Permalink
Comparing changes
Choose two branches to see what’s changed or to start a new pull request.
If you need to, you can also or
learn more about diff comparisons.
Open a pull request
Create a new pull request by comparing changes across two branches. If you need to, you can also .
Learn more about diff comparisons here.
...
- 5 commits
- 92 files changed
- 5 contributors
Commits on Mar 26, 2024
Commits on Apr 2, 2024
-
src: ensure to close stream when destroying session
Co-Authored-By: Anna Henningsen <[email protected]> PR-URL: nodejs-private/node-private#561 Fixes: https://hackerone.com/reports/2319584 Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Marco Ippolito <[email protected]> Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: Benjamin Gruenbaum <[email protected]> CVE-ID: CVE-2024-27983
-
deps: update undici to v5.28.4
Signed-off-by: Matteo Collina <[email protected]> PR-URL: nodejs-private/node-private#576 Reviewed-By: Rafael Gonzaga <[email protected]>
-
http: do not allow OBS fold in headers by default
PR-URL: nodejs-private/node-private#557 Refs: nodejs-private/node-private#556 Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: Rafael Gonzaga <[email protected]> CVE-ID: CVE-2024-27982
Commits on Apr 3, 2024
-
2024-04-03, Version 20.12.1 'Iron' (LTS)
This is a security release. Notable changes: * CVE-2024-27983 - Assertion failed in node::http2::Http2Session::\~Http2Session() leads to HTTP/2 server crash- (High) * CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium) * llhttp version 9.2.1 * undici version 5.28.4 PR-URL: nodejs-private/node-private#575
Loading
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff v20.12.0...v20.12.1
