diff --git a/apps/site/pages/en/blog/vulnerability/upcoming-cve-for-eol-versions.md b/apps/site/pages/en/blog/vulnerability/upcoming-cve-for-eol-versions.md index 377f64810a1da..77edc94d02efc 100644 --- a/apps/site/pages/en/blog/vulnerability/upcoming-cve-for-eol-versions.md +++ b/apps/site/pages/en/blog/vulnerability/upcoming-cve-for-eol-versions.md @@ -1,5 +1,5 @@ --- -date: '2025-01-14T16:00:00.000Z' +date: '2025-01-06:00:00.000Z' category: vulnerability title: Upcoming CVE for End-of-Life Node.js Versions layout: blog-post @@ -18,24 +18,24 @@ notification to inform users that these versions are no longer maintained and may pose significant security risks. The CVE will cite **Unsupported When Assigned** under -[CWE-1104](https://cwe.mitre.org/data/definitions/1104.html): *Use of Unmaintained Third Party Components*. +[CWE-1104](https://cwe.mitre.org/data/definitions/1104.html): _Use of Unmaintained Third Party Components_. For more details on this decision, you can refer to the discussion in [this GitHub issue](https://github.com/nodejs/security-wg/issues/1401). ## Why Issue a CVE? Many organizations rely on CVE notifications to track security issues across -their software stacks. The Node.js project guarantee a timely resolution and disclosure +their software stacks. The Node.js project aims for a timely resolution and disclosure for all reported vulnerabilities for the _maintained_ release lines. However, we do not issue CVEs for EOL release lines. By issuing a CVE for EOL versions of Node.js, we aim to: -* **Raise Awareness:** Inform users that running EOL versions exposes their -applications to potential vulnerabilities. -* **Encourage Upgrades:** Prompt organizations and developers to update to -actively supported Node.js versions. -* **Improve Security:** Reduce the number of applications running outdated and -unsupported versions of Node.js. +- **Raise Awareness:** Inform users that running EOL versions exposes their + applications to potential vulnerabilities. +- **Encourage Upgrades:** Prompt organizations and developers to update to + actively supported Node.js versions. +- **Improve Security:** Reduce the number of applications running outdated and + unsupported versions of Node.js. > Node.js v16, despite being EOL for over a year, has still 11 million downloads per month. @@ -67,10 +67,10 @@ npx is-my-node-vulnerable As of the date of this announcement, the following versions are actively supported: -* Node.js 23 (Current) -* Node.js 22 (LTS) -* Node.js 20 (Maintenance LTS) -* Node.js 18 (Maintenance LTS) +- Node.js 23 (Current) +- Node.js 22 (LTS) +- Node.js 20 (Maintenance LTS) +- Node.js 18 (Maintenance LTS) All other versions are no longer supported and should be considered deprecated. @@ -79,7 +79,7 @@ All other versions are no longer supported and should be considered deprecated. We understand that upgrading may require effort, and we’re here to help. If you have any questions or need assistance, please reach out to us via: -* [Node.js Help Repository](https://github.com/nodejs/help) +- [Node.js Help Repository](https://github.com/nodejs/help) For organizations or developers who require continued use of EOL Node.js versions, the [OpenJS Ecosystem Sustainability Program](https://nodejs.org/en/about/previous-releases#commercial-support)