Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Node v18.20.2 nsolid v5.1.2 release #119

Merged
merged 5 commits into from
Apr 12, 2024
Merged

Node v18.20.2 nsolid v5.1.2 release #119

merged 5 commits into from
Apr 12, 2024

Conversation

trevnorris
Copy link
Contributor

No description provided.

RafaelGSS and others added 5 commits April 3, 2024 10:56
@RafaelGSS
Working on v18.20.2
380e557 
PR-URL: nodejs-private/node-private#573
@bnoordhuis @RafaelGSS
src: disallow direct .bat and .cmd file spawning
6627222 
An undocumented feature of the Win32 CreateProcess API allows spawning
batch files directly but is potentially insecure because arguments are
not escaped (and sometimes cannot be unambiguously escaped), hence why
they are refused starting today.

PR-URL: nodejs-private/node-private#564
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
CVE-ID: CVE-2024-27980
@RafaelGSS
2024-04-10, Version 18.20.2 'Hydrogen' (LTS)
9aedf16 
This is a security release.

Notable changes:

src:
  * disallow direct .bat and .cmd file spawning (Ben Noordhuis) nodejs-private/node-private#564

PR-URL: nodejs-private/node-private#578
@trevnorris
Merge tag 'v18.20.2' into node-v18.20.2-nsolid-v5.1.2-release
b92ae6a 
2024-04-10 Node.js v18.20.2 'Hydrogen' (LTS) Release
Git-EVTag-v0-SHA512: d8d90dda98c3ab09d0ce61e146890d54dc01d1a544e86fd6a8bee626b63ccd97ae72c53b8cefb60385d35a769e2ef5b022d9d81212d018e3c128345e3ecdd538
@trevnorris
2024-04-10, Version 18.20.2-nsolid-v5.1.2 'Hydrogen'
fda2f29
@trevnorris trevnorris self-assigned this Apr 10, 2024
@trevnorris trevnorris merged commit b86fc3c into node-v18.x-nsolid-v5.x Apr 12, 2024
14 of 17 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@santigimeno santigimeno santigimeno approved these changes

@juanarbol juanarbol Awaiting requested review from juanarbol

Assignees

@trevnorris trevnorris

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@trevnorris @santigimeno @RafaelGSS @bnoordhuis