Update node Docker tag to v14.15.4 #19
Loading…
Reference in a new issue
No description provided.
Delete branch "renovate/node-14.x"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This PR contains the following updates:
14.15.3-alpine
->14.15.4-alpine
Release Notes
nodejs/node
v14.15.4
Compare Source
This is a security release.
Notable Changes
Vulnerabilities fixed:
CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High)
Node.js. You can read more about it in
https://www.openssl.org/news/secadv/20201208.txt
CVE-2020-8265: use-after-free in TLSWrap (High)
its TLS implementation. When writing to a TLS enabled socket,
node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly
allocated WriteWrap object as first argument. If the DoWrite method
does not return an error, this object is passed back to the caller as
part of a StreamWriteResult structure. This may be exploited to
corrupt memory leading to a Denial of Service or potentially other
exploits.
CVE-2020-8287: HTTP Request Smuggling in nodejs (Low)
a http request. For example, two Transfer-Encoding header fields. In
this case Node.js identifies the first header field and ignores the
second. This can lead to HTTP Request Smuggling
(https://cwe.mitre.org/data/definitions/444.html).
Commits
305c0f4977
] - deps: upgrade npm to 6.14.10 (Ruy Adorno) #36571d62c650f75
] - deps: update archs files for OpenSSL-1.1.1i (Myles Borins) #365212de2672eb5
] - deps: upgrade openssl sources to 1.1.1i (Myles Borins) #365217ecac8143f
] - http: add test for http transfer encoding smuggling (Matteo Collina) nodejs-private/node-private#228641f786bb1
] - http: unsetF_CHUNKED
on newTransfer-Encoding
(Matteo Collina) nodejs-private/node-private#2284f8772f9b7
] - src: retain pointers to WriteWrap/ShutdownWrap (James M Snell) nodejs-private/node-private#23Renovate configuration
📅 Schedule: At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.