diff options
author | Richard Lau <rlau@redhat.com> | 2020-12-23 19:08:58 +0300 |
---|---|---|
committer | Richard Lau <rlau@redhat.com> | 2020-12-24 14:31:14 +0300 |
commit | 87ddc7f10c6463bbcdd9dfc79f1e510a584e616e (patch) | |
tree | d75462a26bc1f01c18a08809b24bb4e49c78154a /src/node_version.h | |
parent | 5b00de7d67a1372aa342115ad28edd3f78268bb6 (diff) |
2021-01-04, Version 12.20.1 'Erbium' (LTS)v12.20.1
Notable changes:
This is a security release.
Vulnerabilities fixed:
- CVE-2020-8265: use-after-free in TLSWrap (High)
Affected Node.js versions are vulnerable to a use-after-free bug in
its TLS implementation. When writing to a TLS enabled socket,
node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly
allocated WriteWrap object as first argument. If the DoWrite method
does not return an error, this object is passed back to the caller
as part of a StreamWriteResult structure. This may be exploited to
corrupt memory leading to a Denial of Service or potentially other
exploits
- CVE-2020-8287: HTTP Request Smuggling in nodejs
Affected versions of Node.js allow two copies of a header field in
a http request. For example, two Transfer-Encoding header fields.
In this case Node.js identifies the first header field and ignores
the second. This can lead to HTTP Request Smuggling
(https://cwe.mitre.org/data/definitions/444.html).
- CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js.
You can read more about it in
https://www.openssl.org/news/secadv/20201208.txt
PR-URL: https://github.com/nodejs-private/node-private/pull/240
Diffstat (limited to 'src/node_version.h')
-rw-r--r-- | src/node_version.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/node_version.h b/src/node_version.h index b24a8613d6e..82d2c624e93 100644 --- a/src/node_version.h +++ b/src/node_version.h @@ -29,7 +29,7 @@ #define NODE_VERSION_IS_LTS 1 #define NODE_VERSION_LTS_CODENAME "Erbium" -#define NODE_VERSION_IS_RELEASE 0 +#define NODE_VERSION_IS_RELEASE 1 #ifndef NODE_STRINGIFY #define NODE_STRINGIFY(n) NODE_STRINGIFY_HELPER(n) |