diff options
| author | Danielle Adams <adamzdanielle@gmail.com> | 2021-10-11 22:43:42 +0300 |
|---|---|---|
| committer | Danielle Adams <adamzdanielle@gmail.com> | 2021-10-12 18:15:04 +0300 |
| commit | df3b4cc90fd06b479f37384978ad106260ddecd6 (patch) | |
| tree | ab30b72bb582e03cb11466579c733ec84553dbc3 /CHANGELOG.md | |
| parent | 52b613abf4fec09c7fc55a041cc4dc9da8b6d145 (diff) | |
2021-10-12, Version 14.18.1 'Fermium' (LTS)
This is a security release.
Notable Changes:
* CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
* The http parser accepts requests with a space (SP) right after the
header name before the colon. This can lead to HTTP Request Smuggling
(HRS). More details are available at:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959
* CVE-2021-22960: HTTP Request Smuggling when parsing the body (Medium)
* The parse ignores chunk extensions when parsing the body of chunked requests.
requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.
More details are available at:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960
PR-URL: https://github.com/nodejs-private/node-private/pull/294
Diffstat (limited to 'CHANGELOG.md')
| -rw-r--r-- | CHANGELOG.md | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 84a124c0955..701dccea6a0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -52,7 +52,8 @@ release. <a href="doc/changelogs/CHANGELOG_V16.md#16.0.0">16.0.0</a><br/> </td> <td valign="top"> -<b><a href="doc/changelogs/CHANGELOG_V14.md#14.18.0">14.18.0</a></b><br/> +<b><a href="doc/changelogs/CHANGELOG_V14.md#14.18.1">14.18.1</a></b><br/> +<a href="doc/changelogs/CHANGELOG_V14.md#14.18.0">14.18.0</a><br/> <a href="doc/changelogs/CHANGELOG_V14.md#14.17.6">14.17.6</a><br/> <a href="doc/changelogs/CHANGELOG_V14.md#14.17.5">14.17.5</a><br/> <a href="doc/changelogs/CHANGELOG_V14.md#14.17.4">14.17.4</a><br/> |