oss-sec mailing list archives
Re: Fwd: Node.js security updates for all active release lines, November 2022
From: Jan Schaumann <jschauma () netmeister org>
Date: Wed, 2 Nov 2022 08:31:47 -0400
"soyjuanarbol () gmail com" <soyjuanarbol () gmail com> wrote:
The Node.js project will release new versions of all supported release lines on or shortly after Thursday, 3rd of November, 2022 For more information see: https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/
Perhaps worth noting: I believe NodeJS 17.x is also impacted by OpenSSL CVE-2022-3602 and CVE-2022-3786 -- like > 18.x, 17.x also includes the OpenSSL 3.0.x fork quictls. However, nodejs 17.x is EOL, so won't see an update. Good thing nobody ever runs EOL'd software! -Jan
Current thread:
- Fwd: Node.js security updates for all active release lines, November 2022 soyjuanarbol () gmail com (Nov 02)
- Re: Fwd: Node.js security updates for all active release lines, November 2022 Jan Schaumann (Nov 02)
- <Possible follow-ups>
- Fwd: Node.js security updates for all active release lines, November 2022 soyjuanarbol () gmail com (Nov 04)