-
-
Notifications
You must be signed in to change notification settings - Fork 6.5k
feat(blog): create post for v25.8.2 #8775
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
+109
−0
Merged
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,109 @@ | ||
| --- | ||
| date: '2026-03-24T20:43:41.861Z' | ||
| category: release | ||
| title: Node.js 25.8.2 (Current) | ||
| layout: blog-post | ||
| author: Rafael Gonzaga | ||
| --- | ||
|
|
||
| ## 2026-03-24, Version 25.8.2 (Current), @RafaelGSS | ||
|
|
||
| This is a security release. | ||
|
|
||
| ### Notable Changes | ||
|
|
||
| - (CVE-2026-21637) wrap `SNICallback` invocation in `try`/`catch` (Matteo Collina) - High | ||
| - (CVE-2026-21710) use null prototype for `headersDistinct`/`trailersDistinct` (Matteo Collina) - High | ||
| - (CVE-2026-21711) include permission check to `pipe_wrap.cc` (RafaelGSS) - Medium | ||
| - (CVE-2026-21712) handle url crash on different url formats (RafaelGSS) - Medium | ||
| - (CVE-2026-21713) use timing-safe comparison in Web Cryptography HMAC and KMAC (Filip Skokan) - Medium | ||
| - (CVE-2026-21714) handle `NGHTTP2_ERR_FLOW_CONTROL` error code (RafaelGSS) - Medium | ||
| - (CVE-2026-21717) test array index hash collision (Joyee Cheung) - Medium | ||
| - (CVE-2026-21715) add permission check to `realpath.native` (RafaelGSS) - Low | ||
| - (CVE-2026-21716) include permission check on `lib/fs/promises` (RafaelGSS) - Low | ||
|
|
||
| ### Commits | ||
|
|
||
| - \[[`2086b7477b`](https://github.com/nodejs/node/commit/2086b7477b)] - **(CVE-2026-21717)** **build,test**: test array index hash collision (Joyee Cheung) [nodejs-private/node-private#834](https://github.com/nodejs-private/node-private/pull/834) | ||
| - \[[`0f9332a40a`](https://github.com/nodejs/node/commit/0f9332a40a)] - **(CVE-2026-21713)** **crypto**: use timing-safe comparison in Web Cryptography HMAC and KMAC (Filip Skokan) [nodejs-private/node-private#822](https://github.com/nodejs-private/node-private/pull/822) | ||
| - \[[`2b6937ddb2`](https://github.com/nodejs/node/commit/2b6937ddb2)] - **deps**: update undici to 7.24.4 (Node.js GitHub Bot) [#62271](https://github.com/nodejs/node/pull/62271) | ||
| - \[[`bfb8ad5787`](https://github.com/nodejs/node/commit/bfb8ad5787)] - **deps**: update undici to 7.24.3 (Node.js GitHub Bot) [#62233](https://github.com/nodejs/node/pull/62233) | ||
| - \[[`be6384727f`](https://github.com/nodejs/node/commit/be6384727f)] - **deps**: upgrade npm to 11.11.1 (npm team) [#62216](https://github.com/nodejs/node/pull/62216) | ||
| - \[[`2feea5bb97`](https://github.com/nodejs/node/commit/2feea5bb97)] - **deps**: V8: override `depot_tools` version (Richard Lau) [#62344](https://github.com/nodejs/node/pull/62344) | ||
| - \[[`86c04784dd`](https://github.com/nodejs/node/commit/86c04784dd)] - **(CVE-2026-21710)** **http**: use null prototype for headersDistinct/trailersDistinct (Matteo Collina) [nodejs-private/node-private#821](https://github.com/nodejs-private/node-private/pull/821) | ||
| - \[[`5197a56a34`](https://github.com/nodejs/node/commit/5197a56a34)] - **(CVE-2026-21711)** **permission**: include permission check to pipe_wrap.cc (RafaelGSS) [nodejs-private/node-private#820](https://github.com/nodejs-private/node-private/pull/820) | ||
| - \[[`04a886c735`](https://github.com/nodejs/node/commit/04a886c735)] - **(CVE-2026-21716)** **permission**: include permission check on lib/fs/promises (RafaelGSS) [nodejs-private/node-private#795](https://github.com/nodejs-private/node-private/pull/795) | ||
| - \[[`9a7f80f2b0`](https://github.com/nodejs/node/commit/9a7f80f2b0)] - **(CVE-2026-21715)** **permission**: add permission check to realpath.native (RafaelGSS) [nodejs-private/node-private#794](https://github.com/nodejs-private/node-private/pull/794) | ||
| - \[[`d9c9b628cf`](https://github.com/nodejs/node/commit/d9c9b628cf)] - **(CVE-2026-21714)** **src**: handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS) [nodejs-private/node-private#832](https://github.com/nodejs-private/node-private/pull/832) | ||
| - \[[`45b55dc786`](https://github.com/nodejs/node/commit/45b55dc786)] - **(CVE-2026-21712)** **src**: handle url crash on different url formats (RafaelGSS) [nodejs-private/node-private#816](https://github.com/nodejs-private/node-private/pull/816) | ||
| - \[[`4bfda307c0`](https://github.com/nodejs/node/commit/4bfda307c0)] - **(CVE-2026-21637)** **tls**: wrap SNICallback invocation in try/catch (Matteo Collina) [nodejs-private/node-private#819](https://github.com/nodejs-private/node-private/pull/819) | ||
|
|
||
| Windows 64-bit Installer: https://nodejs.org/dist/v25.8.2/node-v25.8.2-x64.msi \ | ||
| Windows ARM 64-bit Installer: https://nodejs.org/dist/v25.8.2/node-v25.8.2-arm64.msi \ | ||
| Windows 64-bit Binary: https://nodejs.org/dist/v25.8.2/win-x64/node.exe \ | ||
| Windows ARM 64-bit Binary: https://nodejs.org/dist/v25.8.2/win-arm64/node.exe \ | ||
| macOS 64-bit Installer: https://nodejs.org/dist/v25.8.2/node-v25.8.2.pkg \ | ||
| macOS Apple Silicon 64-bit Binary: https://nodejs.org/dist/v25.8.2/node-v25.8.2-darwin-arm64.tar.gz \ | ||
| macOS Intel 64-bit Binary: https://nodejs.org/dist/v25.8.2/node-v25.8.2-darwin-x64.tar.gz \ | ||
| Linux 64-bit Binary: https://nodejs.org/dist/v25.8.2/node-v25.8.2-linux-x64.tar.xz \ | ||
| Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v25.8.2/node-v25.8.2-linux-ppc64le.tar.xz \ | ||
| Linux s390x 64-bit Binary: https://nodejs.org/dist/v25.8.2/node-v25.8.2-linux-s390x.tar.xz \ | ||
| AIX 64-bit Binary: https://nodejs.org/dist/v25.8.2/node-v25.8.2-aix-ppc64.tar.gz \ | ||
| ARMv8 64-bit Binary: https://nodejs.org/dist/v25.8.2/node-v25.8.2-linux-arm64.tar.xz \ | ||
| Source Code: https://nodejs.org/dist/v25.8.2/node-v25.8.2.tar.gz \ | ||
| Other release files: https://nodejs.org/dist/v25.8.2/ \ | ||
| Documentation: https://nodejs.org/docs/v25.8.2/api/ | ||
|
|
||
| ### SHASUMS | ||
|
|
||
| ``` | ||
| -----BEGIN PGP SIGNED MESSAGE----- | ||
| Hash: SHA256 | ||
|
|
||
| d9fd5dcbfa95727bf30eed1ba1587cbb956a9e5364cf280e0bee2cfa7253802f node-v25.8.2-aix-ppc64.tar.gz | ||
| 1d8e77a827bd19bac021fccd1f4b0e1f53ef2c4963c40aa2cfadfb8426486351 node-v25.8.2-arm64.msi | ||
| fb8dabfda3232ef90d992e6439824fc3237356c04d182f3fa883bebeef31e871 node-v25.8.2-darwin-arm64.tar.gz | ||
| ed0d0d6a1a2594d557f36f451ff34dff321d37b7ecb0d24b87c9ff2051086a18 node-v25.8.2-darwin-arm64.tar.xz | ||
| 530ffb419789f843215375a65b8fcf4cf010735e99276f512a241a31ba8e5e13 node-v25.8.2-darwin-x64.tar.gz | ||
| 16ccd800deb1a3de28cc71c77226608aa6dc380f86609fd810be3b60a3da1460 node-v25.8.2-darwin-x64.tar.xz | ||
| 0592acd2a654d1c03360827774b3106453044b42b6d56cc70898f8edf7ac253d node-v25.8.2-headers.tar.gz | ||
| 15ccf7adaff8a2d665fd2e7e32c0c106231eeb4bee2fe493e8a829701da60512 node-v25.8.2-headers.tar.xz | ||
| 2f823ecd4f9331d6492fedbe50c5a610be3084521f3a5af146875e00a52f2e63 node-v25.8.2-linux-arm64.tar.gz | ||
| b7e8e0c9d48b6d9a43cf6e8d3960127473db001d60e964cb5e955e95603666eb node-v25.8.2-linux-arm64.tar.xz | ||
| 8910cb32177b689620282859ce19a2c0285e55eeedef4854ff9af3da3bb54b5e node-v25.8.2-linux-ppc64le.tar.gz | ||
| 6eda60bf124af0469be1045def9e1421c389ca0e2a67ab93834c5d7a41ed7f8f node-v25.8.2-linux-ppc64le.tar.xz | ||
| 71af59d9a2e40cee6740084c40ae28138eff4d5fbf1ba81dbc729dffc5c71f7c node-v25.8.2-linux-s390x.tar.gz | ||
| fcd6dcc95564e293762b81699ee4614d0d867a26614a6549600b28751910834f node-v25.8.2-linux-s390x.tar.xz | ||
| e06c7069012d40914c57b31157c69d4ce83ea1fe9d63bbb7d26e0509a4535d21 node-v25.8.2-linux-x64.tar.gz | ||
| 13a4c88c391aade2b7afba799ff27d09773b04e8a6c27f52908f79ff0e3787f5 node-v25.8.2-linux-x64.tar.xz | ||
| e850a0f2ff0fc8ffd93218ef0a5bf9d5e2ddaab50a3953d3676662584534fb93 node-v25.8.2-win-arm64.7z | ||
| a08e817d3ca86e065898c7d926f9c0c9a6d812ac9888f7f7cfd8c147ee8cbb29 node-v25.8.2-win-arm64.zip | ||
| e50bc4b23c85eeaa782423846c837fdd613dfb4cf5acf7841ca1048b4c66372b node-v25.8.2-win-x64.7z | ||
| 51815d5b0256b947d27d614de04060fcfdbdb830d2c86e63e6f33dbf7964cca7 node-v25.8.2-win-x64.zip | ||
| 176cc1d25eaacf1d8058bc319214ca156a4ad7b985d5ae0f239dbc26aa42ffd5 node-v25.8.2-x64.msi | ||
| 90b364d8d6e6faabe13525c107f626cbfd69b9536aa87c5f2997ad81461b4fe6 node-v25.8.2.pkg | ||
| 10335f268f7ffacd4f2b4f48d91dc5b19b1577a2861248ca414614ea24ebee65 node-v25.8.2.tar.gz | ||
| 3efb19e757dc59bb21632507200d2de782369d5226a68955e9372c925fdf2471 node-v25.8.2.tar.xz | ||
| 4c82a15e4af72881f8f4942506da1b56f2c4b2095924d8442de9f0ad96727834 win-arm64/node.exe | ||
| 47750ee99207e5b621671565852cf7385f27bf664470886b9437137342a497c9 win-arm64/node.lib | ||
| 2ed75e3a7fe8a85aa034c7c9c009bab8d65ce08722f5ab9c3bb3c5588ff6798d win-arm64/node_pdb.7z | ||
| e9e90a2fcf1db28870dbb9750326892e9574130602ab6114d1504d4219763d62 win-arm64/node_pdb.zip | ||
| f8d22c62786c547dc76b15c744e86c0ac1fe9dc38f2e0610dbad4d2b223a4544 win-x64/node.exe | ||
| f7201b932d898bdbf78aee7add288d2263c4791f1502068ad11b6c14675c6324 win-x64/node.lib | ||
| 28288d282ef8043712bc227d43c475a4b60f42b6a1cd8007954e785e5220550c win-x64/node_pdb.7z | ||
| 9c82e8c3931b46b7b975c41246e097d8980a68ea020e69ca9ad685b53179bbb6 win-x64/node_pdb.zip | ||
| -----BEGIN PGP SIGNATURE----- | ||
|
|
||
| iQGzBAEBCAAdFiEEiQwI24V5Fi/uDfnbi+q0389VXvQFAmnC9sAACgkQi+q0389V | ||
| XvS4Ugv/Y074JLw5sr2pwbNhqLJCT2Jq7IHvYcOSsZ7VRIbmkOajhYKkVY9bKmoj | ||
| ELdk1qpkQYYH1cEEE7YRBqJGwEVChLu//GgvnLgwopR0QRn4Si+2EuSUYUmBXkAx | ||
| nLAHthd6HgSVF0A61jsNiTNlyS3tSkubfSGo82OuBMFtiD6n8A5ilgT4zeG+7ydB | ||
| tFv+jL5FevUdmYxC7rglSjdrZ/J/uyh2VGnbh1BOwdKSirYrMTEzvpJpX+v4lXHe | ||
| vlqvY2KIgR9g4f0pMMqZQ6Gx4MTfXfZYWPajLkHgdtMVe1Bsc82hfWwbHpzcCQFT | ||
| j5E0L1HzEC+ornLuv6o+muyX6Yj2weDNhfpIPQWARchcSgKrHZiG3yeEzlj0HLm6 | ||
| mn+rDRVLSqK8FwERn/rxHCUZHBzfupF2970a3APB6fXwYXt4u94qCpFsRthoJeA+ | ||
| GZ+elk0wLrKpwZs8bnz00RSAfqZ9Uy8PKGGVlelahE4mhjxHs7SbjC381xAwsAVC | ||
| LCDG1U7a | ||
| =8GXb | ||
| -----END PGP SIGNATURE----- | ||
| ``` | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.