winget install --id OpenJS.NodeJS.12About Node.js 12
Node.js® is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.
What's new in 12.22.12
Notable Changes This is planned to be the final Node.js 12 release. Node.js 12 will reach End-of-Life status on 30 April 2022, after which it will no receive updates. You are strongly advised to migrate your applications to Node.js 16 or 14 (both of which are Long Term Support (LTS) releases) to continue to receive future security updates beyond 30 April 2022. This release fixes a shutdown crash in Node-API (formerly N-API) and a potential stack overflow when using vm.runInNewContext(). The list of GPG keys used to sign releases and instructions on how to fetch the keys for verifying binaries has been synchronized with the main branch. Commits - [1193290f3f] - deps: V8: cherry-pick cc9a8a37445e (devsnek) #42065 - [333eda8d03] - doc: add a note about possible missing lines to readline.asyncIterator (Igor Mikhalev) #34675 - [518a49c0c6] - doc: use openpgp.org for keyserver examples (Nick Schonning) #39227 - [11aef2ad03] - doc: update release key for Danielle Adams (Danielle Adams) #36793 - [a9c38f1003] - doc: add release key for Danielle Adams (Danielle Adams) #35545 - [a35f553889] - doc: add release key for Bryan English (Bryan English) #42102 - [5f104e3218] - node-api: cctest on v8impl::Reference (legendecas) #38970 - [e23c04f0dc] - node-api: avoid SecondPassCallback crash (Michael Dawson) #38899 - [a7224c9559] - node-api: fix shutdown crashes (Michael Dawson) #38492 - [81b4dc88f1] - node-api: make reference weak parameter an indirect link to references (Chengzhong Wu) #38000 - [2aa9ca1ea9] - node-api: fix crash in finalization (Michael Dawson) #37876 - [a2f4206415] - node-...
Version history
| Version | Updated | Notes |
|---|---|---|
| 12.22.12 | Unknown | Notable Changes This is planned to be the final Node.js 12 release. Node.js 12 will reach End-of-Life status on 30 April 2022, after which it will no receive updates. You are strongly advised to migrate your applications... |
| 12.22.11 | Unknown | This is a security release. Notable changes Update to OpenSSL 1.1.1n, which addresses the following vulnerability: - Infinite loop in BN_mod_sqrt() reachable when parsing certificates (High)(CVE-2022-0778) More details a... |
| 12.22.10 | Unknown | Notable changes - Upgrade npm to 6.14.16 - Updated ICU time zone data Commits - [33899b435d] - deps: upgrade npm to 6.14.16 (Ruy Adorno) #41601 - [d9237c46ca] - tools: update tzdata to 2021a4 (Albert Wang) #41443 |
| 12.22.9 | Unknown | This is a security release. Notable changes Improper handling of URI Subject Alternative Names (Medium)(CVE-2021-44531) Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to us... |
| 12.22.8 | Unknown | Notable Changes This release contains a c-ares update to fix a regression introduced in Node.js 12.22.5 resolving CNAME records containing underscores #39780. Root certificates have been updated to those from Mozilla's N... |
| 12.22.7 | Unknown | This is a security release. Notable changes - CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium) - The http parser accepts requests with a space (SP) right after the header name before the colon. Th... |
| 12.22.6 | Unknown | This is a security release. Notable Changes These are vulnerabilities in the node-tar, arborist, and npm cli modules which are related to the initial reports and subsequent remediation of node-tar vulnerabilities CVE-202... |
| 12.22.5 | Unknown | This is a security release. Notable Changes - CVE-2021-3672/CVE-2021-22931: Improper handling of untypical characters in domain names (High) - Node.js was vulnerable to Remote Code Execution, XSS, application crashes due... |
| 12.22.4 | Unknown | This is a security release. Notable Changes - CVE-2021-22930: Use after free on close http2 on stream canceling (High) - Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the mem... |
| 12.22.3 | Unknown | Notable Changes Node.js 12.22.2 introduced a regression in the Windows installer on non-English locales that is being fixed in this release. There is no need to download this release if you are not using the Windows inst... |
| 12.22.2 | Unknown | This is a security release. Notable Changes Vulnerabilities fixed: - CVE-2021-22918: libuv upgrade - Out of bounds read (Medium) - Node.js is vulnerable to out-of-bounds read in libuv's uv__idna_toascii() function which... |
| 12.22.1 | Unknown | This is a security release. Notable Changes Vulnerabilities fixed: - CVE-2021-3450: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) - This is a vulnerability in OpenSSL which may be exploited th... |
| 12.22.0 | Unknown | Notable changes The legacy HTTP parser is runtime deprecated The legacy HTTP parser, selected by the --http-parser=legacy command line option, is deprecated with the pending End-of-Life of Node.js 10.x (where it is the o... |
| 12.21.0 | Unknown | This is a security release. Notable changes Vulnerabilities fixed: - CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion - Affected Node.js versions are vulnerable to denial of service... |
| 12.20.2 | Unknown | Notable changes - deps: - upgrade npm to 6.14.11 (Ruy Adorno) #37173 Commits - [e8a4e560ea] - async_hooks: fix leak in AsyncLocalStorage exit (Stephen Belanger) #35779 - [427968d266] - deps: upgrade npm to 6.14.11 (Ruy A... |
| 12.20.1 | Unknown | Notable changes This is a security release. Vulnerabilities fixed: - CVE-2020-8265: use-after-free in TLSWrap (High) Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writin... |
| 12.20.0 | Unknown | Release notes |
| 12.19.0 | Unknown | Release notes |
| 12.18.4 | Unknown | Notable Changes This is a security release. Vulnerabilities fixed: - CVE-2020-8201: HTTP Request Smuggling due to CR-to-Hyphen conversion (High). - CVE-2020-8252: fs.realpath.native on may cause buffer overflow (Medium).... |