Node.js has released several versions, including v20.19.2, v22.15.1, v23.11.1, and v24.0.2, all of which contain important security updates. These updates focus on enhancing error handling for asynchronous cryptographic operations, upgrading llhttp to version 9.2.0, and adding a previously missing call to uv_fs_req_cleanup.
1. Node v20.19.2 (LTS):
- Security release with notable changes:
- Fixed error handling for asynchronous crypto operations (CVE-2025-23166).
- Updated llhttp to version 9.2.0 (CVE-2025-23167).
- Added a missing call to uv_fs_req_cleanup (CVE-2025-23165).
2. Node v22.15.1 (LTS):
- Security release with notable changes:
- Fixed error handling for asynchronous crypto operations (CVE-2025-23166).
- Added a missing call to uv_fs_req_cleanup (CVE-2025-23165).
3. Node v23.11.1 (Current):
- Security release with notable changes:
- Fixed error handling for asynchronous crypto operations (CVE-2025-23166).
4. Node v24.0.2 (Current):
- Security release with notable changes:
- Fixed error handling for asynchronous crypto operations (CVE-2025-23166).
Key Updates by Version:
1. Node v20.19.2 (LTS):
- Security release with notable changes:
- Fixed error handling for asynchronous crypto operations (CVE-2025-23166).
- Updated llhttp to version 9.2.0 (CVE-2025-23167).
- Added a missing call to uv_fs_req_cleanup (CVE-2025-23165).
2. Node v22.15.1 (LTS):
- Security release with notable changes:
- Fixed error handling for asynchronous crypto operations (CVE-2025-23166).
- Added a missing call to uv_fs_req_cleanup (CVE-2025-23165).
3. Node v23.11.1 (Current):
- Security release with notable changes:
- Fixed error handling for asynchronous crypto operations (CVE-2025-23166).
4. Node v24.0.2 (Current):
- Security release with notable changes:
- Fixed error handling for asynchronous crypto operations (CVE-2025-23166).
Conclusion:
These releases are crucial for developers using Node.js, ensuring that applications are secure and stable. The focus on fixing vulnerabilities in error handling and upgrading dependencies reflects the ongoing commitment of the Node.js team to maintain a secure runtime environment. Developers are encouraged to upgrade to these latest versions to benefit from the improved security features and stability enhancements. Additionally, keeping abreast of future updates will be essential as more vulnerabilities are identified and addressed in the evolving landscape of web development and securityNode v20.19.2, Node v22.15.1, Node v23.11.1, and Node v24.0.2 released
Node.js has issued multiple security updates, which encompass improvements in error handling for asynchronous crypto operations, an upgrade of llhttp to version 9.2.0, and the inclusion of a previously omitted call to uv_fs_req_cleanup. The updates are included in a comprehensive security update for Node v20.19.2, Node v22.15.1, Node v23.11.1, and Node v24.0.2.
Node v20.19.2, Node v22.15.1, Node v23.11.1, and Node v24.0.2 released @ Linux Compatible
