projects / feed / packages.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5de7773) | patch
node: january 13, 2026 Security Releases
authorHirokazu MORIKAWA <morikw2@gmail.com>
Tue, 20 Jan 2026 04:22:04 +0000 (13:22 +0900)
committerHannu Nyman <hannu.nyman@iki.fi>
Thu, 22 Jan 2026 18:53:49 +0000 (20:53 +0200)
commit3cb4028f46ae4bab15a2420d068aeed6e4c8f6d8
tree9f003693f48339e886329621f116ac913805ff1etree | snapshot
parent5de77732b682c3ddd1799dc059b7933fec6b2eaecommit | diff
node: january 13, 2026 Security Releases

HOST BUILD ONLY

Update to 22.22.0
This is a security release.
Notable Changes

    (CVE-2025-59465) add TLSSocket default error handler
    (CVE-2025-55132) disable futimes when permission model is enabled
    lib,permission:
    (CVE-2025-55130) require full read and write to symlink APIs
    src:
    (CVE-2025-59466) rethrow stack overflow exceptions in async_hooks
    src,lib:
    (CVE-2025-55131) refactor unsafe buffer creation to remove zero-fill toggle
    tls:
    (CVE-2026-21637) route callback exceptions through error handlers

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
lang/node/Makefile diff | blob | history
Mirror of packages feed