diff --git a/apps/site/pages/en/blog/release/v20.19.4.md b/apps/site/pages/en/blog/release/v20.19.4.md new file mode 100644 index 0000000000000..785632236a7a9 --- /dev/null +++ b/apps/site/pages/en/blog/release/v20.19.4.md @@ -0,0 +1,101 @@ +--- +date: '2025-07-15T22:15:06.297Z' +category: release +title: Node v20.19.4 (LTS) +layout: blog-post +author: Rafael Gonzaga +--- + +## 2025-07-15, Version 20.19.4 'Iron' (LTS), @RafaelGSS + +This is a security release. + +### Notable Changes + +- (CVE-2025-27210) Windows Device Names (CON, PRN, AUX) Bypass Path Traversal Protection in path.normalize() + +### Commits + +- \[[`db7b93fcef`](https://github.com/nodejs/node/commit/db7b93fcef)] - **(CVE-2025-27210)** **lib**: handle all windows reserved driver name (RafaelGSS) [nodejs-private/node-private#721](https://github.com/nodejs-private/node-private/pull/721) + +Windows 32-bit Installer: https://nodejs.org/dist/v20.19.4/node-v20.19.4-x86.msi \ +Windows 64-bit Installer: https://nodejs.org/dist/v20.19.4/node-v20.19.4-x64.msi \ +Windows ARM 64-bit Installer: https://nodejs.org/dist/v20.19.4/node-v20.19.4-arm64.msi \ +Windows 32-bit Binary: https://nodejs.org/dist/v20.19.4/win-x86/node.exe \ +Windows 64-bit Binary: https://nodejs.org/dist/v20.19.4/win-x64/node.exe \ +Windows ARM 64-bit Binary: https://nodejs.org/dist/v20.19.4/win-arm64/node.exe \ +macOS 64-bit Installer: https://nodejs.org/dist/v20.19.4/node-v20.19.4.pkg \ +macOS Apple Silicon 64-bit Binary: https://nodejs.org/dist/v20.19.4/node-v20.19.4-darwin-arm64.tar.gz \ +macOS Intel 64-bit Binary: https://nodejs.org/dist/v20.19.4/node-v20.19.4-darwin-x64.tar.gz \ +Linux 64-bit Binary: https://nodejs.org/dist/v20.19.4/node-v20.19.4-linux-x64.tar.xz \ +Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v20.19.4/node-v20.19.4-linux-ppc64le.tar.xz \ +Linux s390x 64-bit Binary: https://nodejs.org/dist/v20.19.4/node-v20.19.4-linux-s390x.tar.xz \ +AIX 64-bit Binary: https://nodejs.org/dist/v20.19.4/node-v20.19.4-aix-ppc64.tar.gz \ +ARMv7 32-bit Binary: https://nodejs.org/dist/v20.19.4/node-v20.19.4-linux-armv7l.tar.xz \ +ARMv8 64-bit Binary: https://nodejs.org/dist/v20.19.4/node-v20.19.4-linux-arm64.tar.xz \ +Source Code: https://nodejs.org/dist/v20.19.4/node-v20.19.4.tar.gz \ +Other release files: https://nodejs.org/dist/v20.19.4/ \ +Documentation: https://nodejs.org/docs/v20.19.4/api/ + +### SHASUMS + +``` +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +60230a634608f7ebefe9c56e98c690596e971a76e3ef2f9f90e276a410252ec1 node-v20.19.4-aix-ppc64.tar.gz +3943b720515ffba292f8cec4f59df4e11880716d9bbcb8cd09bcd9f68394fd95 node-v20.19.4-arm64.msi +8b89801f527a85e3f7de539512c9dde08673ac99db6458cc7cc627e05d707054 node-v20.19.4-darwin-arm64.tar.gz +34f01058aea5bbdb735bdb96077232f34a9fc25bfb32f5fb07dd7df3bd49e5c9 node-v20.19.4-darwin-arm64.tar.xz +cc47ed094c1876b211a9091d09a78537c1cbbb0f8cf5a49c9fd79933ee8fd7fd node-v20.19.4-darwin-x64.tar.gz +56d293b415e0253adfe8df7a19d14e43f8f4cadab1076929ed29c4fcb076c687 node-v20.19.4-darwin-x64.tar.xz +e8140a84f5b6974bc363c96376d2dd7dd8d75f92a40d6c906e37e04220b87791 node-v20.19.4-headers.tar.gz +b94d9157d658abc04a476d7902713a578a873715fe9b7b227aeff17d97977e76 node-v20.19.4-headers.tar.xz +d200798332b7a56d355888ce58e6a639fac7939a4833e5bc8780c66888e1ce4d node-v20.19.4-linux-arm64.tar.gz +4492c29882f604eb4cba6ce52ad2e6436f4eeb2b2917a74b0f85e6e42e261252 node-v20.19.4-linux-arm64.tar.xz +bdff86d5ff91214c6d6c421b42b35442daebcf42f85bbfb6643e7a950a093c3b node-v20.19.4-linux-armv7l.tar.gz +53b04763def6a35d876abf10312536170ea02b4ac0ff44b9b69533b1656ac914 node-v20.19.4-linux-armv7l.tar.xz +572e3a4cc5371680b763eddda3df45704e3478d3c2d3c774927186184fba3ac9 node-v20.19.4-linux-ppc64le.tar.gz +8cc2bb753c4666f9148f07e44706d3c6cf029c8c27f282972207983f9d2591e6 node-v20.19.4-linux-ppc64le.tar.xz +17a95c4591478bf3ccd8919ff74810feb46d320c73e90430ac8ef0fb724705ae node-v20.19.4-linux-s390x.tar.gz +dc34e66d92e7708d5ab42586ce30e654f5617cb520fc033ebae98f6c5311452a node-v20.19.4-linux-s390x.tar.xz +d80a33707605ced9a31b8f543cea9ab512bc3d2fef2c148f31a50e939ff07560 node-v20.19.4-linux-x64.tar.gz +7a488a09e2fc02fbd1bc4ae084bea8a589314f741c182fc02c5f3f07c79a29d4 node-v20.19.4-linux-x64.tar.xz +8bc6b30ab6e23c49bfffe64512041a43170b6a0e8ec875d636fa77f32b56d094 node-v20.19.4-win-arm64.7z +1554251027d777d3dbb276af0553b2e9f89822a1579067216bc0b9522a3a22d3 node-v20.19.4-win-arm64.zip +034802e68bf326c67bb8a7ed77ef97935485fd83f6e250dede39b9aea144b366 node-v20.19.4-win-x64.7z +1bf83e5958157d13673507349238236aec4f6efc95cf426cbe126a999a3e4c0b node-v20.19.4-win-x64.zip +a21039667013459d743f349bf539dc38d10e396df1b266809816264b6197204d node-v20.19.4-win-x86.7z +b16bac5090e882172b45bd3258c0f937c37860d6b2fd65c7e91d54d06ec960aa node-v20.19.4-win-x86.zip +358c0d097a5fce3228015558b1ce52edfb1398ac6f6e2dd745acd54380805320 node-v20.19.4-x64.msi +7ecbdc27dcc9bf99249c65487105872810a864419a986204a6ee911648b50973 node-v20.19.4-x86.msi +743113245f60515ccec7f5aabed8d4db2af1c0518761fee5605bbea13f2f36a5 node-v20.19.4.pkg +cc363c0a90fe5025939175c1c29ab67235f36ebe4b5d78506634da27a73eef5d node-v20.19.4.tar.gz +b87fd7106013d3906706913ffc63a4403715fbb272c4f83ff4338527353eec0f node-v20.19.4.tar.xz +b10724f69284147aa40ac4964d2e7da45b7de4c0771896af7bdf566639e58190 win-arm64/node.exe +dd8b0acfe80fa4ac731561848405b173cdc16ade8347e0ebb59bdb7aee668ed1 win-arm64/node.lib +9a94958669a7bf9f58c50d82aba206e460c508c4ecf26c6271198966feab7357 win-arm64/node_pdb.7z +64bd0e9cb6c9f7aca6e395d0072407581156c7a95383c4c8c1d3b8b120a24416 win-arm64/node_pdb.zip +7ffc3c2d46bb511c6330503040b76d4f0ed7bd04e767a1f7ba2486435e6a06ac win-x64/node.exe +7d545cfcf38456553e83f419c72e91bf9bc80500bf8c0f3f838a7be020e88def win-x64/node.lib +b43a3681914472d6b9bad07166e8a585fa196ac5b24f7dd9d27adcb138c43fe2 win-x64/node_pdb.7z +8f6676761ddbabe21f45c2ccd55480784c9a9d92ba898f89e5130072961bf71b win-x64/node_pdb.zip +5347fb68e3f18bc0c6a487dd1ed2062d49bb08a96866419f39531c298f7a5678 win-x86/node.exe +d22e597766b0a8de355d244cd9417f8b67bbbc39e8a66ae2e1009ee4c7409bb2 win-x86/node.lib +8f5b93eaf5011cd969fab5ccadcd278e240fc194bb9faa5040fc4f0795e48819 win-x86/node_pdb.7z +5de1f3158813d0ca66714fdb0b2ae1676e337fd3bfe631becf2f8b3162877968 win-x86/node_pdb.zip +-----BEGIN PGP SIGNATURE----- + +iQGzBAEBCAAdFiEEiQwI24V5Fi/uDfnbi+q0389VXvQFAmh20aIACgkQi+q0389V +XvQIsQv/e13DVozeLCT4Do9wl5wXvRS1in37M4Ha+hbQb7Q+XmxthH2ocod/IeEy +cnhYqN8u2pDFc9s8e40mDCJ+e8+o4dLrleLhmmCyR4eFYp/fOp4r32FaYN0FSP3f +Iwy28BRh1KHoYkZgAwrhksz+OqnEsq1HW3OHWzMYgX20YAkTfJlamChfrmIfExSW +qGKC13yjQp3K1ntke7ZdxY7mWJPAVwB1eg4psx87jXibn8tD8scFrUp5D2vwyUm4 +x7TTXdlH7eTMPpRA4Rmmfe85YH3roXE16v3NeegRvRHX59y2iU5RsXufLuwU7MET +1CYM3pUj3ptiw0xDg46LjQCs5CrN/56tzKzGzUwniCB89SkI1V4aIvrsDspTryh4 +GtNm3Ct7/AC5843S/1yNW9tSJCFr5gxeStwK1E1gom64RhmBLlxkSaoKNHP5NlDX ++zbRxWxWzr8XMDTM+eMWMXyFFNc4rPEVJm2q2BuU7S2B5uPtGsh/OG1D9ir3m5fm +N9WeqreY +=ehgP +-----END PGP SIGNATURE----- +``` diff --git a/apps/site/pages/en/blog/release/v22.17.1.md b/apps/site/pages/en/blog/release/v22.17.1.md new file mode 100644 index 0000000000000..4a5b83fbfcfa8 --- /dev/null +++ b/apps/site/pages/en/blog/release/v22.17.1.md @@ -0,0 +1,102 @@ +--- +date: '2025-07-15T22:14:56.543Z' +category: release +title: Node v22.17.1 (LTS) +layout: blog-post +author: Rafael Gonzaga +--- + +## 2025-07-15, Version 22.17.1 'Jod' (LTS), @RafaelGSS + +This is a security release. + +### Notable Changes + +- (CVE-2025-27210) Windows Device Names (CON, PRN, AUX) Bypass Path Traversal Protection in path.normalize() + +### Commits + +- \[[`8cf5d66ab7`](https://github.com/nodejs/node/commit/8cf5d66ab7)] - **(CVE-2025-27210)** **lib**: handle all windows reserved driver name (RafaelGSS) [nodejs-private/node-private#721](https://github.com/nodejs-private/node-private/pull/721) +- \[[`9c0cb487ec`](https://github.com/nodejs/node/commit/9c0cb487ec)] - **win,build**: fix MSVS v17.14 compilation issue (StefanStojanovic) [#58902](https://github.com/nodejs/node/pull/58902) + +Windows 32-bit Installer: https://nodejs.org/dist/v22.17.1/node-v22.17.1-x86.msi \ +Windows 64-bit Installer: https://nodejs.org/dist/v22.17.1/node-v22.17.1-x64.msi \ +Windows ARM 64-bit Installer: https://nodejs.org/dist/v22.17.1/node-v22.17.1-arm64.msi \ +Windows 32-bit Binary: https://nodejs.org/dist/v22.17.1/win-x86/node.exe \ +Windows 64-bit Binary: https://nodejs.org/dist/v22.17.1/win-x64/node.exe \ +Windows ARM 64-bit Binary: https://nodejs.org/dist/v22.17.1/win-arm64/node.exe \ +macOS 64-bit Installer: https://nodejs.org/dist/v22.17.1/node-v22.17.1.pkg \ +macOS Apple Silicon 64-bit Binary: https://nodejs.org/dist/v22.17.1/node-v22.17.1-darwin-arm64.tar.gz \ +macOS Intel 64-bit Binary: https://nodejs.org/dist/v22.17.1/node-v22.17.1-darwin-x64.tar.gz \ +Linux 64-bit Binary: https://nodejs.org/dist/v22.17.1/node-v22.17.1-linux-x64.tar.xz \ +Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v22.17.1/node-v22.17.1-linux-ppc64le.tar.xz \ +Linux s390x 64-bit Binary: https://nodejs.org/dist/v22.17.1/node-v22.17.1-linux-s390x.tar.xz \ +AIX 64-bit Binary: https://nodejs.org/dist/v22.17.1/node-v22.17.1-aix-ppc64.tar.gz \ +ARMv7 32-bit Binary: https://nodejs.org/dist/v22.17.1/node-v22.17.1-linux-armv7l.tar.xz \ +ARMv8 64-bit Binary: https://nodejs.org/dist/v22.17.1/node-v22.17.1-linux-arm64.tar.xz \ +Source Code: https://nodejs.org/dist/v22.17.1/node-v22.17.1.tar.gz \ +Other release files: https://nodejs.org/dist/v22.17.1/ \ +Documentation: https://nodejs.org/docs/v22.17.1/api/ + +### SHASUMS + +``` +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +988da3f531740238fea22bd73bd27b3d3a9d780c3248494ae797fd1dc4737b6e node-v22.17.1-aix-ppc64.tar.gz +538276e62f7428a86302bbe8908aa28b1a1f4635b75def8e308392894a0c3b6c node-v22.17.1-arm64.msi +a983f4f2a7b71512b78d7935b9ccf6b72120a255810070afd635c4146bca7b31 node-v22.17.1-darwin-arm64.tar.gz +346ed47b18d7ce5ec0b7a3cd24f08623af1a8efdc8069ebc7cb7c38af1bdb7b4 node-v22.17.1-darwin-arm64.tar.xz +b925103150fac0d23a44a45b2d88a01b73e5fff101e5dcfbae98d32c08d4bee3 node-v22.17.1-darwin-x64.tar.gz +152731560b9753d62a8c67e4bcb4d9b78dcba3f3b4dfcc0ae6e1738595887ed1 node-v22.17.1-darwin-x64.tar.xz +21d248e607efae5852b3cbef0747af796432d37b50c4d644ec7ab54e52ad3f00 node-v22.17.1-headers.tar.gz +489aaa932c3bdcb69e4b0cbf2da7e677ef21931b2cc66f36b726ab090f5b26fb node-v22.17.1-headers.tar.xz +f53510706998cf044f634190416f0588e7e1937aecea938768952e0f0ac1f41b node-v22.17.1-linux-arm64.tar.gz +a5bb879af2fe70e7b5dc5e0bbadecba88e87f45bd8e62c0c57b5c815a4cbbaa6 node-v22.17.1-linux-arm64.tar.xz +520dcd113eca345074cab3c3e7c23b93517a6a0a22fac98e843b195fcfdcc5d7 node-v22.17.1-linux-armv7l.tar.gz +5be9a0d4808415365dce0fa4d051db93f2a708d175beb956762970971aa3ed81 node-v22.17.1-linux-armv7l.tar.xz +c07ee9fb0c0396f5551a9c0228570fdb45ebf21ba9723f7098671320f364a202 node-v22.17.1-linux-ppc64le.tar.gz +e97d90a254d4741ee4c9ca989fb21d743c0708eb7176cdc78e1b7026a954fe49 node-v22.17.1-linux-ppc64le.tar.xz +5ee94f6e421a383435c2f96b8e5742ad0eea54a851dc6b66583fc28a2f84cd33 node-v22.17.1-linux-s390x.tar.gz +c1e144457f6779d18eac9ffc31ca687cc127d27fe7c73092cc321be21d6a1011 node-v22.17.1-linux-s390x.tar.xz +cfb6ac0cf339825fe36efd1f18a79016b02aca19fbfa6c9547c57e27dc09f6ea node-v22.17.1-linux-x64.tar.gz +ff04bc7c3ed7699ceb708dbaaf3580d899ff8bf67f17114f979e83aa74fc5a49 node-v22.17.1-linux-x64.tar.xz +6cc39aee7c832b1de1c7c44f1f4746351fc38d7880af67aa5238503eb647d830 node-v22.17.1-win-arm64.7z +588d42c7c90eecf14ed4fc126a64cc70993e3a002f93e26be9c979cdc516b0d3 node-v22.17.1-win-arm64.zip +87e44340313b125ee7f4ea1a3877ba9aede1030fcbc8edd9f57e43fd3257037c node-v22.17.1-win-x64.7z +b1fdb5635ba860f6bf71474f2ca882459a582de49b1d869451e3ad188e3943eb node-v22.17.1-win-x64.zip +b7e7e75d570074cd40645c8db6806ea08d121a00c1af11fd110540434664ae45 node-v22.17.1-win-x86.7z +ccfc8901bba74052a4fd9c15ec8e01f45d3014646d909026e3a07a270c4194fb node-v22.17.1-win-x86.zip +29bf63d4be9e9ba53d8974086cd9ef2403317e6c237d98d6e498205da4d48753 node-v22.17.1-x64.msi +79ff602686c2ef16187c1624b9fb3bce3bc09e33716bcfab3168a6111832e87e node-v22.17.1-x86.msi +31f30608a6c9961ef3d19002a578899d40cdaa6583d0d46744ae2be9aa137b0d node-v22.17.1.pkg +167539d86368bb911488f888a05355df5002b302285d353179c9dd957233add5 node-v22.17.1.tar.gz +327415fd76fcebb98133bf56e2d90e3ac048b038fac2676f03b6db91074575b9 node-v22.17.1.tar.xz +d3b6849e4e0d9770024df678c4f77356065922d30c07a37dcf1bc4012c711d94 win-arm64/node.exe +c174ae3348a4a59c9d61629a7a73a38679fd27c55b2a7d85a2ea3e65de2beb13 win-arm64/node.lib +6d85c14c2f3c11607f3e15912391971783046198f0aebe5251c7a1b7d6f06b91 win-arm64/node_pdb.7z +62d2b887ebe89621d2e5441a01e95f74839773c039cdd8a43a087f4285b3bfa0 win-arm64/node_pdb.zip +0f1098a455c7058daaaccd660d3a71dfed1cc0ffe8bea826170a7807d36fcef2 win-x64/node.exe +4af0951712fb05a686a03e0592880e195ba53e5eb70e224d7ea7b8b76f2a3e86 win-x64/node.lib +b97379b2499adec83b4ac64fec048390404f29b667d3676fa3d1fead01d1ca5e win-x64/node_pdb.7z +fedbd933bcfdc60fc514c5234dbb10ac8fd0f2c0e7f9c203c738364dcea7602d win-x64/node_pdb.zip +efb130fb88544c16e480524fbd0c77725864dd08c96d86b9849bfadb13fea13e win-x86/node.exe +e1830d28633bfa80180edfffe5f091dc945701ba8cf2b743ca542d34759f505a win-x86/node.lib +66233b440709942b94af935aa4b1aaf3faa520de73efbf53ed19ee61144c72f6 win-x86/node_pdb.7z +8b09448a6c5a9d863151f1c0a067d2c26632aa69a29af08ca75899a4e4f8c4e6 win-x86/node_pdb.zip +-----BEGIN PGP SIGNATURE----- + +iQGzBAEBCAAdFiEEiQwI24V5Fi/uDfnbi+q0389VXvQFAmh20jIACgkQi+q0389V +XvSXTAv/Xzy1q8t4LcX8TvXSf806U0cEhX7QK929dpvpdsMIgcbc8/u9AGWNkeOx +8fL7iQ35qQ6sUGkusfgXHx9a+QJkKXOCbjM1gHKvLBAEyemv2Aea4iQFe4yInSKQ +eQcBL11UsfQ4W7Ef/saMGzNaTSYKg3Ky/7t9icf8HAxvykNRr5IL2exMePdiiox2 +Fq/Gq0RAMBUt12yUD80Q8pcrp75OgB9BXrngDed3wDeX/cj4YZMsNE5I8r7hxRo3 +7Dm4F4/6XZc2iBkXRhcSMDXfCvPK+r42XP56d7V8sQf2NEFmlXnEoWTRddZ0D2hW +/RnlqdE8x0B6r34x+QXK0RNwL9qrcoTJ3q7ksCPWpWsVPDVMWeSfCHeoPlnJBX9J ++81oSiXzLtWT2JMnihl0OSabqZhjN/P2BP7Ny346kb9a+WsG7FpMwcR1Teq0UFCv +aC5ImzM5FA85EPAVGNQt0QuTK8aIfYt8jEzRovUVd5j8pkePUPMM/I2v+FheAj4N +YTq/Tg58 +=rDZQ +-----END PGP SIGNATURE----- +``` diff --git a/apps/site/pages/en/blog/release/v24.4.1.md b/apps/site/pages/en/blog/release/v24.4.1.md new file mode 100644 index 0000000000000..5f69a2c04ab89 --- /dev/null +++ b/apps/site/pages/en/blog/release/v24.4.1.md @@ -0,0 +1,91 @@ +--- +date: '2025-07-15T22:14:44.786Z' +category: release +title: Node v24.4.1 (Current) +layout: blog-post +author: Rafael Gonzaga +--- + +## 2025-07-15, Version 24.4.1 (Current), @RafaelGSS + +This is a security release. + +### Notable Changes + +- (CVE-2025-27209) HashDoS in V8 with new RapidHash algorithm +- (CVE-2025-27210) Windows Device Names (CON, PRN, AUX) Bypass Path Traversal Protection in path.normalize() + +### Commits + +- \[[`c33223f1a5`](https://github.com/nodejs/node/commit/c33223f1a5)] - **(CVE-2025-27209)** **deps**: V8: revert rapidhash commits (Michaƫl Zasso) [nodejs-private/node-private#713](https://github.com/nodejs-private/node-private/pull/713) +- \[[`56f9db2aaa`](https://github.com/nodejs/node/commit/56f9db2aaa)] - **(CVE-2025-27210)** **lib**: handle all windows reserved driver name (RafaelGSS) [nodejs-private/node-private#721](https://github.com/nodejs-private/node-private/pull/721) + +Windows 64-bit Installer: https://nodejs.org/dist/v24.4.1/node-v24.4.1-x64.msi \ +Windows ARM 64-bit Installer: https://nodejs.org/dist/v24.4.1/node-v24.4.1-arm64.msi \ +Windows 64-bit Binary: https://nodejs.org/dist/v24.4.1/win-x64/node.exe \ +Windows ARM 64-bit Binary: https://nodejs.org/dist/v24.4.1/win-arm64/node.exe \ +macOS 64-bit Installer: https://nodejs.org/dist/v24.4.1/node-v24.4.1.pkg \ +macOS Apple Silicon 64-bit Binary: https://nodejs.org/dist/v24.4.1/node-v24.4.1-darwin-arm64.tar.gz \ +macOS Intel 64-bit Binary: https://nodejs.org/dist/v24.4.1/node-v24.4.1-darwin-x64.tar.gz \ +Linux 64-bit Binary: https://nodejs.org/dist/v24.4.1/node-v24.4.1-linux-x64.tar.xz \ +Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v24.4.1/node-v24.4.1-linux-ppc64le.tar.xz \ +Linux s390x 64-bit Binary: https://nodejs.org/dist/v24.4.1/node-v24.4.1-linux-s390x.tar.xz \ +AIX 64-bit Binary: https://nodejs.org/dist/v24.4.1/node-v24.4.1-aix-ppc64.tar.gz \ +ARMv8 64-bit Binary: https://nodejs.org/dist/v24.4.1/node-v24.4.1-linux-arm64.tar.xz \ +Source Code: https://nodejs.org/dist/v24.4.1/node-v24.4.1.tar.gz \ +Other release files: https://nodejs.org/dist/v24.4.1/ \ +Documentation: https://nodejs.org/docs/v24.4.1/api/ + +### SHASUMS + +``` +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +d2b3496c3795515844bd8d2d45404d0e8ddbc714855ce68e895a644a6059feb3 node-v24.4.1-aix-ppc64.tar.gz +7a3cdd9f5d8f0cb4dce7b21f509b5379bb51fd18e5dfa6a9662cafcd8ae63c60 node-v24.4.1-arm64.msi +55a772a600b7bdafb4b35945b3935090e27aff9934b4c11b281220fcd99139d7 node-v24.4.1-darwin-arm64.tar.gz +7ea25548b120ebaeaffadd37878b83c3d917cbb1eb3e9dbab7cb861bd8763a56 node-v24.4.1-darwin-arm64.tar.xz +59fbad953a0705e78d220079fb6d10d341d0a61afd3aeb4db2a87207fddd8944 node-v24.4.1-darwin-x64.tar.gz +e391194c578cf91e2af35acb30dc6c23fe8893fb3409a2c9a4e25b51f87a6cb0 node-v24.4.1-darwin-x64.tar.xz +f2071f773135460a56c6cdc368a58e98f5f3d14e3a0bf1010a4323d294482740 node-v24.4.1-headers.tar.gz +5cc534bca66b184c837923ce5d9cc25ae7f3b3f6d8455ded509da0db041c16d7 node-v24.4.1-headers.tar.xz +fde5421e2652e51199bc678e1e6c4d80bbb4c55337ec0a82206568517e9792ef node-v24.4.1-linux-arm64.tar.gz +555659c36fc72d0617e278b5d26ffcaebc3760a3de354926b1e5f1b0bfd66083 node-v24.4.1-linux-arm64.tar.xz +b4ee745e4d8a2c3f3a793a50695d769322b81c79f2b7b79c2a359bca892a0f36 node-v24.4.1-linux-ppc64le.tar.gz +2d549d5c63d282012192bf8594ea105b9876e9198d3af8401c61efe15c3d8cb1 node-v24.4.1-linux-ppc64le.tar.xz +8c9a680c3ae7c8b4a02f55faa055d960ab639a67b257efe7a466d49934746630 node-v24.4.1-linux-s390x.tar.gz +70316824c88fa396b12363fb9695b8f9a88f671377056bd86761dc96962240f8 node-v24.4.1-linux-s390x.tar.xz +063f2eb299ba60e3fc9b424d8e87d0e2f6be84b39bdeadc421ee2865914c498b node-v24.4.1-linux-x64.tar.gz +7e067b13cd0dc7ee8b239f4ebe1ae54f3bba3a6e904553fcb5f581530eb8306d node-v24.4.1-linux-x64.tar.xz +a9e19728d981b03fd0ef075d6df0dc28c9d543f4b2ea6cad5cb1e3dff5c01e11 node-v24.4.1-win-arm64.7z +8cb993d89d13119f582c77a4c734be5bdfeee5557e6cfe850ea1a2f23fa94686 node-v24.4.1-win-arm64.zip +daa849d978dfd6ae623e2c70cab5602b385e2c1e6bb3b5012de6609be78ddcdc node-v24.4.1-win-x64.7z +0428a6ca7544df310de4ed12c10e84c0bc7c9022945dc16de22f7c0dc4893dd2 node-v24.4.1-win-x64.zip +521032573be257d214589043d4aa57d1e32a0a4ff8e30c3275e6617de4c55ee4 node-v24.4.1-x64.msi +3473b9ebee25cc0681f543b93586988a2379836bf2be5a47c159a5920289e032 node-v24.4.1.pkg +f5d4525390f67bd2ba91efe2ad94722f570a9a4fd18756ab420cb5885d0f6c10 node-v24.4.1.tar.gz +adb79ca0987486ed66136213da19ff17ef6724dcb340c320e010c9442101652f node-v24.4.1.tar.xz +da416aa539b6b84d20c58b2bbd1fc5fc74b2d95dad213ef49110f697cbb2bb33 win-arm64/node.exe +6809fc156673d10cca7dff0e54f28309bb111d235c54493a4a0ca401c2113be7 win-arm64/node.lib +de892d4574417946a45e95720cb3a802eaa51209219ddd8a4fd36f8e6de6b7ef win-arm64/node_pdb.7z +62a4b97ca6aaa558fc2d7dba98a16faac64ec60776d5b4a519d515e2a7340c53 win-arm64/node_pdb.zip +1b41336fc188453644a3986ddc508627e2c7288df74e7c86abfc46106bc603e3 win-x64/node.exe +34882ca2bb450431047f2dd3bae1c3b8c1cd2b4cffd5c1a0bf079948846d2b83 win-x64/node.lib +759fbb25d32aaed69069b48b32844a161264d01aec457a91c3ca735b95131d2d win-x64/node_pdb.7z +57e04e1121f8e5b29739697e54ab07f51f70dab0376c94f9a9f159b412d32ba0 win-x64/node_pdb.zip +-----BEGIN PGP SIGNATURE----- + +iQGzBAEBCAAdFiEEiQwI24V5Fi/uDfnbi+q0389VXvQFAmh20p0ACgkQi+q0389V +XvSHQwv7BdDwI42lmmpsvn3490Rzlj79vab+z87ZVsLh0zq2hDTn7Vn9kXtBFTDA +L3GkRAa6jAqJGxXcyExDJpwyMUEk6ES0QDiJMYBIEayfBFLGWkx9ah80ixaj/4dD +w/YLw7/HQTLPYAHfKkNsJDm06zUsl+CPkEuRR08wblnNyrrxCjQZuJv3zEuB0GFl +Uyoe4i9AF3akFspAwrLU5oKJK7rJp5q7v6fc5/+Ks/NdoRRMGEiZUJo5DulOOYKA +F0MCVhZaKiJWcZfnRqLbSbB4lw2hVcOUI6tY5sKi6w8sSIRgPnCdu4FVp7OrZy/M +6aEgUk0o88P4Kwe/BO4bZXyQM38O38xKyC45taKmzfhPXihXPefJD/m+nRpM1Ola +RF6hXGeFT/XEJpsW/irD8qRVAU4ao4eI9/y9rnu7Oifm2u6noTEgNnMAjt1UwIN7 +sX0aYXDGkxk2GQ6uDNd1gAiDCT0Aidcno2NXbBjdqM6Hx+EhOw9KeryRXXzGl50+ +wW2Q5ZCk +=ZLrr +-----END PGP SIGNATURE----- +``` diff --git a/apps/site/pages/en/blog/vulnerability/july-2025-security-releases.md b/apps/site/pages/en/blog/vulnerability/july-2025-security-releases.md index 3ed74d345f5a6..dabcd9be00c13 100644 --- a/apps/site/pages/en/blog/vulnerability/july-2025-security-releases.md +++ b/apps/site/pages/en/blog/vulnerability/july-2025-security-releases.md @@ -1,5 +1,5 @@ --- -date: 2025-07-08T03:00:00.000Z +date: 2025-07-15T00:00:00.000Z category: vulnerability title: Tuesday, July 15, 2025 Security Releases slug: july-2025-security-releases @@ -7,6 +7,46 @@ layout: blog-post author: The Node.js Project --- +## Security releases available + +Updates are now available for the 24.x, 22.x, 20.x Node.js release lines for the +following issues. + +## Windows Device Names (CON, PRN, AUX) Bypass Path Traversal Protection in path.normalize() (CVE-2025-27210) - (high) + +An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. + +This vulnerability affects Windows users of `path.join` API. + +Impact: + +- This vulnerability affects all users in active release lines: 20.x, 22.x, 24.x + +Thank you, to oblivionsage for reporting this vulnerability and thank you RafaelGSS for fixing it. + +## HashDoS in V8 (CVE-2025-27209) - (high) + +The V8 release used in Node.js v24.0.0 has changed how string hashes are computed using rapidhash. +This implementation re-introduces the HashDoS vulnerability as an attacker who can control the strings to be hashed can generate +many hash collisions - an attacker can generate collisions even without knowing the hash-seed. + +While the V8 team does not classify this as a security vulnerability, the Node.js project considers it one due to its potential +impact in real-world scenarios. + +- This vulnerability affects Node.js v24.x users. + +Impact: + +- This vulnerability affects all users in active release lines: 24.x + +Thank you, to sharp_edged for reporting this vulnerability and thank you targos for fixing it. + +## Downloads and release details + +- [Node.js v20.19.4](/blog/release/v20.19.4/) +- [Node.js v22.17.1](/blog/release/v22.17.1/) +- [Node.js v24.4.1](/blog/release/v24.4.1/) + # Summary The Node.js project will release new versions of the 24.x, 22.x, 20.x diff --git a/apps/site/site.json b/apps/site/site.json index 3cd0f99094fe2..4ef62998f1413 100644 --- a/apps/site/site.json +++ b/apps/site/site.json @@ -28,9 +28,9 @@ ], "websiteBanners": { "index": { - "startDate": "2025-07-08T03:00:00.000Z", - "endDate": "2025-07-15T03:00:00.000Z", - "text": "New security releases to be made available Tuesday, July 15, 2025", + "startDate": "2025-07-15T00:00:00.000Z", + "endDate": "2025-07-22T00:00:00.000Z", + "text": "July Security Release is available", "link": "https://nodejs.org/en/blog/vulnerability/july-2025-security-releases", "type": "warning" }