#15488 closed enhancement (fixed)
node.js-14.17.6
| Reported by: | Bruce Dubbs | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | elevated | Milestone: | 11.1 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
New point version.
Change History (6)
comment:1 by , 4 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 4 years ago
comment:3 by , 4 years ago
| Priority: | normal → elevated |
|---|
2021-08-31, Version 14.17.6 'Fermium' (LTS), @MylesBorins
This is a security release.
Notable Changes
These are vulnerabilities in the node-tar, arborist, and npm cli modules which are related to the initial reports and subsequent remediation of node-tar vulnerabilities CVE-2021-32803 and CVE-2021-32804. Subsequent internal security review of node-tar and additional external bounty reports have resulted in another 5 CVE being remediated in core npm CLI dependencies including node-tar, and npm arborist.
You can read more about it in:
CVE-2021-37701
CVE-2021-37712
CVE-2021-37713
CVE-2021-39134
CVE-2021-39135
Commits
[5b3f70bfb5] - deps: update archs files for OpenSSL-1.1.1l (Richard Lau) #39868
[71372625ae] - deps: upgrade openssl sources to 1.1.1l (Richard Lau) #39868
[4276984803] - deps: upgrade npm to 6.14.15 (Darcy Clarke) #39856
comment:4 by , 4 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
For the moment, it looks as if the sed is still needed for building with system c-ares. The issue https://github.com/nodejs/node/pull/39739 was closed because upstream node thought the header from c-ares should be promoted to an interface and made public. That has apparently been done in c-ares https://github.com/c-ares/c-ares/pull/417 but there is not yet any new c-ares release.