March 10, 2021 By Raymond Xu < 1 min read

The SDK-for-Node.js buildpack includes the community January/February 2021 security releases and updated Node.js runtimes.

The January 2021 security release includes fixes for the following: 

  • Use-after-free in TLSWrap (High) (CVE-2020-8265), which impacts all 10.x, 12.x, and 14.x runtimes.
  • HTTP Request Smuggling in nodejs (Low) (CVE-2020-8287), which impacts all 10.x, 12.x, and 14.x runtimes.
  • OpenSSL – EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971), which affects all 10.x, 12.x, and 14.x runtimes.

The February 2021 security release includes fixes for the following: 

  • HTTP2 ‘unknownProtocol’ cause Denial of Service by resource exhaustion (Critical) (CVE-2021-22883), which impacts all 10.x, 12.x, and 14.x runtimes.
  • DNS rebinding in –inspect (CVE-2021-22884), which impacts all 10.x, 12.x, and 14.x runtimes.
  • OpenSSL – Integer overflow in CipherUpdate (CVE-2021-23840), which impacts all 10.x, 12.x, and 14.x runtimes. 

This buildpack contains the following Node.js runtimes: v10.23.3, v10.24.0, v12.20.2, v12.21.0, v14.15.5, v14.16.0. It is based on the community Node.js buildpack v1.7.44. The latest v10 runtime is the default runtime when one is not specified in the package.json. An existing application will not be affected by the new buildpack until you redeploy or restage. New applications will automatically use the new buildpack.

Learn more

More from Cloud

Attention new clients: exciting financial incentives for VMware Cloud Foundation on IBM Cloud

4 min read - New client specials: Get up to 50% off when you commit to a 1- or 3-year term contract on new VCF-as-a-Service offerings, plus an additional value of up to USD 200K in credits through 30 June 2025 when you migrate your VMware workloads to IBM Cloud®.1 Low starting prices: On-demand VCF-as-a-Service deployments begin under USD 200 per month.2 The IBM Cloud benefit: See the potential for a 201%3 return on investment (ROI) over 3 years with reduced downtime, cost and…

24 IBM offerings winning TrustRadius 2024 Top Rated Awards

2 min read - TrustRadius is a buyer intelligence platform for business technology. Comprehensive product information, in-depth customer insights and peer conversations enable buyers to make confident decisions. “Earning a Top Rated Award means the vendor has excellent customer satisfaction and proven credibility. It’s based entirely on reviews and customer sentiment,” said Becky Susko, TrustRadius, Marketing Program Manager of Awards. Top Rated Awards have to be earned: Gain 10+ new reviews in the past 12 months Earn a trScore of 7.5 or higher from…

IBM Tech Now: April 8, 2024

< 1 min read - ​Welcome IBM Tech Now, our video web series featuring the latest and greatest news and announcements in the world of technology. Make sure you subscribe to our YouTube channel to be notified every time a new IBM Tech Now video is published. IBM Tech Now: Episode 96 On this episode, we're covering the following topics: IBM Cloud Logs A collaboration with IBM watsonx.ai and Anaconda IBM offerings in the G2 Spring Reports Stay plugged in You can check out the…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters