Skip to content

Commit

Permalink
blog: April 2021 10/12/14 sec releases (#3791)
Browse files Browse the repository at this point in the history 
Refs: nodejs/node#38082
Refs: nodejs/node#38083
Refs: nodejs/node#38085
  • Loading branch information
@MylesBorins
MylesBorins committed Apr 6, 2021
1 parent 105997f commit b3635c4
Show file tree
Hide file tree
Showing 4 changed files with 310 additions and 1 deletion.
106 changes: 106 additions & 0 deletions locale/en/blog/release/v10.24.1.md
View file
@@ -0,0 +1,106 @@
---
date: 2021-04-06T20:09:17.782Z
version: 10.24.1
category: release
title: Node v10.24.1 (LTS)
slug: node-v10-24-1
layout: blog-post.hbs
author: Myles Borins
---

### Notable Changes

Vulerabilties fixed:

* **CVE-2021-3450**: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High)
* This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
* Impacts:
* All versions of the 15.x, 14.x, 12.x and 10.x releases lines
* **CVE-2021-3449**: OpenSSL - NULL pointer deref in signature_algorithms processing (High)
* This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
* Impacts:
* All versions of the 15.x, 14.x, 12.x and 10.x releases lines
* **CVE-2020-7774**: npm upgrade - Update y18n to fix Prototype-Pollution (High)
* This is a vulnerability in the y18n npm module which may be exploited by prototype pollution. You can read more about it in https://github.com/advisories/GHSA-c4w7-xm78-47vh
* Impacts:
* All versions of the 14.x, 12.x and 10.x releases lines

### Commits

* [[`5e526b96ce`](https://github.com/nodejs/node/commit/5e526b96ce)] - **deps**: upgrade npm to 6.14.12 (Ruy Adorno) [#37918](https://github.com/nodejs/node/pull/37918)
* [[`781cb6df5c`](https://github.com/nodejs/node/commit/781cb6df5c)] - **deps**: update archs files for OpenSSL-1.1.1k (Tobias Nießen) [#37940](https://github.com/nodejs/node/pull/37940)
* [[`5db0a05a90`](https://github.com/nodejs/node/commit/5db0a05a90)] - **deps**: upgrade openssl sources to 1.1.1k (Tobias Nießen) [#37940](https://github.com/nodejs/node/pull/37940)

Windows 32-bit Installer: https://nodejs.org/dist/v10.24.1/node-v10.24.1-x86.msi<br>
Windows 64-bit Installer: https://nodejs.org/dist/v10.24.1/node-v10.24.1-x64.msi<br>
Windows 32-bit Binary: https://nodejs.org/dist/v10.24.1/win-x86/node.exe<br>
Windows 64-bit Binary: https://nodejs.org/dist/v10.24.1/win-x64/node.exe<br>
macOS 64-bit Installer: https://nodejs.org/dist/v10.24.1/node-v10.24.1.pkg<br>
macOS 64-bit Binary: https://nodejs.org/dist/v10.24.1/node-v10.24.1-darwin-x64.tar.gz<br>
Linux 64-bit Binary: https://nodejs.org/dist/v10.24.1/node-v10.24.1-linux-x64.tar.xz<br>
Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v10.24.1/node-v10.24.1-linux-ppc64le.tar.xz<br>
Linux s390x 64-bit Binary: https://nodejs.org/dist/v10.24.1/node-v10.24.1-linux-s390x.tar.xz<br>
AIX 64-bit Binary: https://nodejs.org/dist/v10.24.1/node-v10.24.1-aix-ppc64.tar.gz<br>
SmartOS 64-bit Binary: https://nodejs.org/dist/v10.24.1/node-v10.24.1-sunos-x64.tar.xz<br>
ARMv6 32-bit Binary: https://nodejs.org/dist/v10.24.1/node-v10.24.1-linux-armv6l.tar.xz<br>
ARMv7 32-bit Binary: https://nodejs.org/dist/v10.24.1/node-v10.24.1-linux-armv7l.tar.xz<br>
ARMv8 64-bit Binary: https://nodejs.org/dist/v10.24.1/node-v10.24.1-linux-arm64.tar.xz<br>
Source Code: https://nodejs.org/dist/v10.24.1/node-v10.24.1.tar.gz<br>
Other release files: https://nodejs.org/dist/v10.24.1/<br>
Documentation: https://nodejs.org/docs/v10.24.1/api/

### SHASUMS

```
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
fc9ba4f3ba0be4a4495dd4fc7aa1e608f74a1440264518da760b246417077c3f node-v10.24.1-aix-ppc64.tar.gz
8088968a896e17c21b98187f8083291df9c88d0baa100a6cb9553e53c4fb17f8 node-v10.24.1-darwin-x64.tar.gz
8edae5060c7513de8e764cdbb61daea5ae652b7a3a457d412a7e08c04e5202da node-v10.24.1-darwin-x64.tar.xz
d38ae7bed508836129fac4163f3db5a0df5ea1dd26bf4a66f88146cbe770b788 node-v10.24.1-headers.tar.gz
1149f00ce0cec044e60deb723d1c1e682083c9ec6edc05cd1326f2031412a68e node-v10.24.1-headers.tar.xz
0ae4931d0ea779ecb237c1fc9f4a27271b0054b1efabc783863478913fe6caa6 node-v10.24.1-linux-arm64.tar.gz
b11ce837867e50d1b2bf09da6a85336bedfa257bf92f34712aeb94360c0bcd6e node-v10.24.1-linux-arm64.tar.xz
cf19f1965bca6b4ade9396e31f9490448ded2402713fdfe2d43410da037d9b5c node-v10.24.1-linux-armv6l.tar.gz
01c992bb0ec60552dbe3c96b5333bc0bb0c0eda9077af532c8869f82d49a63c8 node-v10.24.1-linux-armv6l.tar.xz
5b156bbd04adfaad2184b4d1e8324b21b546b40fb46e7105fa39f5ad2f34ddf3 node-v10.24.1-linux-armv7l.tar.gz
0d2c8991598c15f1efe31d6986f50d46016f74876194c257d7d0108c2c9de2da node-v10.24.1-linux-armv7l.tar.xz
8dc58449fe7b0368c417bb6ead8197bf1549e4502b42e62f3e51dce11b37fcd0 node-v10.24.1-linux-ppc64le.tar.gz
e99c2e7115361ab02e320053d2ee3619445349fa02b5082a12560014c0decf6a node-v10.24.1-linux-ppc64le.tar.xz
7ec1bd172b58bc9d7782d2d4428a298167b7297b8f1812a21eb6e4285bbe9ef2 node-v10.24.1-linux-s390x.tar.gz
aff7f704dc27da4bb6c0b8df83d0eeac2cf4c97825be0994fbdc14319da7a29c node-v10.24.1-linux-s390x.tar.xz
7a70083a73719a3c7846533923d5c4e955405c2b4ba1c1abd95ed21ae8b52775 node-v10.24.1-linux-x64.tar.gz
a3b9b97c23bcdc64334be6b02422e9014f040d59dcf604563ffda48003419356 node-v10.24.1-linux-x64.tar.xz
49f4e193b049a401a2f1fd98e3a7471d038418d81a37df2b64e88543f43b08a9 node-v10.24.1.pkg
20f0a296f544b5f5cb4122cb1c2aa080d83f0212c279147df4373d988b466657 node-v10.24.1-sunos-x64.tar.gz
3daf48c796f3edfc67cd25516fe7ff3a2a33c4da449f5c5c29dce98ba5e51834 node-v10.24.1-sunos-x64.tar.xz
95c7cfc4b5ad0b5a62bd553b30840db66f21217fbeb769ab27dac8019a4ebe5d node-v10.24.1.tar.gz
d72fc2c244603b4668da94081dc4d6067d467fdfa026e06a274012f16600480c node-v10.24.1.tar.xz
af98dda863785269a2db1bea8c3931e34d53f495f21d27fe8472154ee9a67cc4 node-v10.24.1-win-x64.7z
ae0af1b5e0c131dd0df1b3e4713c36e5d7f652ab6ca273ce46d39d4df8522bb0 node-v10.24.1-win-x64.zip
746db6e34b0d46695789fed30962f570fb5ee699590627459148d6e639eed55e node-v10.24.1-win-x86.7z
e39380da3a5f859f98b5a07e153e062c7fca852077693f99ad528705f5c0deb5 node-v10.24.1-win-x86.zip
dab263436eeda26c9c4809ba4d93e607dcffb3735b9a1866c77afb242a832dbd node-v10.24.1-x64.msi
dbddbb2e29da2e4c060510d3a466895555f458b5eb090756c9aad52858a9d61b node-v10.24.1-x86.msi
6664cc00232d95f73e050f25b1dd1000b44f63e35f051734c9bee478cd3574c7 win-x64/node.exe
7688ed23318d253aa98ee198f94983e4b563fab188e6fd9dd32955e77111096a win-x64/node.lib
3bff6336aa859467f7710aad3286706306d165041af5ea2daaec3e1fa0fe86c7 win-x64/node_pdb.7z
36d49e29a33ee0fbb229fb2abee8bf093b3ea7fe70e7b31215c38f64900d435e win-x64/node_pdb.zip
6f1cf2bc2b17d51478f9f17db6ae51e1cc4126bc7f5a967a95c5ab5c8d9a26c0 win-x86/node.exe
de1f3445597cbbee2e5eac435651f5dcab049a2d8bd3636877ab5803a87e269e win-x86/node.lib
4d3f9bd319fe33f8a5991712264d3feb0247caa1bc9da2f47f6cb83386baf1bd win-x86/node_pdb.7z
9bd12506802cc20fbaa398c5dcc6ba4a72bffca9cc7cd526f7c69582eb526b53 win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEDv/hvO/ZyE49CYFSkzsB9AtcqUYFAmBsvQIACgkQkzsB9Atc
qUZOjwf/ZZUDOIWnozg+4OQPZZNL66GppgYikwh1rzPoAki9wIsaDWJKO0+zkZkX
H489vQEfnO2tli247xDJtFXoK/Vjbgr/Jh5bIYoMWjqmdEs/oicUsarOlswog4ba
E2xPxlIqShbKweexISuoZVupzQ6hhw/bM3C5OPjy48WjockiqUJVCahLahNKuz9r
ssFqeH1j283xbN5WZ93OGLuFwpgJ+yFRVjuAJI2+G/lNG/XFymVsMQKbJzOCTT5O
sGJ60uzG94o4bgvtdWYZWo0psHJq1Vce8v3EK9SnOf4/zDovqAs/9loshDJsI+5g
NIzEPAM3KwzyexE7LoOZKdI2POGJjg==
=sJuP
-----END PGP SIGNATURE-----
```
103 changes: 103 additions & 0 deletions locale/en/blog/release/v12.22.1.md
View file
@@ -0,0 +1,103 @@
---
date: 2021-04-06T20:09:43.325Z
version: 12.22.1
category: release
title: Node v12.22.1 (LTS)
slug: node-v12-22-1
layout: blog-post.hbs
author: Myles Borins
---

### Notable Changes

Vulnerabilities fixed:

* **CVE-2021-3450**: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High)
* This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
* Impacts:
* All versions of the 15.x, 14.x, 12.x and 10.x releases lines
* **CVE-2021-3449**: OpenSSL - NULL pointer deref in signature_algorithms processing (High)
* This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
* Impacts:
* All versions of the 15.x, 14.x, 12.x and 10.x releases lines
* **CVE-2020-7774**: npm upgrade - Update y18n to fix Prototype-Pollution (High)
* This is a vulnerability in the y18n npm module which may be exploited by prototype pollution. You can read more about it in https://github.com/advisories/GHSA-c4w7-xm78-47vh
* Impacts:
* All versions of the 14.x, 12.x and 10.x releases lines

### Commits

* [[`c947f1a0e1`](https://github.com/nodejs/node/commit/c947f1a0e1)] - **deps**: upgrade npm to 6.14.12 (Ruy Adorno) [#37918](https://github.com/nodejs/node/pull/37918)
* [[`51a753c06f`](https://github.com/nodejs/node/commit/51a753c06f)] - **deps**: update archs files for OpenSSL-1.1.1k (Tobias Nießen) [#37939](https://github.com/nodejs/node/pull/37939)
* [[`c85a519b48`](https://github.com/nodejs/node/commit/c85a519b48)] - **deps**: upgrade openssl sources to 1.1.1k (Tobias Nießen) [#37939](https://github.com/nodejs/node/pull/37939)

Windows 32-bit Installer: https://nodejs.org/dist/v12.22.1/node-v12.22.1-x86.msi<br>
Windows 64-bit Installer: https://nodejs.org/dist/v12.22.1/node-v12.22.1-x64.msi<br>
Windows 32-bit Binary: https://nodejs.org/dist/v12.22.1/win-x86/node.exe<br>
Windows 64-bit Binary: https://nodejs.org/dist/v12.22.1/win-x64/node.exe<br>
macOS 64-bit Installer: https://nodejs.org/dist/v12.22.1/node-v12.22.1.pkg<br>
macOS 64-bit Binary: https://nodejs.org/dist/v12.22.1/node-v12.22.1-darwin-x64.tar.gz<br>
Linux 64-bit Binary: https://nodejs.org/dist/v12.22.1/node-v12.22.1-linux-x64.tar.xz<br>
Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v12.22.1/node-v12.22.1-linux-ppc64le.tar.xz<br>
Linux s390x 64-bit Binary: https://nodejs.org/dist/v12.22.1/node-v12.22.1-linux-s390x.tar.xz<br>
AIX 64-bit Binary: https://nodejs.org/dist/v12.22.1/node-v12.22.1-aix-ppc64.tar.gz<br>
SmartOS 64-bit Binary: https://nodejs.org/dist/v12.22.1/node-v12.22.1-sunos-x64.tar.xz<br>
ARMv7 32-bit Binary: https://nodejs.org/dist/v12.22.1/node-v12.22.1-linux-armv7l.tar.xz<br>
ARMv8 64-bit Binary: https://nodejs.org/dist/v12.22.1/node-v12.22.1-linux-arm64.tar.xz<br>
Source Code: https://nodejs.org/dist/v12.22.1/node-v12.22.1.tar.gz<br>
Other release files: https://nodejs.org/dist/v12.22.1/<br>
Documentation: https://nodejs.org/docs/v12.22.1/api/

### SHASUMS

```
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
696f48b080915eb08e2ae24349a32ce56520483ac982fb51cce4876b82ab1bf5 node-v12.22.1-aix-ppc64.tar.gz
9cbade90e2e89feba674b1841573e6f0329e6ba4bd3ecc1f5e0c5c6785db6dc0 node-v12.22.1-darwin-x64.tar.gz
de5e317580732530961d83b0fb9b2c370d222bd0c5a1b331900e9ddc0fdfe086 node-v12.22.1-darwin-x64.tar.xz
9355a0af101ccba1ae90c3f1f3d71ed821934c875462a76f8b65a6f7ee7293fd node-v12.22.1-headers.tar.gz
f6db5ceaf820a2899712baeccb2a09950ab3bf8d4c0d893d672aeba54c1f4162 node-v12.22.1-headers.tar.xz
917c582b7f7ae5ff8b2d97e05d00598011f9fbfcc4f76952da3ed477405c9c1a node-v12.22.1-linux-arm64.tar.gz
65145e6c2aa047ee5f83aadf9546116a6da70c21a649ed5f24dce412d2c202dc node-v12.22.1-linux-arm64.tar.xz
1bc056e1fef1c83059235d927edea2c1a2eee91ce654f45369a2af95c041e198 node-v12.22.1-linux-armv7l.tar.gz
4ae8e0d3dee7273ed8e07f80b74b05fc16a5562a42c13c9971d595b7ece4de71 node-v12.22.1-linux-armv7l.tar.xz
38d42033a10b535eb0285ccf7b7f2e6511bcb6f383c4620a53071d3b8f929d03 node-v12.22.1-linux-ppc64le.tar.gz
f85a1a9f5476d35aec37d8052330d3d3d8e216276881181b06505758119c2c3b node-v12.22.1-linux-ppc64le.tar.xz
8fbf03069c758ff544110d04713d10136ce1b48a4bf2378ec17e1035a0b6a5f1 node-v12.22.1-linux-s390x.tar.gz
c24dedddedf1a6aaff4ef40c2196f8f3c2cf99702c0be2ce6f77f740919f7dbf node-v12.22.1-linux-s390x.tar.xz
d315c5dea4d96658164cdb257bd8dbb5e44bdd2a7c1d747841f06515f23a0042 node-v12.22.1-linux-x64.tar.gz
8b537282c222ae4a40e019a52f769ca27b6640699bdde1510375e8d72da7d041 node-v12.22.1-linux-x64.tar.xz
5b1b527e3087a2de2529f5079a0b53fcc8a4909830d43156feae6b6d31c7680a node-v12.22.1.pkg
00ac4e9b87eb7c50cfd7a3811e7a160b2d078c6dd063fd57c8d8844310fdbc38 node-v12.22.1-sunos-x64.tar.gz
6ae1f81151092296ec4b26b18c57aefc57b53d8f9fdd94fe60efd8fa68379f2a node-v12.22.1-sunos-x64.tar.xz
6023f1f8f03f9780c75e6eca9d372b8411a83757c0389c51baee1c7242afd702 node-v12.22.1.tar.gz
dd650df7773a6ed3e390320ba51ef33cba6499f0e9397709ea3d1debdcbcb989 node-v12.22.1.tar.xz
465100b7be0835048810978b957667ad193faa68728cfb0e02bffcaafe575795 node-v12.22.1-win-x64.7z
0cf3545c1ff9717bf3196eed6a423d878709ed4560125fdc29b42bd80ee661c3 node-v12.22.1-win-x64.zip
1f3dcf6707e7afeeae767f8146789540518ddb8ad974c56fda6fd2486170e5b9 node-v12.22.1-win-x86.7z
832bd047d3709e4229d1cc95d04391aceb991a5c957b8efd395e01f51832a774 node-v12.22.1-win-x86.zip
02f53b3530a0310b1076db801770803527c63f724b56c22d6a0625c12a03c982 node-v12.22.1-x64.msi
8192400d6fc7083b8bf049613c046923e8c24dd913a18189be9fe77be4c1c8c4 node-v12.22.1-x86.msi
d872b1b906cfc5ecffa69fb0a673ae60d0df772cb3e6646e32273afd4ffe923c win-x64/node.exe
28e5c24831deedbf4fb8a9560f2c4f95205479c589f54a9a53ec346f6a5cf8bf win-x64/node.lib
17cb8ad34c2584b22f9e8f9bf57e4c22fc985154b97af3ef24b7d5d34300642f win-x64/node_pdb.7z
fedcb273459441a94df6575b9df92dc2df360d001cc226a00f85cc9ad8c97874 win-x64/node_pdb.zip
6f02a21ff1218ac70a0d6c14c217e9d1c8a8a9130a1b087f959ba32deb35be70 win-x86/node.exe
8bbcf3b9305b83f54bd80f8ec19d4e237841bde5bfaeb2aec708c36daa6435f6 win-x86/node.lib
a22c1bdd4caebc7e498ea56c74fba08698f508f2e1953ab8c6086488f61af1b2 win-x86/node_pdb.7z
0b91ea5635cf1ec14b587e715578905dabdaa6aec3d6ed522a6b44bbe64c3a95 win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEDv/hvO/ZyE49CYFSkzsB9AtcqUYFAmBsvTAACgkQkzsB9Atc
qUZvLAf+JAApgWIpHzTzH0zgYyIsd4Pb7xX4hghwuEOAciHGFBaHaLOklXjEYpX+
Xq7GsTtmtrB9cpAZGvK5bsF18Kq0NMOI6a2z9nYriO/4MmxJboP6/y48t978/MJi
ZooGZ6jLO1hRKsg6vljrXrMQoCUD4ejNUuDDto50FZHWOBMqdczDBrF9vx6fMlsy
IJALPDzGjxzNMFLitS2gzgv4VI8K1xoDr+bpxVSUQ1IVGIFtxNt3dIyGDGmM6A6M
U3uHPMDlk2u0Q16sD+Iydo1cmDvMnqHrTTXeSSUKjnWv/apg+h8CMgjnyrLZGn7p
efnxlKizKdfEpMiA2FOW3BKbYSd59Q==
=kAxw
-----END PGP SIGNATURE-----
```

0 comments on commit b3635c4

Please sign in to comment.