2021-01-04, Version 12.20.1 'Erbium' (LTS)v12.20.1

Notable changes:

This is a security release.

Vulnerabilities fixed:

- CVE-2020-8265: use-after-free in TLSWrap (High)
Affected Node.js versions are vulnerable to a use-after-free bug in
its TLS implementation. When writing to a TLS enabled socket,
node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly
allocated WriteWrap object as first argument. If the DoWrite method
does not return an error, this object is passed back to the caller
as part of a StreamWriteResult structure. This may be exploited to
corrupt memory leading to a Denial of Service or potentially other
exploits
- CVE-2020-8287: HTTP Request Smuggling in nodejs
Affected versions of Node.js allow two copies of a header field in
a http request. For example, two Transfer-Encoding header fields.
In this case Node.js identifies the first header field and ignores
the second. This can lead to HTTP Request Smuggling
(https://cwe.mitre.org/data/definitions/444.html).
- CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js.
You can read more about it in
https://www.openssl.org/news/secadv/20201208.txt

PR-URL: https://github.com/nodejs-private/node-private/pull/240

1 files changed, 1 insertions, 1 deletions

diff --git a/src/node_version.h b/src/node_version.h
index b24a8613d6e..82d2c624e93 100644
--- a/src/node_version.h
+++ b/src/node_version.h
@@ -29,7 +29,7 @@
 #define NODE_VERSION_IS_LTS 1
 #define NODE_VERSION_LTS_CODENAME "Erbium"
 
-#define NODE_VERSION_IS_RELEASE 0
+#define NODE_VERSION_IS_RELEASE 1
 
 #ifndef NODE_STRINGIFY
 #define NODE_STRINGIFY(n) NODE_STRINGIFY_HELPER(n)