diff options
| author | Myles Borins <mylesborins@github.com> | 2021-08-28 18:20:38 +0300 |
|---|---|---|
| committer | Myles Borins <mylesborins@github.com> | 2021-08-30 19:17:32 +0300 |
| commit | 4673ee11a377dcbc7228b6a3992467eca1b43654 (patch) | |
| tree | 13679c62f043b17e9fa6636619fcbdbf5e42e81e | |
| parent | 5b3f70bfb5885d1ec61f6e46b5b04abf297722c0 (diff) | |
2021-08-31, Version 14.17.6 'Fermium' (LTS)v14.17.6
This is a security release.
Notable changes:
These are vulnerabilities in the node-tar, arborist, and npm cli modules which
are related to the initial reports and subsequent remediation of node-tar
vulnerabilities CVE-2021-32803 (https://github.com/advisories/GHSA-r628-mhmh-qjhw)
and CVE-2021-32804 (https://github.com/advisories/GHSA-3jfq-g458-7qm9).
Subsequent internal security review of node-tar and additional external bounty
reports have resulted in another 5 CVE being remediated in core npm CLI
dependencies including node-tar, and npm arborist.
You can read more about it in:
* CVE-2021-37701: https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc
* CVE-2021-37712: https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p
* CVE-2021-37713: https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh
* CVE-2021-39134: https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc
* CVE-2021-39135: https://github.com/npm/arborist/security/advisories/GHSA-gmw6-94gg-2rc2
PR-URL: https://github.com/nodejs-private/node-private/pull/287
| -rw-r--r-- | CHANGELOG.md | 3 | ||||
| -rw-r--r-- | doc/changelogs/CHANGELOG_V14.md | 30 | ||||
| -rw-r--r-- | src/node_version.h | 2 |
3 files changed, 33 insertions, 2 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 41820cb64ee..eaeb829e8e7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -30,7 +30,8 @@ release. </tr> <tr> <td valign="top"> -<b><a href="doc/changelogs/CHANGELOG_V14.md#14.17.5">14.17.5</a></b><br/> +<b><a href="doc/changelogs/CHANGELOG_V14.md#14.17.6">14.17.6</a></b><br/> +<a href="doc/changelogs/CHANGELOG_V14.md#14.17.5">14.17.5</a><br/> <a href="doc/changelogs/CHANGELOG_V14.md#14.17.4">14.17.4</a><br/> <a href="doc/changelogs/CHANGELOG_V14.md#14.17.3">14.17.3</a><br/> <a href="doc/changelogs/CHANGELOG_V14.md#14.17.2">14.17.2</a><br/> diff --git a/doc/changelogs/CHANGELOG_V14.md b/doc/changelogs/CHANGELOG_V14.md index 978040879d5..8489ebcc140 100644 --- a/doc/changelogs/CHANGELOG_V14.md +++ b/doc/changelogs/CHANGELOG_V14.md @@ -11,6 +11,7 @@ </tr> <tr> <td valign="top"> +<a href="#14.17.6">14.17.6</a><br/> <a href="#14.17.5">14.17.5</a><br/> <a href="#14.17.4">14.17.4</a><br/> <a href="#14.17.3">14.17.3</a><br/> @@ -64,6 +65,35 @@ * [io.js](CHANGELOG_IOJS.md) * [Archive](CHANGELOG_ARCHIVE.md) +<a id="14.17.6"></a> +## 2021-08-31, Version 14.17.6 'Fermium' (LTS), @MylesBorins + +This is a security release. + +### Notable Changes + +These are vulnerabilities in the node-tar, arborist, and npm cli modules which +are related to the initial reports and subsequent remediation of node-tar +vulnerabilities [CVE-2021-32803](https://github.com/advisories/GHSA-r628-mhmh-qjhw) +and [CVE-2021-32804](https://github.com/advisories/GHSA-3jfq-g458-7qm9). +Subsequent internal security review of node-tar and additional external bounty +reports have resulted in another 5 CVE being remediated in core npm CLI +dependencies including node-tar, and npm arborist. + +You can read more about it in: + +* [CVE-2021-37701](https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc) +* [CVE-2021-37712](https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p) +* [CVE-2021-37713](https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh) +* [CVE-2021-39134](https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc) +* [CVE-2021-39135](https://github.com/npm/arborist/security/advisories/GHSA-gmw6-94gg-2rc2) + +### Commits + +* [[`5b3f70bfb5`](https://github.com/nodejs/node/commit/5b3f70bfb5)] - **deps**: update archs files for OpenSSL-1.1.1l (Richard Lau) [#39868](https://github.com/nodejs/node/pull/39868) +* [[`71372625ae`](https://github.com/nodejs/node/commit/71372625ae)] - **deps**: upgrade openssl sources to 1.1.1l (Richard Lau) [#39868](https://github.com/nodejs/node/pull/39868) +* [[`4276984803`](https://github.com/nodejs/node/commit/4276984803)] - **deps**: upgrade npm to 6.14.15 (Darcy Clarke) [#39856](https://github.com/nodejs/node/pull/39856) + <a id="14.17.5"></a> ## 2021-08-11, Version 14.17.5 'Fermium' (LTS), @BethGriggs diff --git a/src/node_version.h b/src/node_version.h index 56d37668144..5ed008a978b 100644 --- a/src/node_version.h +++ b/src/node_version.h @@ -29,7 +29,7 @@ #define NODE_VERSION_IS_LTS 1 #define NODE_VERSION_LTS_CODENAME "Fermium" -#define NODE_VERSION_IS_RELEASE 0 +#define NODE_VERSION_IS_RELEASE 1 #ifndef NODE_STRINGIFY #define NODE_STRINGIFY(n) NODE_STRINGIFY_HELPER(n) |