diff --git a/CHANGELOG.md b/CHANGELOG.md index 1b005c47546ed2..83fbc7ed445231 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -35,7 +35,8 @@ release. -20.12.0
+20.12.1
+20.12.0
20.11.1
20.11.0
20.10.0
diff --git a/doc/changelogs/CHANGELOG_V20.md b/doc/changelogs/CHANGELOG_V20.md index 0ac20c6443c866..def8d30ec449f0 100644 --- a/doc/changelogs/CHANGELOG_V20.md +++ b/doc/changelogs/CHANGELOG_V20.md @@ -9,6 +9,7 @@ +20.12.1
20.12.0
20.11.1
20.11.0
@@ -55,6 +56,25 @@ * [io.js](CHANGELOG_IOJS.md) * [Archive](CHANGELOG_ARCHIVE.md) + + +## 2024-04-03, Version 20.12.1 'Iron' (LTS), @RafaelGSS + +This is a security release + +### Notable Changes + +* CVE-2024-27983 - Assertion failed in node::http2::Http2Session::\~Http2Session() leads to HTTP/2 server crash- (High) +* CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium) +* llhttp version 9.2.1 +* undici version 5.28.4 + +### Commits + +* \[[`bd8f10a257`](https://github.com/nodejs/node/commit/bd8f10a257)] - **deps**: update undici to v5.28.4 (Matteo Collina) [nodejs-private/node-private#576](https://github.com/nodejs-private/node-private/pull/576) +* \[[`5e34540a96`](https://github.com/nodejs/node/commit/5e34540a96)] - **http**: do not allow OBS fold in headers by default (Paolo Insogna) [nodejs-private/node-private#557](https://github.com/nodejs-private/node-private/pull/557) +* \[[`ba1ae6d188`](https://github.com/nodejs/node/commit/ba1ae6d188)] - **src**: ensure to close stream when destroying session (Anna Henningsen) [nodejs-private/node-private#561](https://github.com/nodejs-private/node-private/pull/561) + ## 2024-03-26, Version 20.12.0 'Iron' (LTS), @richardlau diff --git a/src/node_version.h b/src/node_version.h index d0f8a8704fba83..23800a76183c00 100644 --- a/src/node_version.h +++ b/src/node_version.h @@ -29,7 +29,7 @@ #define NODE_VERSION_IS_LTS 1 #define NODE_VERSION_LTS_CODENAME "Iron" -#define NODE_VERSION_IS_RELEASE 0 +#define NODE_VERSION_IS_RELEASE 1 #ifndef NODE_STRINGIFY #define NODE_STRINGIFY(n) NODE_STRINGIFY_HELPER(n)