Go to file
Stephen Gallagher 8f462ce5d3 Update to 20.8.1
This is a security release.

The following CVEs are fixed in this release:

* [CVE-2023-44487](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487): `nghttp2` Security Release (High)
* [CVE-2023-45143](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45143): `undici` Security Release (High)
* [CVE-2023-39332](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39332): Path traversal through path stored in Uint8Array (High)
* [CVE-2023-39331](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39331): Permission model improperly protects against path traversal (High)
* [CVE-2023-38552](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38552):  Integrity checks according to policies can be circumvented (Medium)
* [CVE-2023-39333](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39333): Code injection via WebAssembly export names (Low)

More detailed information on each of the vulnerabilities can be found in [October 2023 Security Releases](https://nodejs.org/en/blog/vulnerability/october-2023-security-releases/) blog post.

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-10-16 11:59:52 -04:00
packaging Fix variable substitution 2023-09-07 16:29:05 -04:00
.gitignore
0001-Remove-unused-OpenSSL-config.patch Update to 20.6.1 2023-09-15 10:12:29 -04:00
btest402.js
changelog
macros.nodejs
nodejs20.spec Update to 20.8.1 2023-10-16 11:59:52 -04:00
nodejs-sources.sh sources: Check for node binary 2023-07-12 12:50:47 -04:00
nodejs.pc.in
npmrc
npmrc.builtin.in
README-packaging.md Add version note to packaging readme 2023-08-28 18:43:55 -04:00
sources Update to 20.8.1 2023-10-16 11:59:52 -04:00
test2.js
v8.pc.in