Myles Borins
Notable Changes
These are vulnerabilities in the node-tar, arborist, and npm cli modules which are related to the initial reports and subsequent remediation of node-tar vulnerabilities CVE-2021-32803 and CVE-2021-32804. Subsequent internal security review of node-tar and additional external bounty reports have resulted in another 5 CVE being remediated in core npm CLI dependencies including node-tar, and npm arborist.
You can read more about it in:
Commits
- [
5b3f70bfb5] - deps: update archs files for OpenSSL-1.1.1l (Richard Lau) #39868 - [
71372625ae] - deps: upgrade openssl sources to 1.1.1l (Richard Lau) #39868 - [
4276984803] - deps: upgrade npm to 6.14.15 (Darcy Clarke) #39856
Windows 32-bit Installer: https://nodejs.org/dist/v14.17.6/node-v14.17.6-x86.msi
Windows 64-bit Installer: https://nodejs.org/dist/v14.17.6/node-v14.17.6-x64.msi
Windows 32-bit Binary: https://nodejs.org/dist/v14.17.6/win-x86/node.exe
Windows 64-bit Binary: https://nodejs.org/dist/v14.17.6/win-x64/node.exe
macOS 64-bit Installer: https://nodejs.org/dist/v14.17.6/node-v14.17.6.pkg
macOS Intel 64-bit Binary: https://nodejs.org/dist/v14.17.6/node-v14.17.6-darwin-x64.tar.gz
Linux 64-bit Binary: https://nodejs.org/dist/v14.17.6/node-v14.17.6-linux-x64.tar.xz
Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v14.17.6/node-v14.17.6-linux-ppc64le.tar.xz
Linux s390x 64-bit Binary: https://nodejs.org/dist/v14.17.6/node-v14.17.6-linux-s390x.tar.xz
AIX 64-bit Binary: https://nodejs.org/dist/v14.17.6/node-v14.17.6-aix-ppc64.tar.gz
ARMv7 32-bit Binary: https://nodejs.org/dist/v14.17.6/node-v14.17.6-linux-armv7l.tar.xz
ARMv8 64-bit Binary: https://nodejs.org/dist/v14.17.6/node-v14.17.6-linux-arm64.tar.xz
Source Code: https://nodejs.org/dist/v14.17.6/node-v14.17.6.tar.gz
Other release files: https://nodejs.org/dist/v14.17.6/
Documentation: https://nodejs.org/docs/v14.17.6/api/
SHASUMS
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
8a809d7c75f9e695396b53aa95bcf8ec49b9ec5a993e82c02c2e067f48b89e81 node-v14.17.6-aix-ppc64.tar.gz
e3e4c02240d74fb1dc8a514daa62e5de04f7eaee0bcbca06a366ece73a52ad88 node-v14.17.6-darwin-x64.tar.gz
b8f94e44b56e7ff52ad9b9c7f2ec263a95aa06d5efcf67c663167588a8467bf6 node-v14.17.6-darwin-x64.tar.xz
7841543802bdf04c94d15a9c0eb3945d91c579da3ddf8c7056873f7c8cffec4b node-v14.17.6-headers.tar.gz
9429d544af0507c92f309fb1a0b7c2082b52846bdff3cd8aa039ada0461c95b9 node-v14.17.6-headers.tar.xz
3355eae15582be48f6be0910e279abbf2324f4538d3ccb2da7e66edab6e6b0fe node-v14.17.6-linux-arm64.tar.gz
9c4f3a651e03cd9b5bddd33a80e8be6a6eb15e518513e410bb0852a658699156 node-v14.17.6-linux-arm64.tar.xz
977e0ae2f6729f4feba5f75a4c317174bc9617610699afd2c478c7dff6c5ba13 node-v14.17.6-linux-armv7l.tar.gz
09ad804c7354ebaded407d0ce64e72e534801fc435be084af3e5b16b1a9c96d0 node-v14.17.6-linux-armv7l.tar.xz
180d13998617f1ef85beec008ef7fe49b30e0d2ecb2bd7897c1d51f95c803aa9 node-v14.17.6-linux-ppc64le.tar.gz
2f978fc75484fde36f44033dc726b7572d8e8cee460b9f278c855d6af5e85262 node-v14.17.6-linux-ppc64le.tar.xz
8a2e1ff691f8723ff740bc5d9dede29da58397c23955b9e43bb4d4831181235c node-v14.17.6-linux-s390x.tar.gz
3677f35b97608056013b5368f86eecdb044bdccc1b3976c1d4448736c37b6a0c node-v14.17.6-linux-s390x.tar.xz
19e376214450e93e58687198070b4ab46e42357032ec65f23a7e35b0e86ad6e2 node-v14.17.6-linux-x64.tar.gz
3bbe4faf356738d88b45be222bf5e858330541ff16bd0d4cfad36540c331461b node-v14.17.6-linux-x64.tar.xz
04687d7547b213b32bbae97e9d2841ad697fedabaa061f5d4462845b55af09c6 node-v14.17.6.pkg
f64559c87faa2f1ce93c3d2cd09723af254ec320a53cbfd1a2ba8fba28e488d0 node-v14.17.6.tar.gz
f458cd0b1cb1540611cb08709d833c0c59c74da79310ae1984cc8bad1404ad5e node-v14.17.6.tar.xz
ee4f072532caebcc588cc535a3a972fa3b83cf0337509217ad0e3567fb785991 node-v14.17.6-win-x64.7z
b83e9ce542fda7fc519cec6eb24a2575a84862ea4227dedc171a8e0b5b614ac0 node-v14.17.6-win-x64.zip
ae75725bad06dc0bfa9929835d950026bb44336932bf6be374277d031a692825 node-v14.17.6-win-x86.7z
3e105bcb2234b5cc0b618c15fbd3f1b530be082dfa77d3e740544ee65b6cf784 node-v14.17.6-win-x86.zip
e72ceb05c7596a6e381172369dce1c374a2b09ee739dca330be58f3977b5c03d node-v14.17.6-x64.msi
5a8225d7dbbe5707b183e89c2ff779a9db7826a94f83d99cd6c879ec60044c3f node-v14.17.6-x86.msi
3ce996581d1b357cbada188730da7966b69dc94bb0098ec38b3334764f309318 win-x64/node.exe
e456fef578acd36eb661055445b4a06c81c47b2cfe0066619e7faa135137d4f6 win-x64/node.lib
f4e7aa3997e065c89bef93b1e1f3804ee34eedd5c461ab515c1eeca6932ef03b win-x64/node_pdb.7z
cf02c88f97dd8e404a34d8206a60354305368688dcce5b0fa963c424e2452c62 win-x64/node_pdb.zip
9838fe04cb24eafd3a65338790699517dbad2babc7c0b2d98884eda8ca45ee5a win-x86/node.exe
176a1b13a4cb1008d1aef1d862d9519ea3b3e412c98a08c013aa441c0054ee4d win-x86/node.lib
17fac76708d2336dda2790459daccc71c54a6eb5b585024f494dc575e8355dbd win-x86/node_pdb.7z
5a6dc153f8a7b0930875737ef76a68359b1d6431cfe6feef3736a538734e7436 win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEDv/hvO/ZyE49CYFSkzsB9AtcqUYFAmEuQ/gACgkQkzsB9Atc
qUaibwf+NbKm98uLvMQU8PAqIREjp5CNHSIetDCo2Wp1X9v2DaO0AK7J9xmzkp//
gf9o1gGNnSqdt09lUOGp4/mr/3nW+9EncZ1gBKYtfiRloq+yLX7GSro7vCiDnqFn
19YbRhAsuIMO2Mx305nGJxTNTnhOhVH1IKhOfwuBeAfXCXm9sKmpEQViwev0LKzF
ZyTH9mDYxyx3tLWdNf5OSNdTdWHTKJBHRJ/w5kLHE/EaDEQHX6G87vBhWzo0LuZz
X9064TJlVAk0H9sHC/lztcNocr8J7nA91R70KGGerntKfFy4dvD86q0u2Ee+FKSs
rfKqkcIgCr0rs2hadcEufW+8oR6XUw==
=3xNG
-----END PGP SIGNATURE-----