nodejs/node
### [`v14.20.1`](https://togithub.com/nodejs/node/releases/tag/v14.20.1)
[Compare Source](https://togithub.com/nodejs/node/compare/v14.20.0...v14.20.1)
This is a security release.
##### Notable changes
The following CVEs are fixed in this release:
- **[CVE-2022-32212](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212)**: DNS rebinding in --inspect on macOS (High)
- **[CVE-2022-32213](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213)**: bypass via obs-fold mechanic (Medium)
- **[CVE-2022-35256](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256)**: HTTP Request Smuggling Due to Incorrect Parsing of Header Fields (Medium)
More detailed information on each of the vulnerabilities can be found in [September 22nd 2022 Security Releases](https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/) blog post.
##### Commits
- \[[`a9f1146b88`](https://togithub.com/nodejs/node/commit/a9f1146b88)] - **http**: disable chunked encoding when OBS fold is used (Paolo Insogna) [nodejs-private/node-private#341](https://togithub.com/nodejs-private/node-private/pull/341)
- \[[`a1121b456c`](https://togithub.com/nodejs/node/commit/a1121b456c)] - **src**: fix IPv4 non routable validation (RafaelGSS) [nodejs-private/node-private#337](https://togithub.com/nodejs-private/node-private/pull/337)
- \[[`de80707870`](https://togithub.com/nodejs/node/commit/de80707870)] - **src**: fix IS_LTS and IS_RELEASE flags (Richard Lau) [#43761](https://togithub.com/nodejs/node/pull/43761)
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, click this checkbox.
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
14.20.0
->14.20.1
Release Notes
nodejs/node
### [`v14.20.1`](https://togithub.com/nodejs/node/releases/tag/v14.20.1) [Compare Source](https://togithub.com/nodejs/node/compare/v14.20.0...v14.20.1) This is a security release. ##### Notable changes The following CVEs are fixed in this release: - **[CVE-2022-32212](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212)**: DNS rebinding in --inspect on macOS (High) - **[CVE-2022-32213](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213)**: bypass via obs-fold mechanic (Medium) - **[CVE-2022-35256](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256)**: HTTP Request Smuggling Due to Incorrect Parsing of Header Fields (Medium) More detailed information on each of the vulnerabilities can be found in [September 22nd 2022 Security Releases](https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/) blog post. ##### Commits - \[[`a9f1146b88`](https://togithub.com/nodejs/node/commit/a9f1146b88)] - **http**: disable chunked encoding when OBS fold is used (Paolo Insogna) [nodejs-private/node-private#341](https://togithub.com/nodejs-private/node-private/pull/341) - \[[`a1121b456c`](https://togithub.com/nodejs/node/commit/a1121b456c)] - **src**: fix IPv4 non routable validation (RafaelGSS) [nodejs-private/node-private#337](https://togithub.com/nodejs-private/node-private/pull/337) - \[[`de80707870`](https://togithub.com/nodejs/node/commit/de80707870)] - **src**: fix IS_LTS and IS_RELEASE flags (Richard Lau) [#43761](https://togithub.com/nodejs/node/pull/43761)Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.