Security Release for N|Solid 4.5.6 - NodeSource

The NodeSource Blog

You have reached the beginning of time!

Security Release for N|Solid 4.5.6

IMPORTANT: This release of N|Solid v4.5.6 contains a Node.js security release!

NodeSource is excited to announce N|Solid v4.5.6 which includes fixes for three medium and one high severity issues. It contains the following changes:

  • Node.js v12.22.2 (LTS): Includes a Node.js security release captured in Node.js v12.22.2 (LTS).
  • Node.js v14.17.2 (LTS): Includes a Node.js security release captured in Node.js v14.17.2 (LTS).

A new environment variable was added in the N|Solid Console to set a value for the influx connection attempt.
For detailed information on installing and using N|Solid, please refer to the N|Solid User Guide.

Changes

  • Includes a Node.js security release captured in Node.js v12.22.2 (LTS) (read more here). Vulnerabilities fixed include:
    • CVE-2021-22918: libuv upgrade - Out of bounds read (Medium).
    • CVE-2021-22921: Windows installer - Node Installer Local Privilege Escalation (Medium).
    • CVE-2021-27290: npm upgrade - ssri Regular Expression Denial of Service (ReDoS) (High).
    • CVE-2021-23362: npm upgrade - hosted-git-info Regular Expression Denial of Service (ReDoS) (Medium).
  • Includes a Node.js security release captured in Node.js v14.17.2 (LTS) (read more here). Vulnerabilities fixed include:
    • CVE-2021-22918: libuv upgrade - Out of bounds read (Medium).
    • CVE-2021-22921: Windows installer - Node Installer Local Privilege Escalation (Medium).
  • You can now use NSOLID_CONSOLE_INFLUXDB_CONNECT_ATTEMPT_LIMIT to set the limit of attempts to wait Influxdb to startup. Useful for the cases when the NSolid Console is having trouble starting due to Influxdb stopping the boot process randomly.

There are two available LTS Node.js versions for you to use with N|Solid, Node.js 14 Fermium and Node.js 12 Erbium.

N|Solid v4.5.6 Erbium ships with Node.js v12.22.2

N|Solid v4.5.6 Fermium ships with Node.js v14.17.2

The Node.js 12 Erbium LTS release line will continue to be supported until April 30, 2022.

The Node.js 14 Fermium LTS release line will continue to be supported until April 30, 2023.

The NodeSource platform offers a high-definition view of the performance, security and behavior of Node.js applications and functions.

Start for Free