Skip to content

Commit 3d1bc0a

Browse files
mhdawsonmhdawson
authored
doc: announce Feb security release (#5042)
* doc: announce Feb security release Signed-off-by: Michael Dawson <[email protected]> * Update locale/en/blog/vulnerability/february-2023-security-releases.md Signed-off-by: Michael Dawson <[email protected]> --------- Signed-off-by: Michael Dawson <[email protected]>
1 parent 0071a7d commit 3d1bc0a

File tree

2 files changed

+46
-4
lines changed

2 files changed

+46
-4
lines changed

locale/en/blog/vulnerability/february-2023-security-releases.md

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,42 @@
1+
---
2+
date: 2023-02-07T17:00:00.000Z
3+
category: vulnerability
4+
title: Tuesday February 14 2023 Security Releases
5+
slug: february-2023-security-releases
6+
layout: blog-post.hbs
7+
author: Michael Dawson
8+
---
9+
10+
Pre-release announce
11+
12+
# Summary
13+
14+
The Node.js project will release new versions of the 14.x, 16.x, 18.x and 19.x
15+
releases lines on or shortly after, Tuesday February 14 2023 in order to address:
16+
17+
* 2 low severity issues.
18+
* 2 medium severity issues.
19+
* 1 high severity issues.
20+
* OpenSSL security updates for which the highest vulnerability severity is high. You
21+
can read more about this update in the
22+
[OpenSSL security advisory](https://www.openssl.org/news/secadv/20230207.txt).
23+
24+
## Impact
25+
26+
The 19.x release line of Node.js is vulnerable to 2 low severity issues, 2 medium severity issues and 1 high severity issue and the OpenSSL vulnerabilities.
27+
28+
The 18.x release line of Node.js is vulnerable to 2 low severity issues, 2 medium severity issues and 1 high severity issue and the OpenSSL vulnerabilities.
29+
30+
The 16.x release line of Node.js is vulnerable to 2 low severity issues, 2 medium severity issues, and 1 high severity issue and the OpenSSL vulnerabilities.
31+
32+
The 14.x release line of Node.js is vulnerable to 1 low severity issue, and 1 high severity issue and the OpenSSL vulnerabilities.
33+
34+
## Release timing
35+
36+
Releases will be available on, or shortly after, Tuesday February 14 2023.
37+
38+
## Contact and future updates
39+
40+
The current Node.js security policy can be found at https://nodejs.org/en/security/. Please follow the process outlined in https://github.com/nodejs/node/blob/master/SECURITY.md if you wish to report a vulnerability in Node.js.
41+
42+
Subscribe to the low-volume announcement-only nodejs-sec mailing list at https://groups.google.com/forum/#!forum/nodejs-sec to stay up to date on security vulnerabilities and security-related releases of Node.js and the projects maintained in the nodejs GitHub organization.

locale/en/site.json

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -131,10 +131,10 @@
131131
},
132132
"banners": {
133133
"index": {
134-
"startDate": "2022-12-16T17:00:00.000Z",
135-
"endDate": "2022-12-30T16:00:00.000Z",
136-
"text": "Node.js assessment of OpenSSL 3.0.7 security advisory",
137-
"link": "https://nodejs.org/en/blog/vulnerability/openssl-fixes-in-regular-releases-dec2022/"
134+
"startDate": "2023-02-14T16:00:00.000Z",
135+
"endDate": "2023-03-07T23:00:00.000Z",
136+
"text": "New security releases to be made available February 14th, 2023",
137+
"link": "https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/"
138138
},
139139
"blacklivesmatter": {
140140
"visible": false,

0 commit comments

Comments
 (0)