-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v10.24.1 proposal #38085
v10.24.1 proposal #38085
Conversation
This updates all sources in deps/openssl/openssl by: $ cd deps/openssl/ $ rm -rf openssl $ tar zxf ~/tmp/openssl-1.1.1k.tar.gz $ mv openssl-1.1.1k openssl $ git add --all openssl $ git commit openssl PR-URL: #37940 Refs: #37913 Refs: #37916 Reviewed-By: Daniel Bevenius <[email protected]>
After an OpenSSL source update, all the config files need to be regenerated and committed by: $ make -C deps/openssl/config $ git add deps/openssl/config/archs $ git add deps/openssl/openssl/include/crypto/bn_conf.h $ git add deps/openssl/openssl/include/crypto/dso_conf.h $ git add deps/openssl/openssl/include/openssl/opensslconf.h $ git commit PR-URL: #37940 Refs: #37913 Refs: #37916 Reviewed-By: Daniel Bevenius <[email protected]>
PR-URL: #37918 Reviewed-By: Ruben Bridgewater <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Tobias Nießen <[email protected]>
CI: https://ci.nodejs.org/job/node-test-pull-request/37148/ ✅ |
This is a security release Notable changes: Vulnerabilities fixed: - **CVE-2021-3450**: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) - **CVE-2021-3449**: OpenSSL - NULL pointer deref in signature_algorithms processing (High) - **CVE-2020-7774**: npm upgrade - Update y18n to fix Prototype-Pollution (High) PR-URL: #38085
8a84622
to
4736874
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does This is a security release
need to be This is a security release.
to match the regex in https://github.com/nodejs/nodejs-dist-indexer/blob/master/is-security-release.js#L2?
(apologies for the painful nit!)
This is a security release. Notable changes: Vulnerabilities fixed: - **CVE-2021-3450**: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) - **CVE-2021-3449**: OpenSSL - NULL pointer deref in signature_algorithms processing (High) - **CVE-2020-7774**: npm upgrade - Update y18n to fix Prototype-Pollution (High) PR-URL: #38085
4736874
to
bc166e4
Compare
This is a security release. Notable changes: Vulnerabilities fixed: - **CVE-2021-3450**: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) - **CVE-2021-3449**: OpenSSL - NULL pointer deref in signature_algorithms processing (High) - **CVE-2020-7774**: npm upgrade - Update y18n to fix Prototype-Pollution (High) PR-URL: #38085
bc166e4
to
5182a7e
Compare
This is a security release. Notable changes: Vulnerabilities fixed: - **CVE-2021-3450**: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) - **CVE-2021-3449**: OpenSSL - NULL pointer deref in signature_algorithms processing (High) - **CVE-2020-7774**: npm upgrade - Update y18n to fix Prototype-Pollution (High) PR-URL: #38085
2021-04-06, Version 10.24.1 'Dubnium' (LTS), @MylesBorins
This is a security release
Notable Changes
Vulerabilties fixed:
Commits
5e526b96ce
] - deps: upgrade npm to 6.14.12 (Ruy Adorno) #37918781cb6df5c
] - deps: update archs files for OpenSSL-1.1.1k (Tobias Nießen) #379405db0a05a90
] - deps: upgrade openssl sources to 1.1.1k (Tobias Nießen) #37940