包阅导读总结
1. 关键词:Node、安全发布、漏洞修复、安装文件、PGP 签名
2. 总结:
– Node v18.20.4 (LTS) 为安全发布版本。
– 修复了 CVE-2024-36138 和 CVE-2024-22020 漏洞。
– 提供了各系统的安装文件链接及文档链接。
– 给出了文件的哈希值和 PGP 签名。
3. 主要内容:
– Node v18.20.4 (LTS) 发布
– 这是一个安全版本
– 修复的漏洞包括:
– CVE-2024-36138 – 绕过 CVE-2024-27980 不完全修复(高)
– CVE-2024-22020 – 通过数据 URL 绕过网络导入限制(中)
– 安装文件下载链接
– Windows 32 位和 64 位的安装器、二进制文件
– macOS 不同架构的安装器、二进制文件
– Linux 不同架构的二进制文件
– AIX 64 位二进制文件
– ARMv7 和 ARMv8 二进制文件
– 源代码
– 其他发布文件
– 文档链接
– 文件哈希值及 PGP 签名
思维导图:
文章地址:https://nodejs.org/en/blog/release/v18.20.4
文章来源:nodejs.org
作者:Node.js Blog
发布时间:2024/7/8 18:15
语言:英文
总字数:219字
预计阅读时间:1分钟
评分:85分
标签:Node.js,安全发布,长期支持,CVE-2024-36138,CVE-2024-22020
以下为原文内容
本内容来源于用户推荐转载,旨在分享知识与观点,如有侵权请联系删除 联系邮箱 media@ilingban.com
Node v18.20.4 (LTS)
This is a security release.
- CVE-2024-36138 – Bypass incomplete fix of CVE-2024-27980 (High)
- CVE-2024-22020 – Bypass network import restriction via data URL (Medium)
Windows 32-bit Installer: https://nodejs.org/dist/v18.20.4/node-v18.20.4-x86.msi
Windows 64-bit Installer: https://nodejs.org/dist/v18.20.4/node-v18.20.4-x64.msi
Windows 32-bit Binary: https://nodejs.org/dist/v18.20.4/win-x86/node.exe
Windows 64-bit Binary: https://nodejs.org/dist/v18.20.4/win-x64/node.exe
macOS 64-bit Installer: https://nodejs.org/dist/v18.20.4/node-v18.20.4.pkg
macOS Apple Silicon 64-bit Binary: https://nodejs.org/dist/v18.20.4/node-v18.20.4-darwin-arm64.tar.gz
macOS Intel 64-bit Binary: https://nodejs.org/dist/v18.20.4/node-v18.20.4-darwin-x64.tar.gz
Linux 64-bit Binary: https://nodejs.org/dist/v18.20.4/node-v18.20.4-linux-x64.tar.xz
Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v18.20.4/node-v18.20.4-linux-ppc64le.tar.xz
Linux s390x 64-bit Binary: https://nodejs.org/dist/v18.20.4/node-v18.20.4-linux-s390x.tar.xz
AIX 64-bit Binary: https://nodejs.org/dist/v18.20.4/node-v18.20.4-aix-ppc64.tar.gz
ARMv7 32-bit Binary: https://nodejs.org/dist/v18.20.4/node-v18.20.4-linux-armv7l.tar.xz
ARMv8 64-bit Binary: https://nodejs.org/dist/v18.20.4/node-v18.20.4-linux-arm64.tar.xz
Source Code: https://nodejs.org/dist/v18.20.4/node-v18.20.4.tar.gz
Other release files: https://nodejs.org/dist/v18.20.4/
Documentation: https://nodejs.org/docs/v18.20.4/api/
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA2568b964752863994f9f74b9aa176584e3a1a9f408a1c57c41d929bc9d2a54020b4 node-v18.20.4-aix-ppc64.tar.gzaca5b568cc2a7e918037f05168634a921d88f43882c92a01b4ef5e39d0b89414 node-v18.20.4-darwin-arm64.tar.gze4ff1ac52a42e8f5eadc59e5bde778e31f246636beae0615a8b82885d8d30f4a node-v18.20.4-darwin-arm64.tar.xz7d2eb630b66bb39b9cf6bb12b35de833e2445797f2ddc9bcae714e63e75181ca node-v18.20.4-darwin-x64.tar.gza868e8a1c27fe5fe329d80dd3b51409cefdf9a7869d9abca42473beae7535e10 node-v18.20.4-darwin-x64.tar.xzbe69a16ef1b0483ca0aacc1c8d0af69e87582356e236fe750e9eef9a6127db1b node-v18.20.4-headers.tar.gz7d5fa4cf18910fd84d94e800459851c6067aca3646507e408ebcd7e572865eca node-v18.20.4-headers.tar.xzf4e0b8b1a89e5d6529e517d57b42ac5cbab0562d86e88566d8e90578257e2b16 node-v18.20.4-linux-arm64.tar.gz1cb5053bd4109aec41a8104ea3e9f48b95b1adef4d23bb4fc64f8c2d90c65ae3 node-v18.20.4-linux-arm64.tar.xzce311e7167c8cc0392753119dad55291842c2f4aa7a87a093144fc9338f35b61 node-v18.20.4-linux-armv7l.tar.gz65686d63e0a73915a57ff487a0f720a502779f97e9cc93b3cc8b74563f8baa85 node-v18.20.4-linux-armv7l.tar.xz2356de20cb33798690c90270b557e690c34cfd67525e32a0a6301a8176ce0bd8 node-v18.20.4-linux-ppc64le.tar.gzd3baf8cca1862f42529258e37a715e4e59de7c6d00409e5f8dce31ced8196ed0 node-v18.20.4-linux-ppc64le.tar.xz654ee94e5695f4c97dc1adc03cf833763ba62865fefb057af7258a20a87be51c node-v18.20.4-linux-s390x.tar.gz050d3646dc19a2e72f6bb16159af49d25594e9a55fa35f264c34dac7c4665ab6 node-v18.20.4-linux-s390x.tar.xzc4b0827dc47609d0a8379e6de6c74b3934da0b1312c733b5ebdcac16e3f1e954 node-v18.20.4-linux-x64.tar.gz592eb35c352c7c0c8c4b2ecf9c19d615e78de68c20b660eb74bd85f8c8395063 node-v18.20.4-linux-x64.tar.xz235645185550bf8dade9d747d5bd7aa7c901b12433ac743857738df7e94ecde0 node-v18.20.4-win-x64.7za2864d9048fb83cc85e3b2c3d18f5731b69cae8964bb029f5cdecbb0820eccd7 node-v18.20.4-win-x64.zipeab07bf4b4f443448205699d7a4b6d2cfa2e847c2f0d041a8117fcdcedf9e350 node-v18.20.4-win-x86.7z4939b50f5252ae05b271e20cbdaca36c26c7b78ea817a74fd6098a2435641b91 node-v18.20.4-win-x86.zipc2654d3557abd59de08474c6dd009b1d358f420b8e4010e4debbf130b1dfb90a node-v18.20.4-x64.msidcf8f4a7022be6e3a1f1af875cca6747904f88feda55387daf009308d2844003 node-v18.20.4-x86.msi0df3e744a2beba9fe91d43a218a82dc23bcf4f6dd0532b35816766e4dd801e49 node-v18.20.4.pkg349259af6821f730bc4ca3a0e6576efc75ba86e546d118629a5b75eb8ebc3a0b node-v18.20.4.tar.gza76c7ea1b96aeb6963a158806260c8094b6244d64a696529d020547b9a95ca2a node-v18.20.4.tar.xz4dd7333812a5df39cae6c7e69e519328ff61d0e997bdc62c307e3303c73270be win-x64/node.exe64d93225aaece04e3cd45177d6dea2b22df49e127281fefa3ade43ac46a36cc6 win-x64/node.lib902520361c065585d8ece561d7e5078ef3f873699c2a0285d536b96fd3dc7816 win-x64/node_pdb.7zd5c75042e9cfb6852e07ae8460cd14d3ec243926201c8f4cc44e0e3e68538663 win-x64/node_pdb.zipbb4c0584d5f32a5246dcf02c613f9c11dcd596ab09e5be43144f0ee2fc271a15 win-x86/node.exedf34047e8ae646e6f43d76ecbec9709a185f29e01f49b377c4c46070cacc2859 win-x86/node.libce1995e9e9f99b05abc4808437eca817dd4bb28500ae9164ea2df7acbac069c6 win-x86/node_pdb.7z02f8dd1808dce9777374fd1e4874eaddfbb748b55b5c70e70e32bf1388594ed3 win-x86/node_pdb.zip-----BEGIN PGP SIGNATURE-----iQGzBAEBCAAdFiEEiQwI24V5Fi/uDfnbi+q0389VXvQFAmaMKnwACgkQi+q0389VXvSqGwwAkSTd4L8MQFSEV3R5LalZQtqUQZUwq4VAGQ0ZbYaj8biUbaVt4iQrH4scORPRs9d0DPVOzHLzvBpRziPkIRDGWO70X+QDeXVCus5kCwOOu6p1/31bykLqoxPC8wVNBGy4MyaH31PdlvdMyCTg+PBHte4/XCztPLg6TUS4WGO90aUZjRQRML1h7Fo2EmQnGpVK7bZtQZPKPntt61Q/o48Kh6Q5v1kGTh2HHKy51QMGYQxA72IhdGA807RipljDlqyMFHNfo8cDFD9wlizngun/7QtZpfYLWUZeQvZWEBgrN/Z/mU/5nPQjLF6ExKSP7ahQkmJaqVTJIWQKQay0AIT8ZXEvV57htY5aeGPn3/WZGe6oahCaLgnBGik+itFlt/AfYACwCgR86gc2IpEFsHnZGvs8QCdvbtjn3V1EBL8y6Smzqc1uPU+vHOCymC1gXwDoQ9ja+5MREaTdipKKNYypFMeS4xqE0QnDRSjfz/8xzqW9rjy01KZFi/QwnrNMO3WM=Gnr/-----END PGP SIGNATURE-----