Tuesday February 14 2023 Security Releases

by Michael Dawson,

(Update 14-February-2023) 2 Day delay in security releases

The Node.js project is delaying the planned security releases until Thursday February 16 2023 due to the need for additional testing and validation.

(Update 7-February-2023) Summary

The Node.js project will release new versions of the 14.x, 16.x, 18.x and 19.x releases lines on or shortly after, Tuesday February 14 2023 in order to address:

  • 2 low severity issues.
  • 2 medium severity issues.
  • 1 high severity issues.
  • OpenSSL security updates for which the highest vulnerability severity is high. You can read more about this update in the OpenSSL security advisory.

Impact

The 19.x release line of Node.js is vulnerable to 2 low severity issues, 2 medium severity issues and 1 high severity issue and the OpenSSL vulnerabilities.

The 18.x release line of Node.js is vulnerable to 2 low severity issues, 2 medium severity issues and 1 high severity issue and the OpenSSL vulnerabilities.

The 16.x release line of Node.js is vulnerable to 2 low severity issues, 2 medium severity issues, and 1 high severity issue and the OpenSSL vulnerabilities.

The 14.x release line of Node.js is vulnerable to 1 low severity issue, and 1 high severity issue and the OpenSSL vulnerabilities.

Release timing

Releases will be available on, or shortly after, Tuesday February 14 2023.

Contact and future updates

The current Node.js security policy can be found at https://nodejs.org/en/security/. Please follow the process outlined in https://github.com/nodejs/node/blob/master/SECURITY.md if you wish to report a vulnerability in Node.js.

Subscribe to the low-volume announcement-only nodejs-sec mailing list at https://groups.google.com/forum/#!forum/nodejs-sec to stay up to date on security vulnerabilities and security-related releases of Node.js and the projects maintained in the nodejs GitHub organization.

↑ Scroll to top