2020-06-02, Version 10.21.0 'Dubnium' (LTS), @BethGriggs
Notable changes
This is a security release.
Vulnerabilities fixed:
- CVE-2020-8174: napi_get_value_string_*() allows various kinds of memory corruption (High).
- CVE-2020-10531: ICU-20958 Prevent SEGV_MAPERR in append (High).
- CVE-2020-11080: HTTP/2 Large Settings Frame DoS (Low).
Commits
- [
0ad7970256] - deps: fix OPENSSLDIR on Windows (Shigeki Ohtsu) #29456 - [
bd78c6ea46] - deps: backport ICU-20958 to fix CVE-2020-10531 (Richard Lau) #33572 - [
33e9a12241] - (SEMVER-MINOR) deps: update nghttp2 to 1.41.0 (James M Snell) nodejs-private/node-private#204 - [
881c244a4e] - (SEMVER-MINOR) http2: implement support for max settings entries (James M Snell) nodejs-private/node-private#204 - [
cd9827f105] - napi: fix memory corruption vulnerability (Tobias Nießen) nodejs-private/node-private#203