Skip to content

Commit

Permalink
2024-04-03, Version 18.20.1 'Hydrogen' (LTS)
Browse files Browse the repository at this point in the history 
This is a security release.

Notable changes:

* CVE-2024-27983 - Assertion failed in node::http2::Http2Session::\~Http2Session() leads to HTTP/2 server crash- (High)
* CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
* llhttp version 9.2.1
* undici version 5.28.4

PR-URL: nodejs-private/node-private#573
  • Loading branch information
@RafaelGSS
RafaelGSS committed Apr 3, 2024
1 parent 24d036b commit 6590a8c
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 1 deletion.
3 changes: 2 additions & 1 deletion CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,8 @@ release.
<a href="doc/changelogs/CHANGELOG_V20.md#20.0.0">20.0.0</a><br/>
</td>
<td valign="top">
<b><a href="doc/changelogs/CHANGELOG_V18.md#18.20.0">18.20.0</a></b><br/>
<b><a href="doc/changelogs/CHANGELOG_V18.md#18.20.1">18.20.1</a></b><br/>
<a href="doc/changelogs/CHANGELOG_V18.md#18.20.0">18.20.0</a><br/>
<a href="doc/changelogs/CHANGELOG_V18.md#18.19.1">18.19.1</a><br/>
<a href="doc/changelogs/CHANGELOG_V18.md#18.19.0">18.19.0</a><br/>
<a href="doc/changelogs/CHANGELOG_V18.md#18.18.2">18.18.2</a><br/>
Expand Down
20 changes: 20 additions & 0 deletions doc/changelogs/CHANGELOG_V18.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
</tr>
<tr>
<td>
<a href="#18.20.1">18.20.1</a><br/>
<a href="#18.20.0">18.20.0</a><br/>
<a href="#18.19.1">18.19.1</a><br/>
<a href="#18.19.0">18.19.0</a><br/>
Expand Down Expand Up @@ -68,6 +69,25 @@
* [io.js](CHANGELOG_IOJS.md)
* [Archive](CHANGELOG_ARCHIVE.md)

<a id="18.20.1"></a>

## 2024-04-03, Version 18.20.1 'Hydrogen' (LTS), @RafaelGSS

This is a security release.

### Notable Changes

* CVE-2024-27983 - Assertion failed in node::http2::Http2Session::\~Http2Session() leads to HTTP/2 server crash- (High)
* CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
* llhttp version 9.2.1
* undici version 5.28.4

### Commits

* \[[`60d24938de`](https://github.com/nodejs/node/commit/60d24938de)] - **deps**: update undici to v5.28.4 (Matteo Collina) [nodejs-private/node-private#577](https://github.com/nodejs-private/node-private/pull/577)
* \[[`5d4d5848cf`](https://github.com/nodejs/node/commit/5d4d5848cf)] - **http**: do not allow OBS fold in headers by default (Paolo Insogna) [nodejs-private/node-private#558](https://github.com/nodejs-private/node-private/pull/558)
* \[[`0fb816dbcc`](https://github.com/nodejs/node/commit/0fb816dbcc)] - **src**: ensure to close stream when destroying session (Anna Henningsen) [nodejs-private/node-private#561](https://github.com/nodejs-private/node-private/pull/561)

<a id="18.20.0"></a>

## 2024-03-26, Version 18.20.0 'Hydrogen' (LTS), @richardlau
Expand Down

0 comments on commit 6590a8c

Please sign in to comment.