Node.js has announced the release of three new long-term support (LTS) versions: 24.13.0, 22.22.0, and 20.20.0. The primary focus of these updates is on enhancing security measures to address various vulnerabilities. Notable fixes include issues with TLS sockets (CVE-2025-59465) and futimes (CVE-2025-55132), both of which have been modified to enhance safety against exploits. For TLS sockets, a default error handler has been introduced to manage potential issues effectively. In the case of futimes, it has been disabled under specific conditions when the permission model is active, thereby preventing potential security breaches.

Further updates have improved the handling of symlinks by ensuring that proper read/write permissions are enforced during their creation (CVE-2025-55130). Additionally, fixes for async_hooks stack overflow exceptions (CVE-2025-59466) ensure that such errors are rethrown, enabling better error management. The buffer creation code has also been refactored to eliminate a problematic zero-fill toggle (CVE-2025-55131), and route callback exceptions are now processed more securely (CVE-2026-21637).

Beyond security enhancements, these updates also include improvements to dependencies such as c-ares and undici, contributing to the overall stability and functionality of the Node.js environment.

Node.js continues to be a free, open-source, cross-platform JavaScript runtime environment that empowers developers to create a variety of applications, including servers and web applications, command-line tools, and scripts. This commitment to security and performance ensures that developers can build robust applications while minimizing potential vulnerabilities.

As the Node.js ecosystem evolves, users can expect regular updates that address emerging security threats and enhance performance, reinforcing Node.js's position as a key player in the development landscape

Node.js 24.13.0 (LTS), 22.22.0 (LTS), and 20.20.0 (LTS) released

Node.js has released new long-term support (LTS) versions, including 24.13.0, 22.22.0, and 20.20.0, with a primary focus on addressing security concerns. These updates include fixes for various vulnerabilities, such as CVE-2025-59465 in TLS sockets and CVE-2025-55132 in futimes, which have been disabled under certain conditions to prevent exploits. Additionally, the release cycle has brought updates to dependencies like c-ares and undici, as well as improvements in handling permissions for symlinks, async_hooks stack overflow exceptions, and route callback errors. These security patches aim to ensure that problems are handled properly and unexpected situations can be caught and managed better.

Node.js 24.13.0 (LTS), 22.22.0 (LTS), and 20.20.0 (LTS) released @ Linux Compatible