← All stories
● Covered by 1 source Β· 7 reportsMedium impact

Node.js Releases Multiple LTS and Current Versions with Security Updates

Aggregated by BrevFeed security Β· updated 5h ago
πŸ”– Save

Node.js released versions 20.20.2, 22.22.2, 24.14.1, 25.8.2, 22.23.0, 24.17.0, and 26.3.1, focusing on improving security. Fixes cover vulnerabilities in cryptographic functions, permissions, and TLS handling.

Key points

Security-focused Node.js Releases

Node.js released security updates for multiple versions, including Node.js 20.20.2, 22.22.2, 24.14.1, 22.23.0, 24.17.0, and 26.3.1. These updates address a range of security vulnerabilities, aiming to enhance the security outlook of Node.js applications.

The releases encompass both Long Term Support (LTS) and current versions, offering fixes for high-severity issues in TLS and web cryptographic functions, among other areas.

Addressed Vulnerabilities

Key issues addressed include CVEs related to timing-safe comparisons in Web Cryptography HMAC, array index hash collisions, the handling of SNICallback, and permission checks in various Node.js modules.

Notable vulnerabilities are rated high in severity, highlighting the critical nature of these updates.

Impact on Application Security

These security updates are crucial for developers utilizing Node.js, ensuring that applications built on this platform maintain data integrity and protection from potential exploits.

The broad spectrum of versions receiving updates ensures developers retain flexibility in choosing suitable Node.js versions while benefiting from security enhancements.

Summary of Changes

Developers should apply these updates to mitigate risks and bolster the security framework of Node.js applications, aligning with best practices in software development to protect against vulnerabilities.

This series of updates underscores the ongoing commitment to security within the Node.js project, a key consideration for its extensive developer community.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Primary sources

GitHub nodejs/node GitHub nodejs-private/node-private GitHub nodejs/nodejs.org CVE CVE-2026-217175.9 MEDIUM CVE CVE-2026-217135.9 MEDIUM CVE CVE-2026-217107.5 HIGH

How outlets covered it

Node.js 26.3.1 has been released, addressing several security vulnerabilities including critical ones in TLS and crypto modules. These updates are important for maintaining the security and integrity of applications built on Node.js.

Node.js has released version 24.17.0 (LTS), addressing several security vulnerabilities. Key fixes include high-severity issues in TLS and crypto modules, which impact hostname checks and cipher output length, ensuring improved security for Node.js applications.

Node.js has released version 22.23.0 (LTS), addressing several critical security vulnerabilities. This update includes important fixes for WebCrypto output length, TLS hostname normalization, and HTTP response queue issues, which are vital to maintain secure application integrity.

Node.js 25.8.2 has been released, addressing multiple security vulnerabilities. The updates include high and medium severity CVEs related to TLS callback handling, header structure improvements, and permission checks in core modules.

Node.js version 24.14.1 LTS has been released, addressing multiple security vulnerabilities. Notable patches include high-severity fixes for issues related to HTTP headers and SNICallback invocation, which enhance the platform's security posture.

Node.js 22.22.2, a Long Term Support version, has been released addressing several security vulnerabilities. The update fixes high- and medium-severity issues including the handling of SNICallback invocation and implementation of timing-safe comparisons in Web Cryptography HMAC.

Node.js 20.20.2 has been released as a Long Term Support (LTS) version, including significant security updates. The release fixes eight identified vulnerabilities, including addressing array index hash collisions and improving timing-safe comparisons in cryptographic functions.