Date: Wed, 2 Nov 2022 08:31:47 -0400 From: Jan Schaumann <jschauma@...meister.org> To: oss-security@...ts.openwall.com Subject: Re: Fwd: Node.js security updates for all active release lines, November 2022 "soyjuanarbol@...il.com" <soyjuanarbol@...il.com> wrote: > The Node.js project will release new versions of all supported release > lines on or shortly after Thursday, 3rd of November, 2022 > For more information see: > https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/ Perhaps worth noting: I believe NodeJS 17.x is also impacted by OpenSSL CVE-2022-3602 and CVE-2022-3786 -- like > 18.x, 17.x also includes the OpenSSL 3.0.x fork quictls. However, nodejs 17.x is EOL, so won't see an update. Good thing nobody ever runs EOL'd software! -Jan
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.