From 4c9188c89d96da0719e75f984bb48efa0fc9d12e Mon Sep 17 00:00:00 2001 From: RafaelGSS Date: Mon, 24 Jun 2024 12:29:00 -0300 Subject: [PATCH 1/3] Blog: add pre security release announcement --- .../july-2024-security-releases.md | 38 +++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 pages/en/blog/vulnerability/july-2024-security-releases.md diff --git a/pages/en/blog/vulnerability/july-2024-security-releases.md b/pages/en/blog/vulnerability/july-2024-security-releases.md new file mode 100644 index 0000000000000..4569d6680bcbc --- /dev/null +++ b/pages/en/blog/vulnerability/july-2024-security-releases.md @@ -0,0 +1,38 @@ +--- +date: 2024-07-02T03:00:00.000Z +category: vulnerability +title: Tuesday, July 2, 2024 Security Releases +slug: july-2024-security-releases +layout: blog-post +author: The Node.js Project +--- + +# Summary + +The Node.js project will release new versions of the 20.x, 22.x, 18.x +releases lines on or shortly after, Tuesday, July 2, 2024 in order to address: + +- 3 low severity issues. +- 1 high severity issues. +- 2 medium severity issues. + +## Impact + +The 20.x release line of Node.js is vulnerable to 3 low severity issues, 1 high severity issues, 2 medium severity issues. +The 22.x release line of Node.js is vulnerable to 3 low severity issues, 1 high severity issues, 2 medium severity issues. +The 18.x release line of Node.js is vulnerable to 1 high severity issues, 2 medium severity issues. + +It's important to note that End-of-Life versions are always affected when a security release occurs. +To ensure your system's security, please use an up-to-date version as outlined in our +[Release Schedule](https://github.com/nodejs/release#release-schedule). + +## Release timing + +Releases will be available on, or shortly after, Tuesday, July 2, 2024. + +## Contact and future updates + +The current Node.js security policy can be found at https://nodejs.org/en/security/. +Please follow the process outlined in https://github.com/nodejs/node/blob/master/SECURITY.md if you wish to report a vulnerability in Node.js. + +Subscribe to the low-volume announcement-only nodejs-sec mailing list at https://groups.google.com/forum/#!forum/nodejs-sec to stay up to date on security vulnerabilities and security-related releases of Node.js and the projects maintained in the nodejs GitHub organization. From 5b14b67c8f2baa6692b744d5dfb7db9d8204fa9a Mon Sep 17 00:00:00 2001 From: RafaelGSS Date: Tue, 25 Jun 2024 10:01:48 -0300 Subject: [PATCH 2/3] fixup! Blog: add pre security release announcement --- pages/en/blog/vulnerability/july-2024-security-releases.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pages/en/blog/vulnerability/july-2024-security-releases.md b/pages/en/blog/vulnerability/july-2024-security-releases.md index 4569d6680bcbc..6b4cbe0c314cb 100644 --- a/pages/en/blog/vulnerability/july-2024-security-releases.md +++ b/pages/en/blog/vulnerability/july-2024-security-releases.md @@ -9,7 +9,7 @@ author: The Node.js Project # Summary -The Node.js project will release new versions of the 20.x, 22.x, 18.x +The Node.js project will release new versions of the 22.x, 20.x, 18.x releases lines on or shortly after, Tuesday, July 2, 2024 in order to address: - 3 low severity issues. @@ -18,8 +18,8 @@ releases lines on or shortly after, Tuesday, July 2, 2024 in order to address: ## Impact -The 20.x release line of Node.js is vulnerable to 3 low severity issues, 1 high severity issues, 2 medium severity issues. The 22.x release line of Node.js is vulnerable to 3 low severity issues, 1 high severity issues, 2 medium severity issues. +The 20.x release line of Node.js is vulnerable to 3 low severity issues, 1 high severity issues, 2 medium severity issues. The 18.x release line of Node.js is vulnerable to 1 high severity issues, 2 medium severity issues. It's important to note that End-of-Life versions are always affected when a security release occurs. From 68b1f88aabafd3b702b5d5ed1d18ee396a21a652 Mon Sep 17 00:00:00 2001 From: RafaelGSS Date: Tue, 25 Jun 2024 10:27:08 -0300 Subject: [PATCH 3/3] fixup! fixup! Blog: add pre security release announcement --- .../en/blog/vulnerability/july-2024-security-releases.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/pages/en/blog/vulnerability/july-2024-security-releases.md b/pages/en/blog/vulnerability/july-2024-security-releases.md index 6b4cbe0c314cb..feb0952b5d44b 100644 --- a/pages/en/blog/vulnerability/july-2024-security-releases.md +++ b/pages/en/blog/vulnerability/july-2024-security-releases.md @@ -12,14 +12,17 @@ author: The Node.js Project The Node.js project will release new versions of the 22.x, 20.x, 18.x releases lines on or shortly after, Tuesday, July 2, 2024 in order to address: -- 3 low severity issues. - 1 high severity issues. - 2 medium severity issues. +- 3 low severity issues. + +Node.js fetch will be upgraded to undici v6.19.2 on Node.js 18.x and Node.js 20.x. +Node.js 22.x already includes undici v6.19.2. ## Impact -The 22.x release line of Node.js is vulnerable to 3 low severity issues, 1 high severity issues, 2 medium severity issues. -The 20.x release line of Node.js is vulnerable to 3 low severity issues, 1 high severity issues, 2 medium severity issues. +The 22.x release line of Node.js is vulnerable to 1 high severity issues, 2 medium severity issues, 3 low severity issues. +The 20.x release line of Node.js is vulnerable to 1 high severity issues, 2 medium severity issues, 3 low severity issues. The 18.x release line of Node.js is vulnerable to 1 high severity issues, 2 medium severity issues. It's important to note that End-of-Life versions are always affected when a security release occurs.