2024-07-08, Version 18.20.4 'Hydrogen' (LTS), @RafaelGSS

RafaelGSS released this 08 Jul 18:26

· 6791 commits to main since this release

This is a security release.

Notable Changes

CVE-2024-36138 - Bypass incomplete fix of CVE-2024-27980 (High)
CVE-2024-22020 - Bypass network import restriction via data URL (Medium)

Commits

[85abedf1ff] - lib,esm: handle bypass network-import via data: (RafaelGSS) nodejs-private/node-private#522
[eccd63b865] - src: handle permissive extension on cmd check (RafaelGSS) nodejs-private/node-private#596

Assets 2