From 584eb160d7eb7011b2cbe920de91811dc0c6f944 Mon Sep 17 00:00:00 2001 From: Myles Borins Date: Sat, 28 Aug 2021 11:27:57 -0400 Subject: 2021-08-31, Version 12.22.6 'Erbium' (LTS) This is a security release. Notable changes: These are vulnerabilities in the node-tar, arborist, and npm cli modules which are related to the initial reports and subsequent remediation of node-tar vulnerabilities CVE-2021-32803 (https://github.com/advisories/GHSA-r628-mhmh-qjhw) and CVE-2021-32804 (https://github.com/advisories/GHSA-3jfq-g458-7qm9). Subsequent internal security review of node-tar and additional external bounty reports have resulted in another 5 CVE being remediated in core npm CLI dependencies including node-tar, and npm arborist. You can read more about it in: * CVE-2021-37701: https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc * CVE-2021-37712: https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p * CVE-2021-37713: https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh * CVE-2021-39134: https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc * CVE-2021-39135: https://github.com/npm/arborist/security/advisories/GHSA-gmw6-94gg-2rc2 PR-URL: https://github.com/nodejs-private/node-private/pull/288 --- CHANGELOG.md | 3 ++- doc/changelogs/CHANGELOG_V12.md | 30 ++++++++++++++++++++++++++++++ src/node_version.h | 2 +- 3 files changed, 33 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8edfaa7b4da..4c00a9bb635 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -28,7 +28,8 @@ release. -12.22.5
+12.22.6
+12.22.5
12.22.4
12.22.3
12.22.2
diff --git a/doc/changelogs/CHANGELOG_V12.md b/doc/changelogs/CHANGELOG_V12.md index 036cbd58bf6..1eaca3fb5d5 100644 --- a/doc/changelogs/CHANGELOG_V12.md +++ b/doc/changelogs/CHANGELOG_V12.md @@ -11,6 +11,7 @@ +12.22.6
12.22.5
12.22.4
12.22.3
@@ -75,6 +76,35 @@ * [io.js](CHANGELOG_IOJS.md) * [Archive](CHANGELOG_ARCHIVE.md) + +## 2021-08-31, Version 12.22.6 'Erbium' (LTS), @MylesBorins + +This is a security release. + +### Notable Changes + +These are vulnerabilities in the node-tar, arborist, and npm cli modules which +are related to the initial reports and subsequent remediation of node-tar +vulnerabilities [CVE-2021-32803](https://github.com/advisories/GHSA-r628-mhmh-qjhw) +and [CVE-2021-32804](https://github.com/advisories/GHSA-3jfq-g458-7qm9). +Subsequent internal security review of node-tar and additional external bounty +reports have resulted in another 5 CVE being remediated in core npm CLI +dependencies including node-tar, and npm arborist. + +You can read more about it in: + +* [CVE-2021-37701](https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc) +* [CVE-2021-37712](https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p) +* [CVE-2021-37713](https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh) +* [CVE-2021-39134](https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc) +* [CVE-2021-39135](https://github.com/npm/arborist/security/advisories/GHSA-gmw6-94gg-2rc2) + +### Commits + +* [[`a0154b586b`](https://github.com/nodejs/node/commit/a0154b586b)] - **deps**: update archs files for OpenSSL-1.1.1l (Richard Lau) [#39869](https://github.com/nodejs/node/pull/39869) +* [[`7a95637eb7`](https://github.com/nodejs/node/commit/7a95637eb7)] - **deps**: upgrade openssl sources to 1.1.1l (Richard Lau) [#39869](https://github.com/nodejs/node/pull/39869) +* [[`840b0ffff6`](https://github.com/nodejs/node/commit/840b0ffff6)] - **deps**: upgrade npm to 6.14.15 (Darcy Clarke) [#39856](https://github.com/nodejs/node/pull/39856) + ## 2021-08-11, Version 12.22.5 'Erbium' (LTS), @BethGriggs diff --git a/src/node_version.h b/src/node_version.h index 1756519b168..1eb3e8248c5 100644 --- a/src/node_version.h +++ b/src/node_version.h @@ -29,7 +29,7 @@ #define NODE_VERSION_IS_LTS 1 #define NODE_VERSION_LTS_CODENAME "Erbium" -#define NODE_VERSION_IS_RELEASE 0 +#define NODE_VERSION_IS_RELEASE 1 #ifndef NODE_STRINGIFY #define NODE_STRINGIFY(n) NODE_STRINGIFY_HELPER(n) -- cgit v1.2.3