Node.js version 22.17.1 (LTS) has been released, primarily to address a security vulnerability concerning the path traversal protection mechanism in the path.normalize() function. This release specifically resolves the issue identified as CVE-2025-27210, which involves the bypassing of security measures associated with reserved Windows device names such as CON, PRN, and AUX. Additionally, the update fixes a compilation issue that arose when using Microsoft Visual Studio version 17.14.
Notable changes in this release include:
- Enhanced handling of Windows reserved device names to strengthen path traversal security.
- Resolution of the MSVS v17.14 compilation problem to improve compatibility for developers.
The commits associated with this release reflect these changes, showcasing contributions from developers RafaelGSS and StefanStojanovic.
In summary, Node.js v22.17.1 is a crucial update that not only addresses significant security concerns but also enhances developer experience by fixing compatibility issues. Users are encouraged to update to this version to ensure their applications remain secure and performant
Notable changes in this release include:
- Enhanced handling of Windows reserved device names to strengthen path traversal security.
- Resolution of the MSVS v17.14 compilation problem to improve compatibility for developers.
The commits associated with this release reflect these changes, showcasing contributions from developers RafaelGSS and StefanStojanovic.
In summary, Node.js v22.17.1 is a crucial update that not only addresses significant security concerns but also enhances developer experience by fixing compatibility issues. Users are encouraged to update to this version to ensure their applications remain secure and performant
Node v22.17.1 (LTS) released
Node.js 22.17.1 LTS has been released to address a security issue related to bypassing path traversal protection in path.normalize() and fix MSVS v17.14 compilation issue.
