nodejs · RafaelGSS · Jun 25, 2024 · Jun 24, 2024 · Jun 25, 2024 · Jun 25, 2024
@@ -0,0 +1,41 @@
+---
+date: 2024-07-02T03:00:00.000Z
+category: vulnerability
+title: Tuesday, July 2, 2024 Security Releases
+slug: july-2024-security-releases
+layout: blog-post
+author: The Node.js Project
+---
+
+# Summary
+
+The Node.js project will release new versions of the 22.x, 20.x, 18.x
+releases lines on or shortly after, Tuesday, July 2, 2024 in order to address:
+
+- 1 high severity issues.
+- 2 medium severity issues.
+- 3 low severity issues.
+
+Node.js fetch will be upgraded to undici v6.19.2 on Node.js 18.x and Node.js 20.x.
+Node.js 22.x already includes undici v6.19.2.
+
+## Impact
+
+The 22.x release line of Node.js is vulnerable to 1 high severity issues, 2 medium severity issues, 3 low severity issues.
+The 20.x release line of Node.js is vulnerable to 1 high severity issues, 2 medium severity issues, 3 low severity issues.
+The 18.x release line of Node.js is vulnerable to 1 high severity issues, 2 medium severity issues.
+
+It's important to note that End-of-Life versions are always affected when a security release occurs.
+To ensure your system's security, please use an up-to-date version as outlined in our
+[Release Schedule](https://github.com/nodejs/release#release-schedule).
+
+## Release timing
+
+Releases will be available on, or shortly after, Tuesday, July 2, 2024.
+
+## Contact and future updates
+
+The current Node.js security policy can be found at https://nodejs.org/en/security/.
+Please follow the process outlined in https://github.com/nodejs/node/blob/master/SECURITY.md if you wish to report a vulnerability in Node.js.
+
+Subscribe to the low-volume announcement-only nodejs-sec mailing list at https://groups.google.com/forum/#!forum/nodejs-sec to stay up to date on security vulnerabilities and security-related releases of Node.js and the projects maintained in the nodejs GitHub organization.