2023-06-20, Version 18.16.1 'Hydrogen' (LTS), @RafaelGSS

This is a security release.

Notable Changes

The following CVEs are fixed in this release:

• CVE-2023-30581: mainModule.__proto__ Bypass Experimental Policy Mechanism (High)
• CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
• CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
• CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
• CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
• OpenSSL Security Releases
• OpenSSL security advisory 28th March.
• OpenSSL security advisory 20th April.
• OpenSSL security advisory 30th May
• c-ares vulnerabilities:
• GHSA-9g78-jv2r-p7vc
• GHSA-8r8p-23f3-64c2
• GHSA-54xr-f67r-4pc4
• GHSA-x6mf-cxr9-8q6v

More detailed information on each of the vulnerabilities can be found in June 2023 Security Releases blog post.