nodejs · RafaelGSS · Apr 3, 2024 · Apr 3, 2024 · Apr 3, 2024 · Apr 3, 2024
@@ -0,0 +1,97 @@
+---
+date: '2024-04-03T14:27:39.936Z'
+category: release
+title: Node v18.20.1 (LTS)
+layout: blog-post
+author: Rafael Gonzaga
+---
+
+## 2024-04-03, Version 18.20.1 'Hydrogen' (LTS), @RafaelGSS
+
+This is a security release.
+
+### Notable Changes
+
+- CVE-2024-27983 - Assertion failed in node::http2::Http2Session::\~Http2Session() leads to HTTP/2 server crash- (High)
+- CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
+- llhttp version 9.2.1
+- undici version 5.28.4
+
+### Commits
+
+- \[[`60d24938de`](https://github.com/nodejs/node/commit/60d24938de)] - **deps**: update undici to v5.28.4 (Matteo Collina) [nodejs-private/node-private#577](https://github.com/nodejs-private/node-private/pull/577)
+- \[[`5d4d5848cf`](https://github.com/nodejs/node/commit/5d4d5848cf)] - **http**: do not allow OBS fold in headers by default (Paolo Insogna) [nodejs-private/node-private#558](https://github.com/nodejs-private/node-private/pull/558)
+- \[[`0fb816dbcc`](https://github.com/nodejs/node/commit/0fb816dbcc)] - **src**: ensure to close stream when destroying session (Anna Henningsen) [nodejs-private/node-private#561](https://github.com/nodejs-private/node-private/pull/561)
+
+Windows 32-bit Installer: https://nodejs.org/dist/v18.20.1/node-v18.20.1-x86.msi \
+Windows 64-bit Installer: https://nodejs.org/dist/v18.20.1/node-v18.20.1-x64.msi \
+Windows 32-bit Binary: https://nodejs.org/dist/v18.20.1/win-x86/node.exe \
+Windows 64-bit Binary: https://nodejs.org/dist/v18.20.1/win-x64/node.exe \
+macOS 64-bit Installer: https://nodejs.org/dist/v18.20.1/node-v18.20.1.pkg \
+macOS Apple Silicon 64-bit Binary: https://nodejs.org/dist/v18.20.1/node-v18.20.1-darwin-arm64.tar.gz \
+macOS Intel 64-bit Binary: https://nodejs.org/dist/v18.20.1/node-v18.20.1-darwin-x64.tar.gz \
+Linux 64-bit Binary: https://nodejs.org/dist/v18.20.1/node-v18.20.1-linux-x64.tar.xz \
+Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v18.20.1/node-v18.20.1-linux-ppc64le.tar.xz \
+Linux s390x 64-bit Binary: https://nodejs.org/dist/v18.20.1/node-v18.20.1-linux-s390x.tar.xz \
+AIX 64-bit Binary: https://nodejs.org/dist/v18.20.1/node-v18.20.1-aix-ppc64.tar.gz \
+ARMv7 32-bit Binary: https://nodejs.org/dist/v18.20.1/node-v18.20.1-linux-armv7l.tar.xz \
+ARMv8 64-bit Binary: https://nodejs.org/dist/v18.20.1/node-v18.20.1-linux-arm64.tar.xz \
+Source Code: https://nodejs.org/dist/v18.20.1/node-v18.20.1.tar.gz \
+Other release files: https://nodejs.org/dist/v18.20.1/ \
+Documentation: https://nodejs.org/docs/v18.20.1/api/
+
+### SHASUMS
+
+```
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+a1dc083f3795ad304150759ee38d4b9c0ba541ac36629e6a0a2d8ea5f2c09e39  node-v18.20.1-aix-ppc64.tar.gz
+275ffd6e96ea38e0ce0db2a37950381102fc95d1ad863b360ba0889dc7190405  node-v18.20.1-darwin-arm64.tar.gz
+c55de6b8a916eab340b3ca104fbcc9fa345f37c36393c99b84dee0fa20b8924f  node-v18.20.1-darwin-arm64.tar.xz
+87d6c6e5df6c4615ca90b044c75dc112473df4ebd55f6f471740c4e1c9602cbe  node-v18.20.1-darwin-x64.tar.gz
+8d70c5ff18843b0d0a7117f77f5b5933e763c799172ce559427f7c84b9ee9b36  node-v18.20.1-darwin-x64.tar.xz
+af15f373928f572f46014bc37631e7b7e882dd854049bef40c8c27eaabcf565b  node-v18.20.1-headers.tar.gz
+53139e1027485211374378d8e5eedb19e64aa81e93ab3a7135be4527b1a16baf  node-v18.20.1-headers.tar.xz
+52896372b3b151f639be7efa8662d68aaeb065cae2c15d61d14e2b73ada79597  node-v18.20.1-linux-arm64.tar.gz
+613d0ea027fc5c16087d2b69f57d1e07dd1effcd3773910b6594672aee1fd4cd  node-v18.20.1-linux-arm64.tar.xz
+b61392490e84cc6050967bbfc59cfd9ad6e737b6db9ef9d479b0d79c900aef64  node-v18.20.1-linux-armv7l.tar.gz
+29bc1aae2200f59018bd7f3bd8c61afcf3b919177ff481d6404e5ae3a84ccc9b  node-v18.20.1-linux-armv7l.tar.xz
+69e0c2d291c0838f01f157fc4713cc86c803396c6c25524397339946cf31a4cb  node-v18.20.1-linux-ppc64le.tar.gz
+65a26b6dcb70c31ac47fbfc5688e62254962797289eed58365d40e2f54fb51d3  node-v18.20.1-linux-ppc64le.tar.xz
+39793752b0ef9abe39ff942bbd3e442d71990f0592b3b0805252adb1b9c78e21  node-v18.20.1-linux-s390x.tar.gz
+0eec4f8ab556ac78b68d74b5c24bbc79e9daa4ba53ca7faa20ab4ee6b87fcc7b  node-v18.20.1-linux-s390x.tar.xz
+d226c39c5546dca97567db8f8ca7f92fca6572d44f181b1f85af83eee5d6f9e1  node-v18.20.1-linux-x64.tar.gz
+1d08285abd9fad971af5c73d13e8f2a6ae9f2906ee036095dad7d5c286642a4e  node-v18.20.1-linux-x64.tar.xz
+8a221a68978ab630a12e6ff5bf03a0f0fae521147210d2c36ba7450d387a237e  node-v18.20.1-win-x64.7z
+5af456705d267507cd4be0572d787f85a42fa239e1a9dc5458d02a9ee76d223c  node-v18.20.1-win-x64.zip
+7937811a1ddec32428dc4d05a0d62d5c81dcb61426a56bfe34e66681e3cc230d  node-v18.20.1-win-x86.7z
+6dfc810fdb4511ab32c1da4faa934c6bae9c2bc305734efe58761398ac68f5f3  node-v18.20.1-win-x86.zip
+6191ea9f02bd1087a90efce0f7118f0db33c66aee010463551602074f1cdcdad  node-v18.20.1-x64.msi
+5587c3603752b1b406935118d8a923327a71da93d082d6e566c650be4d4e629c  node-v18.20.1-x86.msi
+675c340469f6f71bbcc77f4c18bb480ecdab9c953059f571ef6f7794cd09d6e8  node-v18.20.1.pkg
+7fb430d0b1256c22f26dd321070182ab943005bdb7b738facc6d9a82b1e04ed7  node-v18.20.1.tar.gz
+c6d867a9f25e6354810effb8201f8147a15b28000e50790fda00d1ca15f49b8a  node-v18.20.1.tar.xz
+8d36d351b7bc1e21a3f196cc12f3c1dc3ebd54bc8b8b678f254c6589faa8799f  win-x64/node.exe
+64d93225aaece04e3cd45177d6dea2b22df49e127281fefa3ade43ac46a36cc6  win-x64/node.lib
+99765d9956720edfe1cd7429fd04e2bdf0cf2bc8fb419d58a69dd8fd4a0de608  win-x64/node_pdb.7z
+a84fffe06ab69f15b9b32bed9aac330e45e2b10129ce38d0bbd00f917511af15  win-x64/node_pdb.zip
+c286ee6d2188037e33a643f112553a1c20bb7ba74428a180d7cdeec2975f8fc6  win-x86/node.exe
+df34047e8ae646e6f43d76ecbec9709a185f29e01f49b377c4c46070cacc2859  win-x86/node.lib
+76612ed31fcff457141de2eafcf3d4e4ca7f6e080c4068f0f9b9ac25248c23b7  win-x86/node_pdb.7z
+c02dcf9dba6277c9f1edb9dbf325c076af9e1846ca2c465638021f8e4314bbcf  win-x86/node_pdb.zip
+-----BEGIN PGP SIGNATURE-----
+
+iQGzBAEBCAAdFiEEiQwI24V5Fi/uDfnbi+q0389VXvQFAmYNYkAACgkQi+q0389V
+XvQ9iwv+KA3oor0FgQlo9TOa9i7af1ToNqsuwUwiCNH/vaRc+Mwau9cjX9FPCrqZ
+bNoDX0rZ/xCdVt7AwFh5c556iMrywk835sujk1ixI0vPQrgjj1aXjQBLlIiR7drq
+GUMTjR5qB7JD1iaKpOtfaOiAYbAzkH5uc0eIMKv70xhf7AIbd7exYNvCOB93T3Mo
+Dfkm3xD/CZ9eARRSRCco4jgOko4fdPdaRsRFC9QJ0/dwaM0YirDUk8kR08I+MDvm
+MF9m/QKzntScGnUagfsXGSPg4HoQCw01YvMZ5LTwlfwWI1oIfYddJGfUwlizMhLi
+RdVCaSyL4wyfrMEa78if8rT4wp95HoV/TpjtEngZ+S0ZxHDa80Sbo8GxXVYCWnvx
+pDXDih0hLmSc2OBcys9s9oP5ni8gwpH+gXHfr+KPRZxwYYAWHD4BFWSBE62QalUD
+qqN28ffuLTC+TC6rUbt6i/NlHZCkMJB6+Ju+P4pdu9cmy4s/ofKeja0tLIvEa/vj
+n9up2jbC
+=zFXW
+-----END PGP SIGNATURE-----
+```
@@ -0,0 +1,106 @@
+---
+date: '2024-04-03T14:16:00.934Z'
+category: release
+title: Node v20.12.1 (LTS)
+layout: blog-post
+author: Rafael Gonzaga
+---
+
+## 2024-04-03, Version 20.12.1 'Iron' (LTS), @RafaelGSS
+
+This is a security release
+
+### Notable Changes
+
+- CVE-2024-27983 - Assertion failed in node::http2::Http2Session::\~Http2Session() leads to HTTP/2 server crash- (High)
+- CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
+- llhttp version 9.2.1
+- undici version 5.28.4
+
+### Commits
+
+- \[[`bd8f10a257`](https://github.com/nodejs/node/commit/bd8f10a257)] - **deps**: update undici to v5.28.4 (Matteo Collina) [nodejs-private/node-private#576](https://github.com/nodejs-private/node-private/pull/576)
+- \[[`5e34540a96`](https://github.com/nodejs/node/commit/5e34540a96)] - **http**: do not allow OBS fold in headers by default (Paolo Insogna) [nodejs-private/node-private#557](https://github.com/nodejs-private/node-private/pull/557)
+- \[[`ba1ae6d188`](https://github.com/nodejs/node/commit/ba1ae6d188)] - **src**: ensure to close stream when destroying session (Anna Henningsen) [nodejs-private/node-private#561](https://github.com/nodejs-private/node-private/pull/561)
+
+Windows 32-bit Installer: https://nodejs.org/dist/v20.12.1/node-v20.12.1-x86.msi \
+Windows 64-bit Installer: https://nodejs.org/dist/v20.12.1/node-v20.12.1-x64.msi \
+Windows ARM 64-bit Installer: https://nodejs.org/dist/v20.12.1/node-v20.12.1-arm64.msi \
+Windows 32-bit Binary: https://nodejs.org/dist/v20.12.1/win-x86/node.exe \
+Windows 64-bit Binary: https://nodejs.org/dist/v20.12.1/win-x64/node.exe \
+Windows ARM 64-bit Binary: https://nodejs.org/dist/v20.12.1/win-arm64/node.exe \
+macOS 64-bit Installer: https://nodejs.org/dist/v20.12.1/node-v20.12.1.pkg \
+macOS Apple Silicon 64-bit Binary: https://nodejs.org/dist/v20.12.1/node-v20.12.1-darwin-arm64.tar.gz \
+macOS Intel 64-bit Binary: https://nodejs.org/dist/v20.12.1/node-v20.12.1-darwin-x64.tar.gz \
+Linux 64-bit Binary: https://nodejs.org/dist/v20.12.1/node-v20.12.1-linux-x64.tar.xz \
+Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v20.12.1/node-v20.12.1-linux-ppc64le.tar.xz \
+Linux s390x 64-bit Binary: https://nodejs.org/dist/v20.12.1/node-v20.12.1-linux-s390x.tar.xz \
+AIX 64-bit Binary: https://nodejs.org/dist/v20.12.1/node-v20.12.1-aix-ppc64.tar.gz \
+ARMv7 32-bit Binary: https://nodejs.org/dist/v20.12.1/node-v20.12.1-linux-armv7l.tar.xz \
+ARMv8 64-bit Binary: https://nodejs.org/dist/v20.12.1/node-v20.12.1-linux-arm64.tar.xz \
+Source Code: https://nodejs.org/dist/v20.12.1/node-v20.12.1.tar.gz \
+Other release files: https://nodejs.org/dist/v20.12.1/ \
+Documentation: https://nodejs.org/docs/v20.12.1/api/
+
+### SHASUMS
+
+```
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+2a75c3cc9ed139b2ee82be709a04c171ed2d96d962082d4ab5fbf7f486846f4f  node-v20.12.1-aix-ppc64.tar.gz
+70f9921efbebd58dbcc77ee40d1e64fb6d27bb48a5befdcad9ad172287315df4  node-v20.12.1-arm64.msi
+65df8cb0724e3a58c7757b75a70cc1057e1f67ffc5e852bfe6241de0b37c70a0  node-v20.12.1-darwin-arm64.tar.gz
+f8a9a78dd9130db80844132bcef6045ceaa51166fc8f4223a97d82a99b87a946  node-v20.12.1-darwin-arm64.tar.xz
+f5dc3c71c87c58c9b019d9f85302db3a6a6c47167c5a0480b697f153d02ac316  node-v20.12.1-darwin-x64.tar.gz
+7ca444b4f05c588f27eb96e960dd07de98c18e20aaad2c05ef6cf2cee2f2a71a  node-v20.12.1-darwin-x64.tar.xz
+170844da1e1e2c853ae8e998734ce2a4d888d922aa575975d279104b81455f46  node-v20.12.1-headers.tar.gz
+172cbe26f23b4f7d28dc4cdc1e05fa8c9586bc0be113a599be770f723b13e556  node-v20.12.1-headers.tar.xz
+6eb199eaa4f83a729242c69792a126cb58ca6a60d791dffd9cedb4cfd32b96c0  node-v20.12.1-linux-arm64.tar.gz
+cce8245b22953495efa105bf37621cfee0b62d76e330bd7899a0e702676a884b  node-v20.12.1-linux-arm64.tar.xz
+d4058aee344df896215eabbf367bbc9bf6504531e75016081565416c6e335e2a  node-v20.12.1-linux-armv7l.tar.gz
+01a98fbebd2e31a1de4aa174215765f4d906a920ec4120becbb4b572e1b379a5  node-v20.12.1-linux-armv7l.tar.xz
+f79c53a39c559e35da24e67a9ca85557bc54a0560a34bea67c4610ac7007ac0c  node-v20.12.1-linux-ppc64le.tar.gz
+31e4ad7a8696bb2b8cc0169db1657149a19a759e70cd9997d1aeed2d7e825cc4  node-v20.12.1-linux-ppc64le.tar.xz
+2cc1c25374995aed79194a50166927dcb2b10473683407a173119d45c42de419  node-v20.12.1-linux-s390x.tar.gz
+8bf2fe299750f4591cd3b96f83fa591894550fcce7601b2c682c87f73b1a94ce  node-v20.12.1-linux-s390x.tar.xz
+da2f590a39717792dcf8c4bf6b9e4b269601e6ce3a3f150a3c4b379f7eea6d83  node-v20.12.1-linux-x64.tar.gz
+042844eeea4e19fa46687cc028dd5e323602d81784a9da8386c24463e3984e11  node-v20.12.1-linux-x64.tar.xz
+17efd39f30e46b82ce94061ccee058fce3e1c3f1e5538a3f30463c52e5ab82e8  node-v20.12.1-win-arm64.7z
+70a8d7a444ffd87f2d06477ccb20c58d8791caaf7be4a1eddf5a9578c81b8028  node-v20.12.1-win-arm64.zip
+2628e9698f3bdada3fd36096fba0433fbd8f85832350bd5d2537f8f0ac50320f  node-v20.12.1-win-x64.7z
+629e2619ef88c5a8ce9944201f00ca3124f079c43ceef7ab0826c6fd19e09d75  node-v20.12.1-win-x64.zip
+552c6fec6a0b28e9c49ad8574e4e67c35d9cfa718a3f940552e594e948caa6d9  node-v20.12.1-win-x86.7z
+5883ad36b8607801cdb4d5aa6b6c0683df782daecda3ad761204916fbcea860c  node-v20.12.1-win-x86.zip
+d0a6cfef17f54ceb4cff874cae03725259c2ac62999a97add026bb0e65271065  node-v20.12.1-x64.msi
+8cfaf9c5ca56b469ad8a7d9e2119cbfdc086168651b2355946c6b6beac529be9  node-v20.12.1-x86.msi
+b1f762be19806ab5070e0df75f585da48238edc1dcf86c57d09a3e16db270fac  node-v20.12.1.pkg
+b9bef0314e12773ef004368ee56a2db509a948d4170b9efb07441bac1f1407a0  node-v20.12.1.tar.gz
+6840d490ba4d1d51655e0fbe1209956a15db405510d7ea166bad98a8c9d37a4e  node-v20.12.1.tar.xz
+73d58b74b79875417f20c73b0d64087d4e1cf817cd718959dafec76340b36616  win-arm64/node.exe
+e780ac993543d4705ba5bffa79a53854fcb5e77b6845464074ca590dab194539  win-arm64/node.lib
+d20319df9c67ffbed2866cd41f86b94570368f1e62fcd7cc6aaf813bd978a00a  win-arm64/node_pdb.7z
+6da9206f3cba1f6ff0551f1ce61ab9832d11f151d97ee1870fd17e0c09b8edf8  win-arm64/node_pdb.zip
+ea392e1b5503f2294c24f2ff17a01471faab98c3ec67d75df5754bb6ee0a7b71  win-x64/node.exe
+c6e9da74f78f98a465edfb8b51c84c9d33a047a71c4624a854b2af2b4e6a0d50  win-x64/node.lib
+0966f51fc43f851ddd1a8581480be83c730abf7ade1a7744c702fcfcff965759  win-x64/node_pdb.7z
+f8f78377ce2cc73f84dae58955caaa876b39a1a1c36bde48edad7469165bd205  win-x64/node_pdb.zip
+a59bacb81d7440f0b4897d0cb86637a485876be98e6b2be7a476736e81364ce7  win-x86/node.exe
+08399fc4d42a0ce0bad33dd9a9bcc9c845bfb0d5d1393e8c330b5a243411d8a9  win-x86/node.lib
+66d0e23c21410cd35a1cd61ac4ada5fa3d8f3dd38a2de53c337b689ba71a23c6  win-x86/node_pdb.7z
+47c9d17824c96cc51585d5f693be97ba4f9d674ab86548f1af78143fc862b008  win-x86/node_pdb.zip
+-----BEGIN PGP SIGNATURE-----
+
+iQGzBAEBCAAdFiEEiQwI24V5Fi/uDfnbi+q0389VXvQFAmYNYskACgkQi+q0389V
+XvToAAwApB+3C/H9VywVFwQbxYq/KIvjvtqBfFMPd7at0z8KU6q/ffsql5v1XaML
+ZQwX9H7NpQPGX9S4oJtDnI7cDf6ZQJDCMDAOMO1lzSlfWPZFOTBlZkV26PHGjgaN
+LsqMJ5mXrAYsU6pmCuf00BZfcmb6BmK576Jw6xrIg96oIidsDXjtaKnRZ7u41wm0
+uPXVgLQEc6xJanwvpTlVnCotDE0DAq5NkImT8MabyarAbqYcJoCEQI9O4qJbruk2
+6zBhznWENLVrpvo599V3Seb1iYaLlxMP87pCiqAX7ydKPS8+6rKqERCLpp6Z1ZbT
+Xft5Ic252QnWlIl0YZ8eNLG3r467nAnKzb1gmun1gGYMEaJ/sB60UDk3jlJ82PeI
+rDq9Y2n2UbMwnHpoXsdEghH5cmjPavqT/mYE10qhy7OFQGHOzzN9YWeubQvTfal3
+axX3sHUwcTWQkVFbIvRi5NdDwJrNH7bRLREBJcd1B84gwAgu6yEETuMOFSSoDNAJ
+V+5SAhlx
+=v6Ae
+-----END PGP SIGNATURE-----
+```