Richard Lau
Notable Changes
This is a security release.
Vulnerabilities fixed:
- CVE-2020-8251: Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests (Critical).
- CVE-2020-8201: HTTP Request Smuggling due to CR-to-Hyphen conversion (High).
Commits
- [
dd828376a0] - deps: update llhttp to 2.1.2 (Fedor Indutny) nodejs-private/node-private#215 - [
753f3b247a] - http: add requestTimeout (Matteo Collina, Paolo Insogna, Robert Nagy) nodejs-private/node-private#208
Windows 32-bit Installer: https://nodejs.org/dist/v14.11.0/node-v14.11.0-x86.msi
Windows 64-bit Installer: https://nodejs.org/dist/v14.11.0/node-v14.11.0-x64.msi
Windows 32-bit Binary: https://nodejs.org/dist/v14.11.0/win-x86/node.exe
Windows 64-bit Binary: https://nodejs.org/dist/v14.11.0/win-x64/node.exe
macOS 64-bit Installer: https://nodejs.org/dist/v14.11.0/node-v14.11.0.pkg
macOS 64-bit Binary: https://nodejs.org/dist/v14.11.0/node-v14.11.0-darwin-x64.tar.gz
Linux 64-bit Binary: https://nodejs.org/dist/v14.11.0/node-v14.11.0-linux-x64.tar.xz
Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v14.11.0/node-v14.11.0-linux-ppc64le.tar.xz
Linux s390x 64-bit Binary: https://nodejs.org/dist/v14.11.0/node-v14.11.0-linux-s390x.tar.xz
AIX 64-bit Binary: https://nodejs.org/dist/v14.11.0/node-v14.11.0-aix-ppc64.tar.gz
ARMv7 32-bit Binary: https://nodejs.org/dist/v14.11.0/node-v14.11.0-linux-armv7l.tar.xz
ARMv8 64-bit Binary: https://nodejs.org/dist/v14.11.0/node-v14.11.0-linux-arm64.tar.xz
Source Code: https://nodejs.org/dist/v14.11.0/node-v14.11.0.tar.gz
Other release files: https://nodejs.org/dist/v14.11.0/
Documentation: https://nodejs.org/docs/v14.11.0/api/
SHASUMS
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
cb97474a5165b89b2789a8b464727d6756596455648c8dda89f95dfe7c5ef3c0 node-v14.11.0-aix-ppc64.tar.gz
4fcc716046ced78ba786d03f30976182a86bf3927610f0c87c1827d93e7f427c node-v14.11.0-darwin-x64.tar.gz
66562b5ba088c8d40bec4106c6ef7ed9d2d73f74b842cee02f5d7de17d89e89c node-v14.11.0-darwin-x64.tar.xz
e20adfa0e38ddbc4e702772a720afeae223b4eb393c92e1a0933b4b72b63c70b node-v14.11.0-headers.tar.gz
75cd2e843adf9b58b715a33c994afaa082345e38a6ffaca23043e7eebc4a3c1f node-v14.11.0-headers.tar.xz
52b67943f63c03a15122ecfb94e7f197be06c6c8992bdd5d77c79960411a31fd node-v14.11.0-linux-arm64.tar.gz
ce8c5ceb9c49e753957fa2916f785fb7c09650753c45f658f2f2f52bb45d54c6 node-v14.11.0-linux-arm64.tar.xz
bcf2406ed728d42425f1793745f29c00cf40f68174625c0aedf4289d14a277f3 node-v14.11.0-linux-armv7l.tar.gz
fdb8d997cfa535b27790ab3922a621bcf95172ab91f2e7f4c3af5f1e84706898 node-v14.11.0-linux-armv7l.tar.xz
f1e4841bd8b4759fea274486374b82eea18a42309e0f5837b555a271e8462fb1 node-v14.11.0-linux-ppc64le.tar.gz
5dcd387b8e57f7de038df2d61c2b68b229a5cb27a4bdd10638b5ceed077396ec node-v14.11.0-linux-ppc64le.tar.xz
8e2a814673dc77d2f056ee459168413f5423012d76956fcc7553ef32c7919676 node-v14.11.0-linux-s390x.tar.gz
01ccf32877011b47551afb4d40ad42a16f06d8480baa9d4fb5c3eb220c7d9108 node-v14.11.0-linux-s390x.tar.xz
b2e7ac8741ac5eb95b0d074568b3f2691a3913488a9f96b7b7957e22f424a5a1 node-v14.11.0-linux-x64.tar.gz
c0dfb8e45aefefc65410dbe3e9a05e346b952b2a19a965f5bea3e77b74fc73d8 node-v14.11.0-linux-x64.tar.xz
b34f03672c180ac6bf9dabad514a14c2b337f5e63a4c1a6eb09dfda038f773f5 node-v14.11.0.pkg
c07669ddbd708d0dfc4ccb63a7ced7ad1fd7d1b59ced50cf05f22f0b96e45463 node-v14.11.0.tar.gz
51c6e4f2771a1b14d467ce14c9577b74b0095919333a61405a1a48765d9205eb node-v14.11.0.tar.xz
e1e59a72b892563fbc3b2df8059b5b42a72e697def6fafe83cf5aecb69fbc979 node-v14.11.0-win-x64.7z
3745890c7e20a6feccaf2d841dccc21ae507a5bb4ee34875473e994104d7481c node-v14.11.0-win-x64.zip
67706e3d22d4c88f512245b24acbc3a4b7a0656a5edae3d821fbfa2d06934fbf node-v14.11.0-win-x86.7z
506f73012900c43a29f39f5fea7cfee32028cca4ebcccb6a5d6b5713f933ad7c node-v14.11.0-win-x86.zip
cce401aeaf658e25a364fb3221a9a4f276d33c9b1ff9f29028e123ed061c0727 node-v14.11.0-x64.msi
8c2adb89890bf38cbf3f19c9843407c501ec86bd9bbbd9e975e3fd5af64a55f6 node-v14.11.0-x86.msi
da6ab52632538038c6bc6a32bc1cc0eba13052c2fd7f0259aae9fa2acceb95c3 win-x64/node.exe
a1968370c38c54d5eb66996c077c6b450cb8c3abde37b75148fe5f0ca632c27e win-x64/node.lib
0b733f3ad885b30dbadb3769c4260da2ebcae0ec047e1eff287a3f4c6516c6da win-x64/node_pdb.7z
0a00131a0951bd6a091fd3560a0f51d069aebe56f427c45ff0d62ca70bd88bd9 win-x64/node_pdb.zip
d8aa47ddab0dd870c5ed26c34a7148f977a38baf158bc3a418aa659075451fdb win-x86/node.exe
96d8a893d60b725a41477f9d5448adaf84d1be56ab8c05ca32605ffcf6c65c48 win-x86/node.lib
fb9110714832094c5843652db0b35786372db58df5a06255c3e15f5f56722ce2 win-x86/node_pdb.7z
278b93e9af92fe2f5d9100c9c11ba2b85967e3b8d924aae473b3f0429cb5f8b8 win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCAAGBQJfYSxBAAoJEMQ87EXBerk8u7EP/jT7JXi/lbAtpssvXGfcHpjR
XAdvY0mHhd4dzVOuJdf50uu3zppExSntRy2i1+8zZ/GobV/TQW2ZojFi04RzGVMR
PSXk65hC7fsWbSpSdNKBwLE/g53O6uQ6NmNi7hpcrtDK81fIYbvvAjECDuNYKn7M
+SP4KIODCF9173OLpxiPbcP5FiWY+f2MjrymYcx4IEo5hRfFSqHSdvnJ7uekEfEe
Msf2AvO31chtjcHp5HwEkFzCcbV85sipn63FDPOjXheR3PeUTV0F41WoaPEfBoh8
d/pnJl7tbzIKku2bFpXZ2ormOIfg8UbpybQowWEGwSpOWPLIAZM34JUMTqjQdi76
O8XOwea3iJsYQuHPuxIGEmsk3ZQ9rE1tlWia4g+dpykTYSDoGQ3qcEZliD453Agt
08zVgxd8g502dSfRmR+jxuy6tE36iSwG0BSCeCdKr6eANKR5IM9E2gJduvBRRhQV
hrHxZ3n9Bb7U/nWF5B9DCfpSeIpGpkipipn18axbzgQgGMQocI8UKNhyUaVwYX/c
ptN6WeHkugCLC2wD9vW+7VGL0qUHcC+V1Pmeqh/zaqrKwUIBwyGt7lH9q/fp0Pbb
3R6A+oVNvE0PIP9tuqX6yyonMePjkTpMLh/F9No05s4m4X9UaeHeYmHQYM3SRzoQ
TphqVXaTjZU+wBVOQS8L
=JYLQ
-----END PGP SIGNATURE-----