January 7, 2021 By Raymond Xu < 1 min read

The Node.js runtimes: v10.23.1, v12.20.1, and v14.15.4 contain a fix for an OpenSSL security vulnerability (CVE-2020-1971).

OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference which impacts all 10.x, 12.x, and 14.x runtimes. 

These runtimes (v10.23.1, v12.20.1, v14.15.4) are not yet included in the Node.js buildpack. However, the user can specify these runtimes in their package.json to download the required runtime.  For example: 

"engines": {
     "node": "12.20.1"
}

The buildpack does not support semver when downloading runtimes and a specific version must be specified.  

Learn more

More from Cloud

IBM Tech Now: April 8, 2024

< 1 min read - ​Welcome IBM Tech Now, our video web series featuring the latest and greatest news and announcements in the world of technology. Make sure you subscribe to our YouTube channel to be notified every time a new IBM Tech Now video is published. IBM Tech Now: Episode 96 On this episode, we're covering the following topics: IBM Cloud Logs A collaboration with IBM watsonx.ai and Anaconda IBM offerings in the G2 Spring Reports Stay plugged in You can check out the…

The advantages and disadvantages of private cloud 

6 min read - The popularity of private cloud is growing, primarily driven by the need for greater data security. Across industries like education, retail and government, organizations are choosing private cloud settings to conduct business use cases involving workloads with sensitive information and to comply with data privacy and compliance needs. In a report from Technavio (link resides outside ibm.com), the private cloud services market size is estimated to grow at a CAGR of 26.71% between 2023 and 2028, and it is forecast to increase by…

Optimize observability with IBM Cloud Logs to help improve infrastructure and app performance

5 min read - There is a dilemma facing infrastructure and app performance—as workloads generate an expanding amount of observability data, it puts increased pressure on collection tool abilities to process it all. The resulting data stress becomes expensive to manage and makes it harder to obtain actionable insights from the data itself, making it harder to have fast, effective, and cost-efficient performance management. A recent IDC study found that 57% of large enterprises are either collecting too much or too little observability data.…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters