mirror of
https://github.com/nodejs/node.git
synced 2024-11-30 23:43:09 +01:00
f172c5ad5b
This is a security release. Notable changes: These are vulnerabilities in the node-tar, arborist, and npm cli modules which are related to the initial reports and subsequent remediation of node-tar vulnerabilities CVE-2021-32803 (https://github.com/advisories/GHSA-r628-mhmh-qjhw) and CVE-2021-32804 (https://github.com/advisories/GHSA-3jfq-g458-7qm9). Subsequent internal security review of node-tar and additional external bounty reports have resulted in another 5 CVE being remediated in core npm CLI dependencies including node-tar, and npm arborist. You can read more about it in: * CVE-2021-37701: https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc * CVE-2021-37712: https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p * CVE-2021-37713: https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh * CVE-2021-39134: https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc * CVE-2021-39135: https://github.com/npm/arborist/security/advisories/GHSA-gmw6-94gg-2rc2 PR-URL: https://github.com/nodejs-private/node-private/pull/287 |
||
|---|---|---|
| .. | ||
| CHANGELOG_ARCHIVE.md | ||
| CHANGELOG_IOJS.md | ||
| CHANGELOG_V4.md | ||
| CHANGELOG_V5.md | ||
| CHANGELOG_V6.md | ||
| CHANGELOG_V7.md | ||
| CHANGELOG_V8.md | ||
| CHANGELOG_V9.md | ||
| CHANGELOG_V10.md | ||
| CHANGELOG_V11.md | ||
| CHANGELOG_V12.md | ||
| CHANGELOG_V13.md | ||
| CHANGELOG_V14.md | ||
| CHANGELOG_V15.md | ||
| CHANGELOG_V16.md | ||
| CHANGELOG_V010.md | ||
| CHANGELOG_V012.md | ||