Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

CVE to EOL lines: Tracking Issue #1419

Open
RafaelGSS opened this issue Jan 8, 2025 · 2 comments
Open

CVE to EOL lines: Tracking Issue #1419

RafaelGSS opened this issue Jan 8, 2025 · 2 comments
Labels
never-stale

Comments

@RafaelGSS
Copy link
Member

RafaelGSS commented Jan 8, 2025
edited
Loading

Until we find a better place to have it listed, let's use this issue to track the CVE issues for EOL versions of Node.js.

Release line CVE ID CVE issued at
<= v17.x CVE-2025-23087 Schedule to next sec release
v19.x CVE-2025-23088 Schedule to next sec release
v21.x CVE-2025-23089 Schedule to next sec release


v19.x
v21.x

cc: @nodejs/security-release
@richardlau
Copy link
Member

Any reason to start at 14? Can we do 17 and all earlier versions as one CVE?

@RafaelGSS
Copy link
Member Author

Any reason to start at 14? Can we do 17 and all earlier versions as one CVE?

Sure, I thought about issuing CVE for v14 <= and then a new one of each one of the release lines listed but starting on v17 makes sense. I'll update the description.

@RafaelGSS RafaelGSS mentioned this issue Jan 27, 2025
Open
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
never-stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@richardlau @RafaelGSS