Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

blog: add october 13th pre-announcement security release #5989

Merged
merged 4 commits into from
Oct 12, 2023
Merged

blog: add october 13th pre-announcement security release #5989

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
24b34c2
blog: add october 13th pre-announcement security release
RafaelGSS Oct 12, 2023
0161149
Update pages/en/blog/vulnerability/october-2023-security-releases.md
mhdawson Oct 12, 2023
90a3c18
Update site.json
mhdawson Oct 12, 2023
8602a02
Update pages/en/blog/vulnerability/october-2023-security-releases.md
MattIPv4 Oct 12, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 37 additions & 0 deletions pages/en/blog/vulnerability/october-2023-security-releases.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
---
date: 2023-10-12T13:30:00.000Z
category: vulnerability
title: Friday October 13 2023 Security Releases
slug: october-2023-security-releases
layout: blog-post.hbs
author: Rafael Gonzaga
---

## Summary

The Node.js project will release new versions of the 18.x and 20.x
releases lines on or shortly after, Friday October 13 2023 in order to address:

- 2 high severity issues.
- 1 medium severity issues.
- 1 low severity issues.
- undici October security updates
- nghttp2 October security updates

## Impact

All the active release lines are affected by undici and nghttp2 security patches, which are rated as high severity issues.

In addition, the 20.x release line of Node.js is vulnerable to 2 high severity issues, 1 medium severity issue, and 1 low severity issue.

In addition, the 18.x release line of Node.js is vulnerable to 1 medium severity issue, and 1 low severity issue.

## Release timing

Releases will be available on, or shortly after, Friday October 13 2023.

## Contact and future updates

The current Node.js security policy can be found at <https://nodejs.org/en/security/>. Please follow the process outlined in <https://github.com/nodejs/node/blob/master/SECURITY.md> if you wish to report a vulnerability in Node.js.

Subscribe to the low-volume announcement-only nodejs-sec mailing list at <https://groups.google.com/forum/#!forum/nodejs-sec> to stay up to date on security vulnerabilities and security-related releases of Node.js and the projects maintained in the nodejs GitHub organization.
8 changes: 4 additions & 4 deletions site.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,10 +33,10 @@
],
"websiteBanners": {
"index": {
"startDate": "2023-07-31T14:30:00.000Z",
"endDate": "2023-08-16:00:00.000Z",
"text": "Security releases now available",
"link": "https://nodejs.org/en/blog/vulnerability/august-2023-security-releases/"
"startDate": "2023-10-12T13:30:00.000Z",
"endDate": "2023-10-19T13:30:00.000Z",
"text": "New security releases to be made available October 13th, 2023",
"link": "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases/"
}
}
}
Loading