diff options
| author | Danielle Adams <adamzdanielle@gmail.com> | 2021-10-11 22:43:42 +0300 |
|---|---|---|
| committer | Danielle Adams <adamzdanielle@gmail.com> | 2021-10-11 22:43:42 +0300 |
| commit | 657fb9a77ca36f729da484f55899dad7a13759b0 (patch) | |
| tree | a36a0de826000eab7e7608022cf1707ecab1f8a0 /CHANGELOG.md | |
| parent | 9b92ae2499922c0de254544b210ee0e40c9592f8 (diff) | |
2021-10-12, Version 14.18.1 'Fermium' (LTS)v14.18.1
This is a security release.
Notable Changes:
* CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
* The http parser accepts requests with a space (SP) right after the
header name before the colon. This can lead to HTTP Request Smuggling
(HRS). More details are available at:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959
* CVE-2021-22960: HTTP Request Smuggling when parsing the body (Medium)
* The parse ignores chunk extensions when parsing the body of chunked requests.
requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.
More details are available at:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960
PR-URL: https://github.com/nodejs-private/node-private/pull/294
Diffstat (limited to 'CHANGELOG.md')
| -rw-r--r-- | CHANGELOG.md | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index fd40fceec02..f44881a6e14 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -30,7 +30,8 @@ release. </tr> <tr> <td valign="top"> -<b><a href="doc/changelogs/CHANGELOG_V14.md#14.18.0">14.18.0</a></b><br/> +<b><a href="doc/changelogs/CHANGELOG_V14.md#14.18.1">14.18.1</a></b><br/> +<a href="doc/changelogs/CHANGELOG_V14.md#14.18.0">14.18.0</a><br/> <a href="doc/changelogs/CHANGELOG_V14.md#14.17.6">14.17.6</a><br/> <a href="doc/changelogs/CHANGELOG_V14.md#14.17.5">14.17.5</a><br/> <a href="doc/changelogs/CHANGELOG_V14.md#14.17.4">14.17.4</a><br/> |