Skip to content

Commit 6590a8c

Browse files
RafaelGSSRafaelGSS
committed
2024-04-03, Version 18.20.1 'Hydrogen' (LTS)
This is a security release. Notable changes: * CVE-2024-27983 - Assertion failed in node::http2::Http2Session::\~Http2Session() leads to HTTP/2 server crash- (High) * CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium) * llhttp version 9.2.1 * undici version 5.28.4 PR-URL: nodejs-private/node-private#573
1 parent 24d036b commit 6590a8c

File tree

2 files changed

+22
-1
lines changed

2 files changed

+22
-1
lines changed

CHANGELOG.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -71,7 +71,8 @@ release.
7171
<a href="doc/changelogs/CHANGELOG_V20.md#20.0.0">20.0.0</a><br/>
7272
</td>
7373
<td valign="top">
74-
<b><a href="doc/changelogs/CHANGELOG_V18.md#18.20.0">18.20.0</a></b><br/>
74+
<b><a href="doc/changelogs/CHANGELOG_V18.md#18.20.1">18.20.1</a></b><br/>
75+
<a href="doc/changelogs/CHANGELOG_V18.md#18.20.0">18.20.0</a><br/>
7576
<a href="doc/changelogs/CHANGELOG_V18.md#18.19.1">18.19.1</a><br/>
7677
<a href="doc/changelogs/CHANGELOG_V18.md#18.19.0">18.19.0</a><br/>
7778
<a href="doc/changelogs/CHANGELOG_V18.md#18.18.2">18.18.2</a><br/>

doc/changelogs/CHANGELOG_V18.md

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@
99
</tr>
1010
<tr>
1111
<td>
12+
<a href="#18.20.1">18.20.1</a><br/>
1213
<a href="#18.20.0">18.20.0</a><br/>
1314
<a href="#18.19.1">18.19.1</a><br/>
1415
<a href="#18.19.0">18.19.0</a><br/>
@@ -68,6 +69,25 @@
6869
* [io.js](CHANGELOG_IOJS.md)
6970
* [Archive](CHANGELOG_ARCHIVE.md)
7071

72+
<a id="18.20.1"></a>
73+
74+
## 2024-04-03, Version 18.20.1 'Hydrogen' (LTS), @RafaelGSS
75+
76+
This is a security release.
77+
78+
### Notable Changes
79+
80+
* CVE-2024-27983 - Assertion failed in node::http2::Http2Session::\~Http2Session() leads to HTTP/2 server crash- (High)
81+
* CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
82+
* llhttp version 9.2.1
83+
* undici version 5.28.4
84+
85+
### Commits
86+
87+
* \[[`60d24938de`](https://github.com/nodejs/node/commit/60d24938de)] - **deps**: update undici to v5.28.4 (Matteo Collina) [nodejs-private/node-private#577](https://github.com/nodejs-private/node-private/pull/577)
88+
* \[[`5d4d5848cf`](https://github.com/nodejs/node/commit/5d4d5848cf)] - **http**: do not allow OBS fold in headers by default (Paolo Insogna) [nodejs-private/node-private#558](https://github.com/nodejs-private/node-private/pull/558)
89+
* \[[`0fb816dbcc`](https://github.com/nodejs/node/commit/0fb816dbcc)] - **src**: ensure to close stream when destroying session (Anna Henningsen) [nodejs-private/node-private#561](https://github.com/nodejs-private/node-private/pull/561)
90+
7191
<a id="18.20.0"></a>
7292

7393
## 2024-03-26, Version 18.20.0 'Hydrogen' (LTS), @richardlau

0 commit comments

Comments
 (0)