doc: announce Feb security release (#5042)

* doc: announce Feb security release Signed-off-by: Michael Dawson <mdawson@devrus.com> * Update locale/en/blog/vulnerability/february-2023-security-releases.md Signed-off-by: Michael Dawson <mdawson@devrus.com> --------- Signed-off-by: Michael Dawson <mdawson@devrus.com>
nodejs · Feb 7, 2023 · 3d1bc0a · 3d1bc0a
1 parent 0071a7d
commit 3d1bc0a
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 4 deletions.
diff --git a/locale/en/blog/vulnerability/february-2023-security-releases.md b/locale/en/blog/vulnerability/february-2023-security-releases.md
@@ -0,0 +1,42 @@
+---
+date: 2023-02-07T17:00:00.000Z
+category: vulnerability
+title: Tuesday February 14 2023 Security Releases
+slug: february-2023-security-releases
+layout: blog-post.hbs
+author: Michael Dawson
+---
+
+Pre-release announce
+
+# Summary
+
+The Node.js project will release new versions of the 14.x, 16.x, 18.x and 19.x
+releases lines on or shortly after, Tuesday February 14 2023 in order to address:
+
+* 2 low severity issues.
+* 2 medium severity issues.
+* 1 high severity issues.
+* OpenSSL security updates for which the highest vulnerability severity is high. You
+  can read more about this update in the
+  [OpenSSL security advisory](https://www.openssl.org/news/secadv/20230207.txt).
+
+## Impact
+
+The 19.x release line of Node.js is vulnerable to 2 low severity issues, 2 medium severity issues and 1 high severity issue and the OpenSSL vulnerabilities.
+
+The 18.x release line of Node.js is vulnerable to 2 low severity issues, 2 medium severity issues and 1 high severity issue and the OpenSSL vulnerabilities.
+
+The 16.x release line of Node.js is vulnerable to 2 low severity issues, 2 medium severity issues, and 1 high severity issue and the OpenSSL vulnerabilities.
+
+The 14.x release line of Node.js is vulnerable to 1 low severity issue, and 1 high severity issue and the OpenSSL vulnerabilities.
+
+## Release timing
+
+Releases will be available on, or shortly after, Tuesday February 14 2023.
+
+## Contact and future updates
+
+The current Node.js security policy can be found at https://nodejs.org/en/security/. Please follow the process outlined in https://github.com/nodejs/node/blob/master/SECURITY.md if you wish to report a vulnerability in Node.js.
+
+Subscribe to the low-volume announcement-only nodejs-sec mailing list at https://groups.google.com/forum/#!forum/nodejs-sec to stay up to date on security vulnerabilities and security-related releases of Node.js and the projects maintained in the nodejs GitHub organization.
diff --git a/locale/en/site.json b/locale/en/site.json
@@ -131,10 +131,10 @@
   },
   "banners": {
     "index": {
-      "startDate": "2022-12-16T17:00:00.000Z",
-      "endDate": "2022-12-30T16:00:00.000Z",
-      "text": "Node.js assessment of OpenSSL 3.0.7 security advisory",
-      "link": "https://nodejs.org/en/blog/vulnerability/openssl-fixes-in-regular-releases-dec2022/"
+      "startDate": "2023-02-14T16:00:00.000Z",
+      "endDate": "2023-03-07T23:00:00.000Z",
+      "text": "New security releases to be made available February 14th, 2023",
+      "link": "https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/"
     },
     "blacklivesmatter": {
       "visible": false,