Announcing N|Solid Version 4.5.3
This is a security release and includes a patch for a high-severity issue for Regular Expression Denial of Service (ReDoS).
The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive for developers and can ultimately end up making it easy for attackers to take your site down.
This version also includes:
- A modal that shows the release notes every time there is a release
- A fix in MacOS compilation
- A fix in memory leak in N|Solid
- Fix a crash in exit race condition on the CPU Profiler
Vulnerability
ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option. You can find more information here.
Need a helping hand?
If you have any questions, please feel free to contact us at info@nodesource.com.
To get the best out of Node.js, start a free trial of N|Solid, an augmented version of the Node.js runtime, enhanced to deliver low-impact performance insights and greater security for mission-critical Node.js applications. #KnowYourNode