From 97297e91febe3b49b50b22f0bea8ed21189a9e53 Mon Sep 17 00:00:00 2001 From: RafaelGSS Date: Mon, 8 Apr 2024 11:06:03 -0300 Subject: [PATCH] 2024-04-10, Version 21.7.3 (Current) This is a security release. Notable changes: src: * disallow direct .bat and .cmd file spawning (Ben Noordhuis) https://github.com/nodejs-private/node-private/pull/562 PR-URL: https://github.com/nodejs-private/node-private/pull/580 --- CHANGELOG.md | 3 ++- doc/changelogs/CHANGELOG_V21.md | 15 +++++++++++++++ src/node_version.h | 2 +- 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 93ffc180389983..09ee558e84b63b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -36,7 +36,8 @@ release. -21.7.2
+21.7.3
+21.7.2
21.7.1
21.7.0
21.6.2
diff --git a/doc/changelogs/CHANGELOG_V21.md b/doc/changelogs/CHANGELOG_V21.md index 1b58c0404136d8..34bbb4828dd74a 100644 --- a/doc/changelogs/CHANGELOG_V21.md +++ b/doc/changelogs/CHANGELOG_V21.md @@ -8,6 +8,7 @@ +21.7.3
21.7.2
21.7.1
21.7.0
@@ -47,6 +48,20 @@ * [io.js](CHANGELOG_IOJS.md) * [Archive](CHANGELOG_ARCHIVE.md) + + +## 2024-04-10, Version 21.7.3 (Current), @RafaelGSS + +This is a security release. + +### Notable Changes + +* CVE-2024-27980 - Command injection via args parameter of `child_process.spawn` without shell option enabled on Windows + +### Commits + +* \[[`9095c914ed`](https://github.com/nodejs/node/commit/9095c914ed)] - **src**: disallow direct .bat and .cmd file spawning (Ben Noordhuis) [nodejs-private/node-private#562](https://github.com/nodejs-private/node-private/pull/562) + ## 2024-04-03, Version 21.7.2 (Current), @RafaelGSS prepared by @marco-ippolito diff --git a/src/node_version.h b/src/node_version.h index 590f20f97cba0a..ad29217c06add3 100644 --- a/src/node_version.h +++ b/src/node_version.h @@ -29,7 +29,7 @@ #define NODE_VERSION_IS_LTS 0 #define NODE_VERSION_LTS_CODENAME "" -#define NODE_VERSION_IS_RELEASE 0 +#define NODE_VERSION_IS_RELEASE 1 #ifndef NODE_STRINGIFY #define NODE_STRINGIFY(n) NODE_STRINGIFY_HELPER(n)