Blog: add post release announcement

RafaelGSS · RafaelGSS · commit 270db2ff7a5a · 2025-07-15T19:14:29.000-03:00
Refs: nodejs-private/security-release#62
diff --git a/apps/site/pages/en/blog/vulnerability/july-2025-security-releases.md b/apps/site/pages/en/blog/vulnerability/july-2025-security-releases.md
@@ -1,12 +1,53 @@
 ---
-date: 2025-07-08T03:00:00.000Z
+date: 2025-07-15T00:00:00.000Z
 category: vulnerability
 title: Tuesday, July 15, 2025 Security Releases
 slug: july-2025-security-releases
 layout: blog-post
 author: The Node.js Project
 ---
 
+## Security releases available
+
+Updates are now available for the 24.x, 22.x, 20.x Node.js release lines for the
+following issues.
+
+## Windows Device Names (CON, PRN, AUX) Bypass Path Traversal Protection in path.normalize() (CVE-2025-27210) - (high)
+
+An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX.
+
+This vulnerability affects Windows users of `path.join` API.
+
+Impact:
+
+- This vulnerability affects all users in active release lines: 20.x, 22.x, 24.x
+
+Thank you, to oblivionsage for reporting this vulnerability and thank you RafaelGSS for fixing it.
+
+## HashDoS in V8 (CVE-2025-27209) - (high)
+
+The V8 release used in Node.js v24.0.0 has changed how string hashes are computed using rapidhash.
+This implementation re-introduces the HashDoS vulnerability as an attacker who can control the strings to be hashed can generate
+many hash collisions - an attacker can generate collisions even without knowing the hash-seed.
+
+While the V8 team does not classify this as a security vulnerability, the Node.js project considers it one due to its potential
+impact in real-world scenarios.
+
+* This vulnerability affects Node.js v24.x users.
+
+Impact:
+
+- This vulnerability affects all users in active release lines: 24.x
+
+Thank you, to sharp_edged for reporting this vulnerability and thank you targos for fixing it.
+
+
+## Downloads and release details
+
+- [Node.js v20.19.4](/blog/release/v20.19.4/)
+- [Node.js v22.17.1](/blog/release/v22.17.1/)
+- [Node.js v24.4.1](/blog/release/v24.4.1/)
+
 # Summary
 
 The Node.js project will release new versions of the 24.x, 22.x, 20.x
diff --git a/apps/site/site.json b/apps/site/site.json
@@ -28,9 +28,9 @@
   ],
   "websiteBanners": {
     "index": {
-      "startDate": "2025-07-08T03:00:00.000Z",
-      "endDate": "2025-07-15T03:00:00.000Z",
-      "text": "New security releases to be made available Tuesday, July 15, 2025",
+      "startDate": "2025-07-15T00:00:00.000Z",
+      "endDate": "2025-07-22T00:00:00.000Z",
+      "text": "July Security Release is available",
       "link": "https://nodejs.org/en/blog/vulnerability/july-2025-security-releases",
       "type": "warning"
     }
