2020-06-02, Version 12.18.0 'Erbium' (LTS), @targos

targos released this 02 Jun 18:46

f19f5b3

Notable changes

This is a security release.

Vulnerabilities fixed:

CVE-2020-8172: TLS session reuse can lead to host certificate verification bypass (High).
CVE-2020-11080: HTTP/2 Large Settings Frame DoS (Low).
CVE-2020-8174: napi_get_value_string_*() allows various kinds of memory corruption (High).

Commits

[c6d0bdacc4] - crypto: update root certificates (AshCripps) #33682
[916b2824d1] - (SEMVER-MINOR) deps: update nghttp2 to 1.41.0 (James M Snell) nodejs-private/node-private#206
[d381426377] - (SEMVER-MINOR) http2: implement support for max settings entries (James M Snell) nodejs-private/node-private#206
[7dd8982570] - napi: fix memory corruption vulnerability (Tobias Nießen) nodejs-private/node-private#195
[0932309af2] - tls: emit session after verifying certificate (Fedor Indutny) nodejs-private/node-private#200
[c392d3923f] - tools: update certdata.txt (AshCripps) #33682

Assets 2