winget install --id OpenJS.NodeJS.18About Node.js 18
Node.js® is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.
What's new in 18.20.8
Notable Changes This release updates OpenSSL to 3.0.16 and root certificates to NSS 3.108. Commits - [f737a79073] - async_hooks,inspector: implement inspector api without async_wrap (Gabriel Bota) #51501 - [fce923ba69] - build: update gcovr to 7.2 and codecov config (Benjamin E. Coe) #54019 - [8b7ffd807c] - build: fix compatibility with V8's depot_tools (Richard Lau) #57330 - [ee9a343413] - crypto: update root certificates to NSS 3.108 (Node.js GitHub Bot) #57381 - [738bf8aea4] - crypto: update root certificates to NSS 3.104 (Richard Lau) #55681 - [69d661d591] - deps: update undici to v5.29.0 (Matteo Collina) #57557 - [59fcf43b0e] - deps: update corepack to 0.32.0 (Node.js GitHub Bot) #57265 - [1b72869503] - deps: update archs files for openssl-3.0.16 (Node.js GitHub Bot) #57335 - [a566560235] - deps: upgrade openssl sources to quictls/openssl-3.0.16 (Node.js GitHub Bot) #57335 - [50c4e1da2f] - doc: add missing deprecated badges in fs.md (Yukihiro Hasegawa) #57384 - [c3babb4671] - doc: update Xcode version used for arm64 and pkg (Michaël Zasso) #57104 - [784da606a6] - doc: fix link and history of SourceMap sections (Antoine du Hamel) #57098 - [f5dbceccbe] - test: update error code in tls-psk-circuit for for OpenSSL 3.4 (sebastianas) #56420
Version history
| Version | Updated | Notes |
|---|---|---|
| 18.20.8 | Unknown | Notable Changes This release updates OpenSSL to 3.0.16 and root certificates to NSS 3.108. Commits - [f737a79073] - async_hooks,inspector: implement inspector api without async_wrap (Gabriel Bota) #51501 - [fce923ba69] -... |
| 18.20.7 | Unknown | Notable Changes - [ea5eb0e98b] - crypto: update root certificates to NSS 3.107 (Node.js GitHub Bot) #56566 Commits - [bb2977ca6c] - build: use glob for dependencies of out/Makefile (Richard Lau) #55789 - [92896945b8] - b... |
| 18.20.6 | Unknown | This is a security release. Notable Changes - CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium) - CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium) Dependency u... |
| 18.20.5 | Unknown | Notable Changes - [ac37e554a5] - esm: mark import attributes and JSON module as stable (Nicolò Ribaudo) #55333 Commits - [c2e6a8f215] - benchmark: fix napi/ref addon (Michaël Zasso) #53233 - [4c2e07aaac] - build: pin doc... |
| 18.20.4 | Unknown | This is a security release. Notable Changes - CVE-2024-36138 - Bypass incomplete fix of CVE-2024-27980 (High) - CVE-2024-22020 - Bypass network import restriction via data URL (Medium) Commits - [85abedf1ff] - lib,esm: h... |
| 18.20.3 | Unknown | Notable Changes This release fixes a regression introduced in Node.js 18.19.0 where http.server.close() was incorrectly closing idle connections. A fix has also been included for compiling Node.js from source with newer... |
| 18.20.2 | Unknown | This is a security release. Notable Changes - CVE-2024-27980 - Command injection via args parameter of child_process.spawn without shell option enabled on Windows Commits - [6627222409] - src: disallow direct .bat and .c... |
| 18.20.1 | Unknown | This is a security release. Notable Changes - CVE-2024-27983 - Assertion failed in nodehttp2Http2Session::~Http2Session() leads to HTTP/2 server crash- (High) - CVE-2024-27982 - HTTP Request Smuggling via Content Length... |
| 18.20.0 | Unknown | Notable Changes Added support for import attributes Support has been added for import attributes, to replace the old import assertions syntax. This will aid migration by making the new syntax available across all current... |
| 18.19.1 | Unknown | Notable changes This is a security release. Notable changes - CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High) - CVE-2024-22019 - http: Reading unprocessed HTTP request with unb... |
| 18.19.0 | Unknown | Release notes |
| 18.18.2 | Unknown | This is a security release. Notable Changes The following CVEs are fixed in this release: - CVE-2023-44487: nghttp2 Security Release (High) - CVE-2023-45143: undici Security Release (High) - CVE-2023-38552: Integrity che... |
| 18.18.1 | Unknown | Notable Changes This release addresses some regressions that appeared in Node.js 18.18.0: - (Windows) FS can not handle certain characters in file name #48673 - 18 and 20 node images give error - Text file busy (after re... |
| 18.18.0 | Unknown | Release notes |
| 18.17.1 | Unknown | This is a security release. Notable Changes The following CVEs are fixed in this release: - CVE-2023-32002: Policies can be bypassed via Module._load (High) - CVE-2023-32006: Policies can be bypassed by module.constructo... |
| 18.17.0 | Unknown | Release notes |
| 18.16.1 | Unknown | This is a security release. Notable Changes The following CVEs are fixed in this release: - CVE-2023-30581: mainModule.__proto__ Bypass Experimental Policy Mechanism (High) - CVE-2023-30585: Privilege escalation via Mali... |
| 18.16.0 | Unknown | Release notes |
| 18.15.0 | Unknown | Notable Changes - [63563f8a7a] - doc,lib,src,test: rename --test-coverage (Colin Ihrig) #46017 - [28a775b32f] - test_runner: add initial code coverage support (Colin Ihrig) #46017 - [4d50db14b3] - (SEMVER-MINOR) test_run... |
| 18.14.2 | Unknown | Notable Changes - [f864bef32a] - deps: upgrade npm to 9.5.0 (npm team) #46673 Commits - [880a65d7ff] - build: delete snapshot.blob file from the project (Juan José Arboleda) #46626 - [cbea56efda] - deps: update undici to... |