Security Release for NSolid Version 4.6.1. - NodeSource

The NodeSource Blog

You have reached the beginning of time!

Announcing N|Solid 4.6.1

IMPORTANT: This release of N|Solid v4.6.1 contains a Node.js security release!

NodeSource is excited to announce N|Solid v4.6.1 which contains the following changes:

  • Node.js v12.22.7 (LTS): Includes a Node.js security release captured in Node.js v12.22.7 (LTS).
  • Node.js v14.18.1 (LTS): Includes a Node.js security release captured in Node.js v14.18.1 (LTS).

For detailed information on installing and using N|Solid, please refer to the N|Solid User Guide.

Changes

This release includes patches for these vulnerabilities:

  • CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium) The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at CVE-2021-22959 after publication.

  • CVE-2021-22960: HTTP Request Smuggling when parsing the body (Medium) The parse ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. More details will be available at CVE-2021-22960 after publication.

There are also included bugfixes for the Tracing section in the N|Solid console.

There are two available LTS Node.js versions for you to use with N|Solid, Node.js 14 Fermium and Node.js 12 Erbium.

N|Solid v4.6.1 Erbium ships with Node.js v12.22.7 .
N|Solid v4.6.1 Fermium ships with Node.js v14.18.1.

The Node.js 12 Erbium LTS release line will continue to be supported until April 30, 2022.

The Node.js 14 Fermium LTS release line will continue to be supported until April 30, 2023.

Need a helping hand?

If you have any questions, please feel free to contact us at info@nodesource.com.

To get the best out of Node.js, try N|Solid SaaSnow! An augmented version of the Node.js runtime, enhanced to deliver low-impact performance insights and greater security for mission-critical Node.js applications. #KnowYourNode

The NodeSource platform offers a high-definition view of the performance, security and behavior of Node.js applications and functions.

Start for Free