Node.js received new security update

Developers recommend every user to update Node.js as soon as possible
12 July 2017   2680

Lightweight interpreted or JIT-compiled programming language with first-class functions

Developers of Node.js recently released new security update. Update is important and they strongly recommend to upgrade Node.js's ASAP.

All non-updated versions of v4.x through to v8.x inclusive are vulnerable to an issue that can be used by an external hacker. The severity of this vulnerability is high and users of the affected versions should update their Node.js's as soon as possible.

List of non-updated vulnerable versions:

  • Versions 4.x of Node.js
  • Versions 6.x of Node.js 
  • Versions 7.x of Node.js 
  • Versions 8.x of Node.js

 Additionally, developers had provided the list of Node.js-specific security flaws. Among them:

  • Constant Hashtable Seeds (CVE pending)
  • Vulnerabilities in dependencies

According to the official website, updates are now available for all active Node.js release lines, including 7.x line. They include the fix for the high severity vulnerability, one additional lower priority Node.js vulnerability in the 4.x release line, as well as some lower priority fixes for Node.js dependencies across the current release lines.


Node.js v12.0.0 to be Rolled Out

It has giant list of updates, improvements and changes
24 April 2019   111

The release of Node.js 12.0.0, a platform for executing network applications in JavaScript, is available. Node.js 12.0 refers to branches with a long period of support, but this status will be assigned only in October, after stabilization. Updates for LTS branches are issued for 3 years. Support for the last LTS branch of Node.js 10.0 will last until April 2021, and the year before last LTS-branch 8.0 until January 2020. Support for the intermediate branch Node.js 11.0 will be discontinued in June 2019. The lifetime of the LTS branch 6.0 will end on April 30.

These are some of the large list of updates and new staff:

  • V8 engine was updated to version 7.4 with support for asynchronous stack traces, increasing await performance, parsing JavaScript and calls when the actual and declared number of arguments does not match;
  • TLS 1.3 is now supported in the tls module and TLS 1.0 / 1.1 is shutdown by default;
  • Enhancing protection and checks on the size of allocated memory in the Buffer class;

Get more info at official website.