feat(blog): create post for v24.17.0 (nodejs#8960)

github-actions[bot] · create-or-update-pull-request · web-flow · commit 2bd5c8d2a7c6 · 2026-06-18T04:52:52.000Z
Co-authored-by: Create or Update Pull Request Action &lt;create-or-update-pull-request@users.noreply.github.com&gt;
diff --git a/apps/site/pages/en/blog/release/v24.17.0.md b/apps/site/pages/en/blog/release/v24.17.0.md
@@ -0,0 +1,110 @@
+---
+date: '2026-06-18T04:38:38.484Z'
+category: release
+title: Node.js 24.17.0 (LTS)
+layout: blog-post
+author: Antoine du Hamel
+---
+
+## 2026-06-18, Version 24.17.0 'Krypton' (LTS), @aduh95
+
+This is a security release.
+
+### Notable Changes
+
+- (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High
+- (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High
+- (CVE-2026-48615) lib,test: redact proxy credentials in tunnel errors (Matteo Collina) – Medium
+- (CVE-2026-48619) http2: cap originSet size to prevent unbounded memory growth (Matteo Collina) – Medium
+- (CVE-2026-48928) tls: fix case-sensitive SNI context matching (Matteo Collina) – Medium
+- (CVE-2026-48930) dns,net: reject hostnames with embedded NUL bytes (Matteo Collina) – Medium
+- (CVE-2026-48934) tls: bind reusable sessions to authenticated host (Matteo Collina) – Medium
+- (CVE-2026-48937) deps: fix integration issues with the latest nghttp2 – Medium
+- (CVE-2026-48617) permission: handle process.chdir on writereport (RafaelGSS) – Low
+- (CVE-2026-48931) http: fix response queue poisoning in http.Agent (Matteo Collina) – Low
+- (CVE-2026-48935) permission: disable FileHandle utimes with permission model (RafaelGSS) – Low
+
+### Commits
+
+- \[[`9e4dfc7bba`](https://github.com/nodejs/node/commit/9e4dfc7bba)] - **(CVE-2026-48933)** **crypto**: guard WebCrypto cipher output length (Filip Skokan) [nodejs-private/node-private#878](https://github.com/nodejs-private/node-private/pull/878)
+- \[[`cb2aed980c`](https://github.com/nodejs/node/commit/cb2aed980c)] - **deps**: update llhttp to 9.4.2 (Antoine du Hamel) [nodejs-private/node-private#890](https://github.com/nodejs-private/node-private/pull/890)
+- \[[`a8a0d12875`](https://github.com/nodejs/node/commit/a8a0d12875)] - **(CVE-2026-48937)** **deps**: fix integration issues with the latest nghttp2 (Tim Perry) [#62891](https://github.com/nodejs/node/pull/62891)
+- \[[`66e6203c1c`](https://github.com/nodejs/node/commit/66e6203c1c)] - **(SEMVER-MAJOR)** **deps**: update nghttp2 to 1.69.0 (Node.js GitHub Bot) [#62891](https://github.com/nodejs/node/pull/62891)
+- \[[`dd627ced27`](https://github.com/nodejs/node/commit/dd627ced27)] - **deps**: update archs files for openssl-3.5.7 (Node.js GitHub Bot) [#63820](https://github.com/nodejs/node/pull/63820)
+- \[[`684bae568f`](https://github.com/nodejs/node/commit/684bae568f)] - **deps**: upgrade openssl sources to openssl-3.5.7 (Node.js GitHub Bot) [#63820](https://github.com/nodejs/node/pull/63820)
+- \[[`3a631e7f83`](https://github.com/nodejs/node/commit/3a631e7f83)] - **deps**: fix aix implicit declaration in OpenSSL (Abdirahim Musse) [#62656](https://github.com/nodejs/node/pull/62656)
+- \[[`cf44df3996`](https://github.com/nodejs/node/commit/cf44df3996)] - **deps**: update undici to 7.28.0 (Node.js GitHub Bot) [#63703](https://github.com/nodejs/node/pull/63703)
+- \[[`138c70294b`](https://github.com/nodejs/node/commit/138c70294b)] - **(CVE-2026-48930)** **dns,net**: reject hostnames with embedded NUL bytes (Matteo Collina) [nodejs-private/node-private#868](https://github.com/nodejs-private/node-private/pull/868)
+- \[[`be7e719c3f`](https://github.com/nodejs/node/commit/be7e719c3f)] - **(CVE-2026-48931)** **http**: fix response queue poisoning in http.Agent (Matteo Collina) [nodejs-private/node-private#846](https://github.com/nodejs-private/node-private/pull/846)
+- \[[`cc7c11b4d1`](https://github.com/nodejs/node/commit/cc7c11b4d1)] - **(CVE-2026-48619)** **http2**: cap originSet size to prevent unbounded memory growth (Matteo Collina) [nodejs-private/node-private#855](https://github.com/nodejs-private/node-private/pull/855)
+- \[[`9224427b92`](https://github.com/nodejs/node/commit/9224427b92)] - **(CVE-2026-48615)** **lib,test**: redact proxy credentials in tunnel errors (Matteo Collina) [nodejs-private/node-private#867](https://github.com/nodejs-private/node-private/pull/867)
+- \[[`cf85d54839`](https://github.com/nodejs/node/commit/cf85d54839)] - **(CVE-2026-48935)** **permission**: disable FileHandle utimes with permission model (RafaelGSS) [nodejs-private/node-private#873](https://github.com/nodejs-private/node-private/pull/873)
+- \[[`a1bbc24f96`](https://github.com/nodejs/node/commit/a1bbc24f96)] - **(CVE-2026-48617)** **permission**: handle process.chdir on writereport (RafaelGSS) [nodejs-private/node-private#870](https://github.com/nodejs-private/node-private/pull/870)
+- \[[`e3723ff2d6`](https://github.com/nodejs/node/commit/e3723ff2d6)] - **test**: add session reuse host verification regressions (Matteo Collina) [nodejs-private/node-private#854](https://github.com/nodejs-private/node-private/pull/854)
+- \[[`a77af4867b`](https://github.com/nodejs/node/commit/a77af4867b)] - **(CVE-2026-48934)** **tls**: bind reusable sessions to authenticated host (Matteo Collina) [nodejs-private/node-private#854](https://github.com/nodejs-private/node-private/pull/854)
+- \[[`31beb4f707`](https://github.com/nodejs/node/commit/31beb4f707)] - **(CVE-2026-48928)** **tls**: fix case-sensitive SNI context matching (Matteo Collina) [nodejs-private/node-private#857](https://github.com/nodejs-private/node-private/pull/857)
+- \[[`8e75c73f91`](https://github.com/nodejs/node/commit/8e75c73f91)] - **(CVE-2026-48618)** **tls**: normalize hostname for server identity checks (Matteo Collina) [nodejs-private/node-private#869](https://github.com/nodejs-private/node-private/pull/869)
+
+Windows 64-bit Installer: https://nodejs.org/dist/v24.17.0/node-v24.17.0-x64.msi \
+Windows ARM 64-bit Installer: https://nodejs.org/dist/v24.17.0/node-v24.17.0-arm64.msi \
+Windows 64-bit Binary: https://nodejs.org/dist/v24.17.0/win-x64/node.exe \
+Windows ARM 64-bit Binary: https://nodejs.org/dist/v24.17.0/win-arm64/node.exe \
+macOS 64-bit Installer: https://nodejs.org/dist/v24.17.0/node-v24.17.0.pkg \
+macOS Apple Silicon 64-bit Binary: https://nodejs.org/dist/v24.17.0/node-v24.17.0-darwin-arm64.tar.gz \
+macOS Intel 64-bit Binary: https://nodejs.org/dist/v24.17.0/node-v24.17.0-darwin-x64.tar.gz \
+Linux 64-bit Binary: https://nodejs.org/dist/v24.17.0/node-v24.17.0-linux-x64.tar.xz \
+Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v24.17.0/node-v24.17.0-linux-ppc64le.tar.xz \
+Linux s390x 64-bit Binary: https://nodejs.org/dist/v24.17.0/node-v24.17.0-linux-s390x.tar.xz \
+AIX 64-bit Binary: https://nodejs.org/dist/v24.17.0/node-v24.17.0-aix-ppc64.tar.gz \
+ARMv8 64-bit Binary: https://nodejs.org/dist/v24.17.0/node-v24.17.0-linux-arm64.tar.xz \
+Source Code: https://nodejs.org/dist/v24.17.0/node-v24.17.0.tar.gz \
+Other release files: https://nodejs.org/dist/v24.17.0/ \
+Documentation: https://nodejs.org/docs/v24.17.0/api/
+
+### SHASUMS
+
+```
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+31e9fc249c74a3a6dfeca4758229f003620459b42c3749f7c423f2999d09a727  node-v24.17.0-aix-ppc64.tar.gz
+adee7826d2840efd66cec5e79c9b4e151f4815ac0e24f92cf334bc28d7f1f83c  node-v24.17.0-arm64.msi
+4fc3266a3702eebc39cc37661cf4eeceeade307e242ab64e4d7ce7949197e11f  node-v24.17.0-darwin-arm64.tar.gz
+cf7e9152d7bd86c140f6eccf3577abfbaf8960be1ca49d9d900e8484984dcb9a  node-v24.17.0-darwin-arm64.tar.xz
+80da552fe037290cb130e9dea590f5eeeb7aa450636f0c89ab41415511c1ec27  node-v24.17.0-darwin-x64.tar.gz
+fe50e386f6a5e0b29ce44b989e543da9fb9a80aed0b91a2f0cb19c55106921fc  node-v24.17.0-darwin-x64.tar.xz
+ac60c4ba92204658efaac112efea5d3597348b011be679af0eec324d8c08915e  node-v24.17.0-headers.tar.gz
+aab64d32cd1690e4027326e746877bdac62f0a8458215241638477cbfe0a4192  node-v24.17.0-headers.tar.xz
+faa0d59ba7fe7045c950ed09b190578fb8eee73e4358686d38fcc99ca58c1480  node-v24.17.0-linux-arm64.tar.gz
+67324b9e515e7d13da72571a5dd522bb23145a820f7dde15497897e466759ab3  node-v24.17.0-linux-arm64.tar.xz
+804ed4a1a0ef28d592408b84ac2a85e858ab9124dad933e12b4323609411b809  node-v24.17.0-linux-ppc64le.tar.gz
+7657dfb803132a05cfc83353f43f603cba790e1d2366caeb36083aa8f351124b  node-v24.17.0-linux-ppc64le.tar.xz
+a659e9c26fcd648f3359dbfd292f078434168040f2fb1acf3c9c1bcd3fc37b2b  node-v24.17.0-linux-s390x.tar.gz
+a8e6f79fac2e17e5a9a9d479bad3b6f19921049bbb5888fa238347427502f23c  node-v24.17.0-linux-s390x.tar.xz
+e0472427aa791ad80bdc426ff7cc73cdd28ed0f616d1ff9689a23a7f47f1265f  node-v24.17.0-linux-x64.tar.gz
+ab343a1b747c7cbf3630dfd7dbf818c5423fab2eb4f5ad1afc896f6bd121a917  node-v24.17.0-linux-x64.tar.xz
+0ef6a68334882bb74f5afd2d370cf2cdabc3ef823c8fdd649d9d779478c09607  node-v24.17.0-win-arm64.7z
+4957712f67fce55779cc794d9b4df9e0e802a18c841ad5a4e42f17be490e634d  node-v24.17.0-win-arm64.zip
+91382ab13fea6cfdd475fc0f5b74727c979f609a94905ae338f8b9f1cce32457  node-v24.17.0-win-x64.7z
+f2aa33b35b75aca5f3f7b85675a6f6423201053e9381911e64961f3bda2528ab  node-v24.17.0-win-x64.zip
+ae5d9e9f6c85b8d35717f499ba907259ec80672c289858bae19074355906a240  node-v24.17.0-x64.msi
+6d795ec7986972ac377bcf017eb2a4f970962f36e1584bfebe79326a194f365f  node-v24.17.0.pkg
+66a10e05fa7875ff1d7d669de405ea6ce8725f2352bd07550f520dea2f880825  node-v24.17.0.tar.gz
+a7ab562ed2369a29c68b72fa00e3103bcdfe37063dff799c6acc8e404e275fcd  node-v24.17.0.tar.xz
+44999f9ec6486d01202d8961f343eac8c9f2847b234a8637c3fd0f1e2bb3288a  win-arm64/node.exe
+d32c3ff35f34b9593e5fcddc23ca779f4b40abfb9aa5a031d620f1ecb44ca935  win-arm64/node.lib
+60c69df69e22db238ab670efb7ad57ab6da92adcea33c6eea152daf3c2182ad6  win-arm64/node_pdb.7z
+93262aebc5c28f3f2218cad37a7635b9fb95ea89cb068c124b7eac9446682029  win-arm64/node_pdb.zip
+c6335d08331c23d68b9f2b18adb102002d76ef150b47248e954c507e0d033664  win-x64/node.exe
+4ab42af597bc4f0957e9e2dcd5db18bdf223406a0c8e0b6be0f28e57977b808b  win-x64/node.lib
+0e2a2937823b7fbca4d4ed344ed13d6c8a519d06460f77966fce59e1d146826b  win-x64/node_pdb.7z
+bd231782ef5e062395d6d2a259c3aaee994db694df9bdcd4beeb9d6bac9e69ec  win-x64/node_pdb.zip
+
+-----BEGIN PGP SIGNATURE-----
+
+iHUEARYIAB0WIQRb6KP2yKXAHRBsCtggsaOQsWjTVgUCajN1TwAKCRAgsaOQsWjT
+VsDcAQClE4tL8dBeOyi941MK78i7o4iOFfoYYdyIayxQww7nTgD/Zmdx1h1gjwo/
+J5fumRrmsNRDj6JYjUfEzKSSJjFX7Q8=
+=nnSg
+-----END PGP SIGNATURE-----
+```
