2020-09-15, Version 12.18.4 'Erbium' (LTS), @BethGriggs prepared by @targos

BethGriggs released this 15 Sep 21:11

1d60ea4

Notable Changes

This is a security release.

Vulnerabilities fixed:

CVE-2020-8201: HTTP Request Smuggling due to CR-to-Hyphen conversion (High).
CVE-2020-8252: fs.realpath.native on may cause buffer overflow (Medium).

Commits

[2ea6d255f8] - deps: libuv: cherry-pick 0e6e8620 (cjihrig) nodejs-private/node-private#221
[65415049af] - deps: update llhttp to 2.1.2 (Fedor Indutny) nodejs-private/node-private#219
[edad52e243] - test: modify tests to support the latest llhttp (Fedor Indutny) nodejs-private/node-private#219

Assets 2