linux 64-bit Binary: https://nodejs.org/dist/v12.22.4/node-v12.22.4-linux-x64.tar.xz

Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v12.22.4/node-v12.22.4-linux-ppc64le.tar.xz

Linux s390x 64-bit Binary: https://nodejs.org/dist/v12.22.4/node-v12.22.4-linux-s390x.tar.xz

AIX 64-bit Binary: https://nodejs.org/dist/v12.22.4/node-v12.22.4-aix-ppc64.tar.gz

SmartOS 64-bit Binary: https://nodejs.org/dist/v12.22.4/node-v12.22.4-sunos-x64.tar.xz

ARMv7 32-bit Binary: https://nodejs.org/dist/v12.22.4/node-v12.22.4-linux-armv7l.tar.xz

ARMv8 64-bit Binary: https://nodejs.org/dist/v12.22.4/node-v12.22.4-linux-arm64.tar.xz

Source Code: https://nodejs.org/dist/v12.22.4/node-v12.22.4.tar.gz

Other release files: https://nodejs.org/dist/v12.22.4/

Documentation: https://nodejs.org/docs/v12.22.4/api/

SHASUMS

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

efc0252457e8bbc4d703a672e2f58a4da9ebc14eb07e7a16c9dab2fbc732f6a5  node-v12.22.4-aix-ppc64.tar.gz
6e6842468ff8b50562098e41f9fb6af7c3acbefbd018696f4ac7c2d9b7faac48  node-v12.22.4-darwin-x64.tar.gz
0c8fe8b0c6c8d34eda207d81431dfe7669de62e26b9ba900f81281b12e0d87aa  node-v12.22.4-darwin-x64.tar.xz
a13fded3cc808fe8396b97af065450db8e458bdcb7171cfc4e19e6ff0006eee4  node-v12.22.4-headers.tar.gz
8c66ac12087638124967bfc91f55722119018f9ff8fc3be79171f75935d811f1  node-v12.22.4-headers.tar.xz
c104dff52409d27836f7c4529c7f3cce6c76a521b8b834e338bcbf6eed4abc18  node-v12.22.4-linux-arm64.tar.gz
db84c7a5a34ffdaabcc3edd715f0ce71158306b10e3d85c8a3d4f894eeab8cf8  node-v12.22.4-linux-arm64.tar.xz
8d5164221a89c3ae4e7cbb5a5bb5b22fd3bf87d058295fe97e1b1e3376fafe33  node-v12.22.4-linux-armv7l.tar.gz
2484a2f7161eda044e0b83c421a734ff615d869eea9fc501b687edb6efa889eb  node-v12.22.4-linux-armv7l.tar.xz
2f8243adeb44aba9f1ff7ca62f79c923fd08093787e3b045e40c96d56311f733  node-v12.22.4-linux-ppc64le.tar.gz
cf7c930124a62bc7255977643fdc902b4edcdc084d4b062f6c5b0ef8efd09234  node-v12.22.4-linux-ppc64le.tar.xz
a26088c02efa4cf07c5b8aaf9bf1678c83991bc8ef36683cd5846563d67e2730  node-v12.22.4-linux-s390x.tar.gz
d080306bb610e73e4d36303773927551b781254e2960d6886c6878933a3ef3f4  node-v12.22.4-linux-s390x.tar.xz
2dde8a22ad15b8e270fee42ab40de71aed7bd97c10e7d04cd826430400fff601  node-v12.22.4-linux-x64.tar.gz
b699789d93a8d1435bf0b90a859423c9595148830a9304a78b4795d9104a128b  node-v12.22.4-linux-x64.tar.xz
4f1894cd9e8ded74b72cad2686b01bf8fa50cbe2154a6f0f3735800868c1c7f2  node-v12.22.4.pkg
466efc26a1fd5ed4881e943ed90d62eff307cac85802b4aacaa468b72e4e1fdb  node-v12.22.4-sunos-x64.tar.gz
91db23b05a146166a5093eb30ee22a379a61a23eca492824b3192887b912d23c  node-v12.22.4-sunos-x64.tar.xz
613b5a895d85d72b4aa495bdf0ffa483ad8b33635a173c4beb94d2842db740f5  node-v12.22.4.tar.gz
44cd4eab131e5282fc923e9e720d983a0b44c12e4aa4f6c3598dc97ae1e4cd4c  node-v12.22.4.tar.xz
ddf59d18b64fdd4c3d1376195ad474dab50805e1c29be49368f01970d561066b  node-v12.22.4-win-x64.7z
b0f0981a417fad6eca2e012958fd2597ce51f441cc8615ca121752ea1c29de0c  node-v12.22.4-win-x64.zip
0001277cb16722efde2ce3ed9314432a63a4919b79e0d40253775468c3238f30  node-v12.22.4-win-x86.7z
dabb1adb657c941d61dde77d7b703d50c8b93ceba98f4b2064bcdff334bbfbb8  node-v12.22.4-win-x86.zip
5caf61f114e46f04fdb57fc1607b62156d80afc6cf52e39854938ba09f6e9476  node-v12.22.4-x64.msi
687f43f366451ad1a8c2b1fbd19ebb816722ed86e68554be207de9ce47a030c6  node-v12.22.4-x86.msi
29398272a82800e055dbca73c976afe4ee0030b42b6436b5b993eb96774372c7  win-x64/node.exe
28e5c24831deedbf4fb8a9560f2c4f95205479c589f54a9a53ec346f6a5cf8bf  win-x64/node.lib
3940b0fc29b083bb042b96a22349b80e16c1622acb69de7bb8788aaadc93e9bb  win-x64/node_pdb.7z
6d0f10e5399955c92857404fbce668366615e2ddc4f31d40a91ff31a8b10aa6f  win-x64/node_pdb.zip
9f9265a24ea3dc71e2df7951d7b0978ff54e43c4ed20b9935fd44e40f3086bcb  win-x86/node.exe
dad0e6bef1c45f4f43fbf84c33df6b910ace8122eff3f8d39d5ebecd25320ba4  win-x86/node.lib
5e54a615f013ed6c89c6b569c570c5089901edf328152ac806382dfb69e7ba4c  win-x86/node_pdb.7z
69b88e655b4b8eff5975105d25566a71ddecfbf1f1c6f0f08210eca5ce35a040  win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEyC+jrhy+3Gvka5NgxDzsRcF6uTwFAmEC2vsACgkQxDzsRcF6
uTw/tw/+MnzYxvM25CUEAEwTe9USs2IC6ro0e6+LL2F/XkEaECt8eOtfpZhF+4Yj
SzL+A82RxctYZEn6nOzTyrRV0PGH8sce4zV7KlK/fwD7xBQ2WmL5V2pffgTEPe7G
brWtdRHBsQg3Y3MfwhZdxldhNbcsrfD1L+rkcybTtYYJHfV2QgwjftBk3/hTs7Ma
EKZFlPapAXW1EeXEg+q7dMtrjxq/McIfoud+gsb5oouJ9bZ2ie2hVR6JS0xkLpix
FVf/v1uqBqQiFaQNOhQawajI8UN6hcOA2OwHO6kCCHUSOdy9aCMYQajaq0RmSD/t
VaElU98+35emRwbPyBTbfoXfDwqAhlHTUgn/7iExBCqIJU37FrkPghXJPQBgK7Rs
x8upnGl/239iyyw7/ATkO9Ibta4fKLMQc3ZF5Go+0M6omCfLPoMLAt3jrUyRKJvF
k+oOhKInTgPD0xm+n2S8rl5NbjsBUOW1WVONrvp1KcQBM4rvh/AZT8U09ejP1pZq
vFddPRYF1pyNnGtyTdpi1jcPWgcEnSSror51rYeUlE5UJtshICq7bALXNHiusEFe
iihjzTi4ef/eLyzxTYSNvGfBBO+Tt61O5r7r6xmRWG7HPZ+QxZd/rBsUk6zdvpFR
PQIAIOzSYDpp+pfULl78La9hY/1KEVbxvg+TWm+VZiyrc2aajaE=
=GiEb
-----END PGP SIGNATURE-----

주요 변경사항

• CVE-2021-22930: 스트림 취소시 http2를 종료할 때 메모리 해제 후 참조 문제 (높음)
  • Node.js는 공격자가 메모리 손상을 일으켜 프로세스의 동작을 변경할 수 있는
    메모리 해제 후 참조(use-after-free)에 취약합니다.
    자세한 내용은 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930에서 볼 수 있습니다.

이 릴리스는 Node.js 14.17.0과 14.17.1에서 ICU 업데이트 때문에 다시 발생한 국제화 관련 회귀 문제도 수정합니다.

Commits

• [86477b2b53] - benchmark: output JSON-compatible numbers (Michaël Zasso) #38778
• [f9693cf0a0] - benchmark: fix http elapsed time (Antoine du Hamel) #38743
• [1ab4f81abc] - build: fix building with external builtins (Momtchil Momtchev) #39091
• [a657f250f1] - build: reconfigure when gyp files change on Windows (Joyee Cheung) #39066
• [6962c647d6] - Revert “build: work around bug in MSBuild v16.10.0” (Michaël Zasso) #38977
• [069cf59e56] - build: make build-addons errors fail the build (Richard Lau) #38983
• [d341561ae0] - build: fix commit-queue default branch (Mary Marchini) #38998
• [0736dd833a] - build: don’t pass python override to V8 build (Richard Lau) #38969
• [49a000683a] - build: correct Xcode spelling in .gitignore (bl-ue) #38895
• [1ffbe3d5da] - build: remove outdated dont-land-on-v6.x label (Michaël Zasso) #38886
• [7f53a0b349] - build: add lto build to CI (Jiawen Geng) #38567
• [a6f8ba8f0c] - build: allow LTO with Clang 3.9.1+ (Jesse Chan) #38751
• [b5b1d1fb79] - build: replace non-POSIX test -a|o (Issam E. Maghni) #38731
• [fc2b1ec308] - child_process: refactor to use validateBoolean (Qingyu Deng) #38927
• [55ea29eedd] - child_process: retain reference to data with advanced serialization (Anna Henningsen) #38728
• [716ee1531c] - debugger: rename internal library for clarity (Rich Trott) #39080
• [b7ee9d8287] - debugger: use ERR_DEBUGGER_STARTUP_ERROR in _inspect.js (Rich Trott) #39024
• [5d4d23dcf3] - debugger: use error codes in debugger REPL (Rich Trott) #39024
• [a3991d7c18] - debugger: use ERR_DEBUGGER_ERROR in debugger client (Rich Trott) #39024
• [052e1c5385] - debugger: removed unused function argument (Rich Trott) #38850
• [f9a4dcb30c] - debugger: refactor inspect_repl to use primordials (Antoine du Hamel) #38551
• [ad8056659f] - debugger: refactor to use internal modules (Antoine du Hamel) #38550
• [b5724a1984] - debugger: disable only the lint rules required by current file state (Rich Trott) #38529
• [34659f2b7a] - debugger: avoid non-ASCII char in code file (Rich Trott) #38529
• [ae90756582] - debugger: wrap lines longer than 80 chars (Rich Trott) #38529
• [b30ff35a36] - debugger: align message with Node.js standard (Rich Trott) #38400
• [d74d67f207] - debugger: remove unnecessary boilerplate copyright comment (Rich Trott) #38952
• [e58f938ab3] - debugger: enable linter on internal/inspector/inspect_client (Antoine du Hamel) #38417
• [249acd5e69] - debugger: reduce scope of eslint disable comment (Rich Trott) #38946
• [0ef5e088c0] - debugger: revise async iterator usage to comply with lint rules (Rich Trott) #38847
• [79bfb0416b] - debugger: wait for V8 debugger to be enabled (Michaël Zasso) #38811
• [721edeffd3] - debugger: refactor internal/inspector/_inspect to use more primordials (Antoine du Hamel) #38406
• [21ecee1b4b] - debugger: add usage example for --port (Rafael Gonzaga) #38400
• [cde72213d1] - Revert “debugger: rename internal library for clarity” (Antoine du Hamel) #39446
• [4c2b813799] - debugger: rename internal library for clarity (Rich Trott) #39080
• [61da371251] - debugger: apply automatic lint fixes for inspect_repl.js (Rich Trott) #38411
• [8dd1f70fe3] - debugger: apply automatic lint fixes for _inspect.js (Rich Trott) #38411
• [fb0ab4c034] - debugger: removed unused function argument (Rich Trott) #38850
• [9e28c6c946] - debugger: fix race condition/deadlock on initialization (Rich Trott) #38161
• [a8924fa0fb] - debugger: replace internal use of deprecated API (Rich Trott) #38161
• [22afb7cbe6] - debugger: allow longer time to connect (Rich Trott) #38161
• [b172e6f436] - debugger: accommodate line chunking in Windows (Rich Trott) #38161
• [1da692185a] - debugger: fix inspect restart on Windows (Rich Trott) #38161
• [0321c5b194] - debugger: remove unused code (Rich Trott) #38161
• [8bd2a3926a] - debugger: move node-inspect to internal library (Rich Trott) #38161
• [acf5279c39] - deps: upgrade npm to 6.14.14 (Darcy Clarke) #39553
• [4efefe02a8] - deps: V8: backport ae7bfb3f03b3 (Michaël Zasso) #39051
• [5039f21396] - deps: V8: backport 16ffec97e5eb (Michaël Zasso) #39051
• [9b69069f71] - deps: V8: cherry-pick b0a7f5691113 (Michaël Zasso) #39051
• [4213e97d26] - deps: V8: cherry-pick 81181a8ad80a (thomasmichaelwallace) #39187
• [ccecea5f72] - deps: restore minimum ICU version to 65 (Richard Lau) #39068
• [7557e74cf4] - deps: V8: update build dependencies (Michaël Zasso) #39244
• [a60a960406] - deps: V8: cherry-pick 895949419186 (Michaël Zasso) #39244
• [7fdd6ecbb4] - deps: V8: cherry-pick 0b3a4ecf7083 (Michaël Zasso) #39244
• [4be2e878b7] - deps: V8: cherry-pick 7c182bd65f42 (Michaël Zasso) #39244
• [a83b01a4af] - deps: V8: cherry-pick 92e6d3317082 (Michaël Zasso) #39244
• [17eb561184] - deps: V8: backport 1b1eda0876aa (Michaël Zasso) #39244
• [04032fa1a3] - doc: remove references to deleted freenode channels (devsnek) #39047
• [797bd73849] - doc: add missing parameter types (Voltrex) #39013
• [e474e984e5] - doc: clarify that only one Python version is required to build (bl-ue) #38894
• [cd48ee71d9] - doc: fixed typo in process.md (Derevianchenko Maksym) #38941
• [41fcbad2b2] - doc: add missing semis after classes (Darshan Sen) #38931
• [b40529643b] - doc: mark util.inherits as legacy (Voltrex) #38896
• [b2d836b1ea] - doc: clarify when readable._read(...) is called (Shaun Keys) #38726
• [e36d2a6d6a] - doc: fixed typo in n-api.md (julianjany) #38822
• [b4f60bb523] - doc: use “Long Term Support” in collaborator guide (Rich Trott) #38841
• [7a9850a5fb] - doc: use “Long Term Support” in technical values doc (Rich Trott) #38841
• [dfe9698db0] - doc: use “Long Term Support” in README (Philip) #38839
• [8699e622fc] - doc: fix grammar in fs.md (yotamselementor) #38818
• [826ae9b2e2] - doc: fixup code sample in http.md (TodorTotev) #38776
• [8049b69b7f] - doc: document null target pattern (Guy Bedford) #38724
• [4d9129eb71] - doc: update code examples for node:url module (fisker Cheung) #38645
• [2ff671e4c4] - doc,url: clarify domainTo* when built without ICU (Darshan Sen) #38789
• [9b993edca8] - errors: add ERR_DEBUGGER_STARTUP_ERROR (Rich Trott) #39024
• [cfccf13e84] - errors: add ERR_DEBUGGER_ERROR (Rich Trott) #39024
• [bb9a9adc2b] - errors: don’t rekey on primitive type (Benjamin Coe) #39025
• [d48b91ea2b] - http2: on receiving rst_stream with cancel code add it to pending list (Akshay K) #39423
• [d8cc2fffd6] - lib: add primordials.SafeArrayIterator (Antoine du Hamel) #36532
• [e3223edb89] - lib: harden lint checks for globals (Antoine du Hamel) #38419
• [d4f96bb926] - lib: enforce using primordials.globalThis instead of global (Antoine du Hamel) #38230
• [ea9003a559] - lib: add globalThis to primordials (Antoine du Hamel) #38211
• [097a7874d3] - lib: remove semicolon in preparation for babel/eslint-parser update (Rich Trott) #39094
• [199fe32cbc] - lib: make internal/options lazy (Joyee Cheung) #38993
• [2bc2a232af] - lib: add JSDoc typings for child_process (Voltrex) #38222
• [b0a1984d4d] - lib: fix typos (bl-ue) #38846
• [6c061d5f2c] - meta: update label-pr-config (Michaël Zasso) #38950
• [afb61786b9] - module: fix legacy node specifier resolution to resolve "main" field (Antoine du Hamel) #38979
• [cd3305a9e4] - node-api: avoid SecondPassCallback crash (Michael Dawson) #38899
• [e7f266e93d] - src: use SPrintF in ProcessEmitWarning (Darshan Sen) #38758
• [43fe6c1d27] - src: cleanup uv_fs_t regardless of success or not (legendecas) #38996
• [dcfb182546] - src: refactor to use locale functions (Darshan Sen) #39014
• [bee477b000] - src: throw error in LoadBuiltinModuleSource when reading fails (Joyee Cheung) #38904
• [ff7cc8f9ef] - src: add not-weak DCHECK to PersistentToLocal::Strong (Anna Henningsen) #38875
• [981217e48a] - src: replace autos in node_api.cc (Khaidi Chu) #38852
• [73e199d963] - src: fix typos (bl-ue) #38845
• [2d32031724] - src: use HandleScope in StreamReq::Done() (Darshan Sen) #38720
• [2c11d3ec0a] - src: remove commented code in node_file.cc (Juan José Arboleda) #38693
• [846a138f54] - src: write named pipe info in diagnostic report (legendecas) #38637
• [7d82200861] - src: replace autos in node_contextify.cc (Khaidi Chu) #38644
• [51da7d2048] - src,url: separate some tables out of node_url.cc (Khaidi Chu) #38988
• [45c2ea3b72] - test: add NumberFormat resolvedOptions test (Richard Lau) #39401
• [6b2fea38d1] - test: move inspector-cli tests to sequential (Rich Trott) #39079
• [6447cab7be] - test: improve buffer coverage (Rongjian Zhang) #38538
• [6f1862eab3] - test: fix name of variable in inspector-cli test (Tobias Nießen) #38869
• [40093504bc] - test: fix typo (Houssem Chebab) #39045
• [ab28f9b9a1] - test: remove obsolete TLS test (Rich Trott) #39001
• [b3b59953fe] - test: improve coverage of lib/events.js (Rongjian Zhang) #38582
• [c99a09f05f] - test: http outgoing _headers setter null (ycjcl868) #38881
• [660a97b1d5] - test: suppress warning in test_environment.cc (Daniel Bevenius) #38868
• [0cca16ac4c] - test: improve coverage of fs internal utils (Rongjian Zhang) #38746
• [fecad40f27] - test: fix writefile with fd (Nitzan Uziely) #38820
• [01f00faaa8] - test: simplify test-path-resolve.js (himself65) #38671
• [504bfd7a88] - test: improve coverage for question in readline (Qingyu Deng) #38799
• [eb91932e77] - test: os, replace custom flatten method with built-in Array.flat (Wael Almattar) #38770
• [aeea252b96] - test: improve coverage of lib/_http_outgoing.js (Rongjian Zhang) #38734
• [e265d8ee1b] - test: give js-native-api tests consistent names (Gabriel Schulhof) #38692
• [99fd8bfc6a] - test: fix flaky inspector-cli tests when breakpionts are restored (Rich Trott) #38431
• [4d3a1fad28] - test: extend timeout on debugger tests for slower machines (Rich Trott) #38161
• [dd2642b5db] - test: fix comment typo (Rich Trott) #38161
• [193ea8fd91] - test: fix test-inspector-cli-address (Rich Trott) #38161
• [a62826bbe6] - test,debugger: migrate node-inspect tests to core (Rich Trott) #38161
• [ab45ace9bd] - tools: update babel-eslint-parser to 7.14.5 (Rich Trott) #39094
• [b8e63b3c08] - tools: update ESLint to 7.29.0 (Rich Trott) #39083
• [54a250e79c] - tools: update doctool dependencies, migrate to ESM (Michaël Zasso) #38966
• [443db64eed] - tools: avoid crashing CQ when git push fails (Antoine du Hamel) #36861
• [547f88b149] - tools: fix typo in commit-queue.sh (bl-ue) #39000
• [1023433a81] - tools: update ESLint to 7.28.0 (Luigi Pinca) #38955
• [9b4ae8fbb0] - tools: bump remark-preset-lint-node to 2.3.0 (Rich Trott) #38910
• [2ad0719e86] - tools: refloat 7 Node.js patches to cpplint.py (Rich Trott) #38851
• [b7686d0c1e] - tools: bump cpplint to 1.5.5 (Rich Trott) #38851
• [2ec7c9de57] - tools: remove exception for Node.js 8 and earlier (Rich Trott) #38840
• [1dc71da302] - tools: update setup-node to setup-node@v2 (pengjie) #38825
• [fc219d862c] - tools: remove node-inspect from license (Rich Trott) #38161
• [4bb0bd0f0e] - tools,doc: forbid CJS globals in ESM code snippets (Antoine du Hamel) #38889
• [58154ce426] - typings: add JSDoc typings for https (Voltrex) #38589
• [6ea1368a67] - typings: add JSDoc typings for events (Voltrex) #38712
• [b6942a6138] - url,src: simplify ipv6 logic by using uv_inet_pton (Khaidi Chu) #38842
• [dd00547ada] - vm: use missing validator (Voltrex) #38935
• [2c28e00685] - worker: do not look up context twice in PostMessage (Anna Henningsen) #38784

Windows 32-bit Installer: https://nodejs.org/dist/v14.17.4/node-v14.17.4-x86.msi

Windows 64-bit Installer: https://nodejs.org/dist/v14.17.4/node-v14.17.4-x64.msi

Windows 32-bit Binary: https://nodejs.org/dist/v14.17.4/win-x86/node.exe

Windows 64-bit Binary: https://nodejs.org/dist/v14.17.4/win-x64/node.exe

macOS 64-bit Installer: https://nodejs.org/dist/v14.17.4/node-v14.17.4.pkg

macOS Intel 64-bit Binary: https://nodejs.org/dist/v14.17.4/node-v14.17.4-darwin-x64.tar.gz

Linux 64-bit Binary: https://nodejs.org/dist/v14.17.4/node-v14.17.4-linux-x64.tar.xz

Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v14.17.4/node-v14.17.4-linux-ppc64le.tar.xz

Linux s390x 64-bit Binary: https://nodejs.org/dist/v14.17.4/node-v14.17.4-linux-s390x.tar.xz

AIX 64-bit Binary: https://nodejs.org/dist/v14.17.4/node-v14.17.4-aix-ppc64.tar.gz

ARMv7 32-bit Binary: https://nodejs.org/dist/v14.17.4/node-v14.17.4-linux-armv7l.tar.xz

ARMv8 64-bit Binary: https://nodejs.org/dist/v14.17.4/node-v14.17.4-linux-arm64.tar.xz

Source Code: https://nodejs.org/dist/v14.17.4/node-v14.17.4.tar.gz

Other release files: https://nodejs.org/dist/v14.17.4/

Documentation: https://nodejs.org/docs/v14.17.4/api/

SHASUMS

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

58e4ca29b0585ebeb1dbf5a701d9959dda219b5bdf6d8363213f51a779d395da  node-v14.17.4-aix-ppc64.tar.gz
5c055a295e030cb789e2925b4c0647f7aaf461ffe5f2a08145c0605fb83ad4e0  node-v14.17.4-darwin-x64.tar.gz
f86bb831a371b3720e4d0037e4e77ffa427afdbd14e96d9fd16202fbbd84ce7d  node-v14.17.4-darwin-x64.tar.xz
24fa6a3925027980e32cfa2555d1cc9eca989db6c0890fe1e12e1c9f9ef4baa7  node-v14.17.4-headers.tar.gz
9515893f1f6b844b179120d95e34ee2edbd47741291456ab69913184bdb9368c  node-v14.17.4-headers.tar.xz
88b130c8f08a2baafb4e4c953ad46ba69cc60210da7d95c558c7ae3456beb825  node-v14.17.4-linux-arm64.tar.gz
4c42f31e7b52980e6bb930a7c2872e6e29533828c40623ba39e1c847e9ee6c89  node-v14.17.4-linux-arm64.tar.xz
e5452a8786ea018fe9c588ffe05ca4b4b66d6a7cda1f6352bda9bd0d0421e325  node-v14.17.4-linux-armv7l.tar.gz
df65ca9aea52b693b82638077a46218ae555160a20a8a5b0edd15ff0b3438c2b  node-v14.17.4-linux-armv7l.tar.xz
67dc73c42d08b5b365da37354568555e404aa902bf17dfe35f5b3ecbf699700b  node-v14.17.4-linux-ppc64le.tar.gz
255fffa3b2a78b86aa7dce7b65442bb2092d99be74d2f326f1dd66f7a1931b5d  node-v14.17.4-linux-ppc64le.tar.xz
b169c8b3821e3360be90bde075e28bf4632c5d36ce97d8c30b10411abc960ac8  node-v14.17.4-linux-s390x.tar.gz
3e086d99c3e303a05657c04053df9e31e46a7cdf0245b1022ddecd0fc0e14663  node-v14.17.4-linux-s390x.tar.xz
99cc7115a30fe62abf06145d57b314092c9bf27499da85413a12f50140199619  node-v14.17.4-linux-x64.tar.gz
db18c54ebe01974d46198b08729249acbb0dcdc9aea82b53eec913f8c56035c6  node-v14.17.4-linux-x64.tar.xz
aaf06036afcc730971e9048b72ea6c79659a1fcc15d810ed822d33f51c35c848  node-v14.17.4.pkg
70c75f21ac601ae9e0fd86bdfd4e13e4d302f42b4fafcd6d21804b043a571c36  node-v14.17.4.tar.gz
ae7bf4e784f8c8027ffa1e3757f37d2bd5925d0c48988c4d7f07e4515853cf2c  node-v14.17.4.tar.xz
0de71309336bc324bc5155867dc9d8d6337d83c1eed4777141ae83e967b3aca1  node-v14.17.4-win-x64.7z
d82a3ca777b4dccc97aa391eb483325cda731e0ae9b3a5669dbf34bb8defde6e  node-v14.17.4-win-x64.zip
67caaa209d2d938f763f1a9ab08b3e30c06b2f18bf5c5d90b1198d0ddbd35feb  node-v14.17.4-win-x86.7z
6564c13aa47240231eff9c28fdafa479dda3186fbc7e2bbc97bb5b791ccd0419  node-v14.17.4-win-x86.zip
e889da1ee06e576de4f31c3e6e0f12c73cfec495a53db4dd166fd58b0fea9f22  node-v14.17.4-x64.msi
296378f482fed803adfc0dd63870ebdd925adfadd0f2e0e04a3c2ccd2b16999e  node-v14.17.4-x86.msi
dcef8bbee862ffbf498327d2ab0b9e1ccfc412d8e2270cbc0e45b0e6a1cdca86  win-x64/node.exe
859ceb82ba9af9df5831bb67f45427bfb774aae22e7c0ee52623a3196ec0e1eb  win-x64/node.lib
bd9b1ff379588006a22d27b2cfbfa8e9a6291c4eb44ab4ec4819d971e56c0485  win-x64/node_pdb.7z
65ffd6a70fb9164d1a340683462edf64c52dd05f9363d7add276d79bcc92e93f  win-x64/node_pdb.zip
300c4e8ca527361eab0e9128dd15913cf9e4edd0d3b00c3d623ab925d5fa2f91  win-x86/node.exe
1078be47b9315c81aa3bb989c4bba8ee23e0da9e4854a44006decf45d578833e  win-x86/node.lib
e3c8ad2df1de6be3478479ae2f45a88402c423850dda7bf7aab1f76432f4efc9  win-x86/node_pdb.7z
c5a49448e192b41e8f93992055f773f5d3915f1ee908d8b1c596020e84aafe62  win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEyC+jrhy+3Gvka5NgxDzsRcF6uTwFAmEC2xcACgkQxDzsRcF6
uTz1SA/9FMgXqtX3xlVsqkhFSQEtf/PkqcnOxPvQ164R7iVeffzD/9I0mFrAAD/Q
nfVQWol6r6aZ60PzvUw3MsDj1SZgUDxIH0PvnQRjNr98HG4G3JZuDJeEwUe2JyA+
k9jK2TeYZECwKXRVqJ48Ge2A7iYdz9JS64ZTsxXwSiJjOuF5P3jRN4Xp/w9/jGT9
aB3PC/PtbpQ2W7TAGgChRZyDI/YJQsSwQ8ZNw7qSjfKHyTzJAyUO30bBBuivyDP4
GiF5CM4dhkGE0/2+ickCm7A7bDnkrSEQkmtuUkT2aVQsx4nZr3O/Uh9+zZirxm23
8F9oVJPLirwnULUmEVr9ekCkdkli6jak7xgL/4TepupjN7Hm+SxPZ9yB5LJWGSWk
TL8M1MoGo2hAlmXr0WABL9lDJylEmqr2fxuK6Ik8zWs+qUEseIWgiTb1PvN7Tak3
b4ZIlq6aZduv6yZxOCuypUKMk5RPv7awpSSquO8pT4Z6V0ODs/Xsnm8qdy8Mm3AR
qW4b9ocQcrjba8Mmy97jjsLegGuAMtLUwwf8EZIVoQil7Xelp2k+gNo7Rz9VCcno
Di8sSBaKjD9aNiJ06meDiFJ97B5RwLKzU8pEeGY51oKZF5rcpoqKPZU4w1ruM8Q/
1n92BYY1Py3aZTdCrPTBDnEpLIBywpNcneFEFZpgvHX+D/1ujRw=
=Tzuk
-----END PGP SIGNATURE-----