v17.7.2 proposal
A combination of some GitHub issues today and having to take over this release at short notice has resulted in my decision to only pick the OpenSSL commits over for this proposal instead of our usual "treat current as a regular release". This should hopefully reduce the risk and give us more chance of getting the release out today. cc @nodejs/releasers
2022-03-17, Version 17.7.2 (Current), @richardlau
This is a security release.
Notable Changes
Update to OpenSSL 3.0.2, which addresses the following vulnerability:
- Infinite loop in
BN_mod_sqrt()reachable when parsing certificates (High)(CVE-2022-0778) More details are available at https://www.openssl.org/news/secadv/20220315.txt
Commits
- [
55e293e05f] - deps: update archs files for quictls/openssl-3.0.2+quic (Hassaan Pasha) #42356 - [
b8d090603d] - deps: upgrade openssl sources to quictls/openssl-3.0.2+quic (Hassaan Pasha) #42356 - [
c8b6d92af0] - test: fix tests affected by OpenSSL update (Michael Dawson) #42356 - [
457e31ea09] - test: renew certificates for specific test (Luigi Pinca) #42342