Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Node v20.12.2 nsolid v5.1.2 release #118

Merged
merged 5 commits into from
Apr 11, 2024
Merged

Node v20.12.2 nsolid v5.1.2 release #118

merged 5 commits into from
Apr 11, 2024

Conversation

trevnorris
Copy link
Contributor

No description provided.

RafaelGSS and others added 5 commits April 3, 2024 10:43
@RafaelGSS
Working on v20.12.2
93dd908 
PR-URL: nodejs-private/node-private#575
@bnoordhuis @RafaelGSS
src: disallow direct .bat and .cmd file spawning
69ffc6d 
An undocumented feature of the Win32 CreateProcess API allows spawning
batch files directly but is potentially insecure because arguments are
not escaped (and sometimes cannot be unambiguously escaped), hence why
they are refused starting today.

PR-URL: nodejs-private/node-private#563
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
CVE-ID: CVE-2024-27980
@RafaelGSS
2024-04-10, Version 20.12.2 'Iron' (LTS)
b3f0c61 
This is a security release.

Notable changes:

src:
  * disallow direct .bat and .cmd file spawning (Ben Noordhuis) nodejs-private/node-private#563

PR-URL: nodejs-private/node-private#579
@trevnorris
Merge tag 'v20.12.2' into node-v20.12.2-nsolid-v5.1.2-release
ea4b14d 
2024-04-10 Node.js v20.12.2 'Iron' (LTS) Release
Git-EVTag-v0-SHA512: 4c624a75c98a0970f5493daf4e5a9ecc0f1d9d32c245abac1a24f5761ede54adee621ea3fd486818f701983e874ddf0065e1165d6d4815559c2f777d99f5d9b9
@trevnorris
2024-04-10, Version 20.12.2-nsolid-v5.1.2 'Iron'
9206e68
@trevnorris trevnorris self-assigned this Apr 10, 2024
@trevnorris trevnorris merged commit f7e31b1 into node-v20.x-nsolid-v5.x Apr 11, 2024
15 of 17 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@santigimeno santigimeno santigimeno approved these changes

@juanarbol juanarbol Awaiting requested review from juanarbol

Assignees

@trevnorris trevnorris

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@trevnorris @santigimeno @RafaelGSS @bnoordhuis