blog: make minor improvements to latest posts (#5994)

* blog: make minor improvements to latest posts * Update pages/en/blog/release/v20.8.1.md Co-authored-by: Richard Lau <[email protected]> Signed-off-by: Tobias Nießen <[email protected]> --------- Signed-off-by: Tobias Nießen <[email protected]> Co-authored-by: Richard Lau <[email protected]>
nodejs · Oct 13, 2023 · 31c6fa7 · 31c6fa7
1 parent ce46d3c
commit 31c6fa7
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 38 deletions.
diff --git a/pages/en/blog/release/v18.18.2.md b/pages/en/blog/release/v18.18.2.md
@@ -10,25 +10,25 @@ author: Rafael Gonzaga
 
 The following CVEs are fixed in this release:
 
-* [CVE-2023-44487](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487): `nghttp2` Security Release (High)
-* [CVE-2023-45143](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45143): `undici` Security Release (High)
-* [CVE-2023-38552](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38552):  Integrity checks according to policies can be circumvented (Medium)
-* [CVE-2023-39333](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39333): Code injection via WebAssembly export names (Low)
+- [CVE-2023-44487](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487): `nghttp2` Security Release (High)
+- [CVE-2023-45143](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45143): `undici` Security Release (High)
+- [CVE-2023-38552](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38552): Integrity checks according to policies can be circumvented (Medium)
+- [CVE-2023-39333](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39333): Code injection via WebAssembly export names (Low)
 
 More detailed information on each of the vulnerabilities can be found in [October 2023 Security Releases](https://nodejs.org/en/blog/vulnerability/october-2023-security-releases/) blog post.
 
 ### Commits
 
-* \[[`55028468db`](https://github.com/nodejs/node/commit/55028468db)] - **deps**: update undici to v5.26.3 (Matteo Collina) [#50153](https://github.com/nodejs/node/pull/50153)
-* \[[`a792bbc515`](https://github.com/nodejs/node/commit/a792bbc515)] - **deps**: update nghttp2 to 1.57.0 (James M Snell) [#50121](https://github.com/nodejs/node/pull/50121)
-* \[[`f6444defa4`](https://github.com/nodejs/node/commit/f6444defa4)] - **deps**: update nghttp2 to 1.56.0 (Node.js GitHub Bot) [#49582](https://github.com/nodejs/node/pull/49582)
-* \[[`7e9b08dfd4`](https://github.com/nodejs/node/commit/7e9b08dfd4)] - **deps**: update nghttp2 to 1.55.1 (Node.js GitHub Bot) [#48790](https://github.com/nodejs/node/pull/48790)
-* \[[`85672c153f`](https://github.com/nodejs/node/commit/85672c153f)] - **deps**: update nghttp2 to 1.55.0 (Node.js GitHub Bot) [#48746](https://github.com/nodejs/node/pull/48746)
-* \[[`300a902422`](https://github.com/nodejs/node/commit/300a902422)] - **deps**: update nghttp2 to 1.53.0 (Node.js GitHub Bot) [#47997](https://github.com/nodejs/node/pull/47997)
-* \[[`7d83ed0bf6`](https://github.com/nodejs/node/commit/7d83ed0bf6)] - _**Revert**_ "**deps**: update nghttp2 to 1.55.0" (Richard Lau) [#50151](https://github.com/nodejs/node/pull/50151)
-* \[[`1193ca5fdb`](https://github.com/nodejs/node/commit/1193ca5fdb)] - **lib**: let deps require `node` prefixed modules (Matthew Aitken) [#50047](https://github.com/nodejs/node/pull/50047)
-* \[[`eaf9083cf1`](https://github.com/nodejs/node/commit/eaf9083cf1)] - **module**: fix code injection through export names (Tobias Nießen) [nodejs-private/node-private#461](https://github.com/nodejs-private/node-private/pull/461)
-* \[[`1c538938cc`](https://github.com/nodejs/node/commit/1c538938cc)] - **policy**: use tamper-proof integrity check function (Tobias Nießen) [nodejs-private/node-private#462](https://github.com/nodejs-private/node-private/pull/462)
+- \[[`55028468db`](https://github.com/nodejs/node/commit/55028468db)] - **deps**: update undici to v5.26.3 (Matteo Collina) [#50153](https://github.com/nodejs/node/pull/50153)
+- \[[`a792bbc515`](https://github.com/nodejs/node/commit/a792bbc515)] - **deps**: update nghttp2 to 1.57.0 (James M Snell) [#50121](https://github.com/nodejs/node/pull/50121)
+- \[[`f6444defa4`](https://github.com/nodejs/node/commit/f6444defa4)] - **deps**: update nghttp2 to 1.56.0 (Node.js GitHub Bot) [#49582](https://github.com/nodejs/node/pull/49582)
+- \[[`7e9b08dfd4`](https://github.com/nodejs/node/commit/7e9b08dfd4)] - **deps**: update nghttp2 to 1.55.1 (Node.js GitHub Bot) [#48790](https://github.com/nodejs/node/pull/48790)
+- \[[`85672c153f`](https://github.com/nodejs/node/commit/85672c153f)] - **deps**: update nghttp2 to 1.55.0 (Node.js GitHub Bot) [#48746](https://github.com/nodejs/node/pull/48746)
+- \[[`300a902422`](https://github.com/nodejs/node/commit/300a902422)] - **deps**: update nghttp2 to 1.53.0 (Node.js GitHub Bot) [#47997](https://github.com/nodejs/node/pull/47997)
+- \[[`7d83ed0bf6`](https://github.com/nodejs/node/commit/7d83ed0bf6)] - _**Revert**_ "**deps**: update nghttp2 to 1.55.0" (Richard Lau) [#50151](https://github.com/nodejs/node/pull/50151)
+- \[[`1193ca5fdb`](https://github.com/nodejs/node/commit/1193ca5fdb)] - **lib**: let deps require `node` prefixed modules (Matthew Aitken) [#50047](https://github.com/nodejs/node/pull/50047)
+- \[[`eaf9083cf1`](https://github.com/nodejs/node/commit/eaf9083cf1)] - **module**: fix code injection through export names (Tobias Nießen) [nodejs-private/node-private#461](https://github.com/nodejs-private/node-private/pull/461)
+- \[[`1c538938cc`](https://github.com/nodejs/node/commit/1c538938cc)] - **policy**: use tamper-proof integrity check function (Tobias Nießen) [nodejs-private/node-private#462](https://github.com/nodejs-private/node-private/pull/462)
 
 Windows 32-bit Installer: https://nodejs.org/dist/v18.18.2/node-v18.18.2-x86.msi \
 Windows 64-bit Installer: https://nodejs.org/dist/v18.18.2/node-v18.18.2-x64.msi \

diff --git a/pages/en/blog/release/v20.8.1.md b/pages/en/blog/release/v20.8.1.md
@@ -10,27 +10,27 @@ author: Rafael Gonzaga
 
 The following CVEs are fixed in this release:
 
-* [CVE-2023-44487](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487): `nghttp2` Security Release (High)
-* [CVE-2023-45143](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45143): `undici` Security Release (High)
-* [CVE-2023-39332](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39332): Path traversal through path stored in Uint8Array (High)
-* [CVE-2023-39331](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39331): Permission model improperly protects against path traversal (High)
-* [CVE-2023-38552](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38552):  Integrity checks according to policies can be circumvented (Medium)
-* [CVE-2023-39333](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39333): Code injection via WebAssembly export names (Low)
+- [CVE-2023-44487](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487): `nghttp2` Security Release (High)
+- [CVE-2023-45143](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45143): `undici` Security Release (High)
+- [CVE-2023-39332](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39332): Path traversal through path stored in Uint8Array (High)
+- [CVE-2023-39331](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39331): Permission model improperly protects against path traversal (High)
+- [CVE-2023-38552](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38552): Integrity checks according to policies can be circumvented (Medium)
+- [CVE-2023-39333](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39333): Code injection via WebAssembly export names (Low)
 
 More detailed information on each of the vulnerabilities can be found in [October 2023 Security Releases](https://nodejs.org/en/blog/vulnerability/october-2023-security-releases/) blog post.
 
 ### Commits
 
-* \[[`c86883e844`](https://github.com/nodejs/node/commit/c86883e844)] - **deps**: update nghttp2 to 1.57.0 (James M Snell) [#50121](https://github.com/nodejs/node/pull/50121)
-* \[[`2860631359`](https://github.com/nodejs/node/commit/2860631359)] - **deps**: update undici to v5.26.3 (Matteo Collina) [#50153](https://github.com/nodejs/node/pull/50153)
-* \[[`cd37838bf8`](https://github.com/nodejs/node/commit/cd37838bf8)] - **lib**: let deps require `node` prefixed modules (Matthew Aitken) [#50047](https://github.com/nodejs/node/pull/50047)
-* \[[`f5c90b2951`](https://github.com/nodejs/node/commit/f5c90b2951)] - **module**: fix code injection through export names (Tobias Nießen) [nodejs-private/node-private#461](https://github.com/nodejs-private/node-private/pull/461)
-* \[[`fa5dae1944`](https://github.com/nodejs/node/commit/fa5dae1944)] - **permission**: fix Uint8Array path traversal (Tobias Nießen) [nodejs-private/node-private#456](https://github.com/nodejs-private/node-private/pull/456)
-* \[[`cd35275111`](https://github.com/nodejs/node/commit/cd35275111)] - **permission**: improve path traversal protection (Tobias Nießen) [nodejs-private/node-private#456](https://github.com/nodejs-private/node-private/pull/456)
-* \[[`a4cb7fc7c0`](https://github.com/nodejs/node/commit/a4cb7fc7c0)] - **policy**: use tamper-proof integrity check function (Tobias Nießen) [nodejs-private/node-private#462](https://github.com/nodejs-private/node-private/pull/462)
+- \[[`c86883e844`](https://github.com/nodejs/node/commit/c86883e844)] - **deps**: update nghttp2 to 1.57.0 (James M Snell) [#50121](https://github.com/nodejs/node/pull/50121)
+- \[[`2860631359`](https://github.com/nodejs/node/commit/2860631359)] - **deps**: update undici to v5.26.3 (Matteo Collina) [#50153](https://github.com/nodejs/node/pull/50153)
+- \[[`cd37838bf8`](https://github.com/nodejs/node/commit/cd37838bf8)] - **lib**: let deps require `node` prefixed modules (Matthew Aitken) [#50047](https://github.com/nodejs/node/pull/50047)
+- \[[`f5c90b2951`](https://github.com/nodejs/node/commit/f5c90b2951)] - **module**: fix code injection through export names (Tobias Nießen) [nodejs-private/node-private#461](https://github.com/nodejs-private/node-private/pull/461)
+- \[[`fa5dae1944`](https://github.com/nodejs/node/commit/fa5dae1944)] - **permission**: fix Uint8Array path traversal (Tobias Nießen) [nodejs-private/node-private#456](https://github.com/nodejs-private/node-private/pull/456)
+- \[[`cd35275111`](https://github.com/nodejs/node/commit/cd35275111)] - **permission**: improve path traversal protection (Tobias Nießen) [nodejs-private/node-private#456](https://github.com/nodejs-private/node-private/pull/456)
+- \[[`a4cb7fc7c0`](https://github.com/nodejs/node/commit/a4cb7fc7c0)] - **policy**: use tamper-proof integrity check function (Tobias Nießen) [nodejs-private/node-private#462](https://github.com/nodejs-private/node-private/pull/462)
 
 Windows 32-bit Installer: https://nodejs.org/dist/v20.8.1/node-v20.8.1-x86.msi \
-Windows 64-bit Installer: *Coming soon* \
+Windows 64-bit Installer: https://nodejs.org/dist/v20.8.1/node-v20.8.1-x64.msi \
 Windows ARM 64-bit Installer: https://nodejs.org/dist/v20.8.1/node-v20.8.1-arm64.msi \
 Windows 32-bit Binary: https://nodejs.org/dist/v20.8.1/win-x86/node.exe \
 Windows 64-bit Binary: https://nodejs.org/dist/v20.8.1/win-x64/node.exe \

diff --git a/pages/en/blog/vulnerability/october-2023-security-releases.md b/pages/en/blog/vulnerability/october-2023-security-releases.md
@@ -22,12 +22,12 @@ More details area available in [GHSA-wqq4-5wpv-mx2g](https://github.com/nodejs/u
 
 ## nghttp2 - HTTP/2 Rapid Reset (High) - (CVE-2023-44487)
 
-Rapidly creating and cancelling streams (HEADERS frame immediately followed by RST_STREAM) without bound cause denial of service.
+Rapidly creating and cancelling streams (`HEADERS` frame immediately followed by `RST_STREAM`) without bound causes denial of service.
 See https://www.cve.org/CVERecord?id=CVE-2023-44487 for details.
 
 Impacts:
 
-* This vulnerability affects all users of HTTP2 servers in all active
+- This vulnerability affects all users of HTTP/2 servers in all active
   release lines 18.x and 20.x.
 
 ## Permission model improperly protects against path traversal (High) - (CVE-2023-39331)
@@ -38,7 +38,7 @@ overwriting built-in utility functions with user-defined implementations.
 
 Impacts:
 
-* This vulnerability affects all users using the experimental permission model in Node.js 20.x.
+- This vulnerability affects all users using the experimental permission model in Node.js 20.x.
 
 Please note that at the time this CVE is issued, the permission model is an experimental feature of Node.js.
 
@@ -57,7 +57,7 @@ which only referred to `Buffer` objects. However, the vulnerability follows the
 
 Impacts:
 
-* This vulnerability affects all users using the experimental permission model in Node.js 20.x.
+- This vulnerability affects all users using the experimental permission model in Node.js 20.x.
 
 Please note that at the time this CVE is issued, the permission model is an experimental feature of Node.js.
 
@@ -72,14 +72,13 @@ thus effectively disabling the integrity check.
 
 Impacts:
 
-* This vulnerability affects all users using the experimental policy mechanism in all active release lines: 18.x and, 20.x.
+- This vulnerability affects all users using the experimental policy mechanism in all active release lines: 18.x and, 20.x.
 
 Please note that at the time this CVE is issued, the policy mechanism is an experimental feature of Node.js.
 
 Thanks to [Tobias Nießen](https://github.com/tniessen) who reported and created
 the security patch.
 
-
 ## Code injection via WebAssembly export names (Low) - (CVE-2023-39333)
 
 Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code.
@@ -88,7 +87,7 @@ similar to as if the WebAssembly module was a JavaScript module.
 
 Impacts:
 
-* This vulnerability affects users of the  `--experimental-wasm-modules` command line option in all active release lines 18.x and 20.x.
+- This vulnerability affects users of the `--experimental-wasm-modules` command line option in all active release lines 18.x and 20.x.
 
 Thanks to dittyroma for reporting the issue and to [Tobias Nießen](https://github.com/tniessen) for fixing it.
 
@@ -105,8 +104,8 @@ The Node.js project will release new versions of the 18.x and 20.x
 releases lines on or shortly after, Friday October 13 2023 in order to address:
 
 - 2 high severity issues.
-- 1 medium severity issues.
-- 1 low severity issues.
+- 1 medium severity issue.
+- 1 low severity issue.
 - undici October security updates
 - nghttp2 October security updates
 
@@ -124,6 +123,6 @@ Releases will be available on, or shortly after, Friday October 13 2023.
 
 ## Contact and future updates
 
-The current Node.js security policy can be found at <https://nodejs.org/en/security/>. Please follow the process outlined in <https://github.com/nodejs/node/blob/master/SECURITY.md> if you wish to report a vulnerability in Node.js.
+The current Node.js security policy can be found at <https://nodejs.org/en/security/>. Please follow the process outlined in <https://github.com/nodejs/node/blob/main/SECURITY.md> if you wish to report a vulnerability in Node.js.
 
 Subscribe to the low-volume announcement-only nodejs-sec mailing list at <https://groups.google.com/forum/#!forum/nodejs-sec> to stay up to date on security vulnerabilities and security-related releases of Node.js and the projects maintained in the nodejs GitHub organization.