March 10, 2021 By Raymond Xu < 1 min read

The SDK-for-Node.js buildpack includes the community January/February 2021 security releases and updated Node.js runtimes.

The January 2021 security release includes fixes for the following: 

  • Use-after-free in TLSWrap (High) (CVE-2020-8265), which impacts all 10.x, 12.x, and 14.x runtimes.
  • HTTP Request Smuggling in nodejs (Low) (CVE-2020-8287), which impacts all 10.x, 12.x, and 14.x runtimes.
  • OpenSSL – EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971), which affects all 10.x, 12.x, and 14.x runtimes.

The February 2021 security release includes fixes for the following: 

  • HTTP2 ‘unknownProtocol’ cause Denial of Service by resource exhaustion (Critical) (CVE-2021-22883), which impacts all 10.x, 12.x, and 14.x runtimes.
  • DNS rebinding in –inspect (CVE-2021-22884), which impacts all 10.x, 12.x, and 14.x runtimes.
  • OpenSSL – Integer overflow in CipherUpdate (CVE-2021-23840), which impacts all 10.x, 12.x, and 14.x runtimes. 

This buildpack contains the following Node.js runtimes: v10.23.3, v10.24.0, v12.20.2, v12.21.0, v14.15.5, v14.16.0. It is based on the community Node.js buildpack v1.7.44. The latest v10 runtime is the default runtime when one is not specified in the package.json. An existing application will not be affected by the new buildpack until you redeploy or restage. New applications will automatically use the new buildpack.

Learn more

More from Cloud

Enhance your data security posture with a no-code approach to application-level encryption

4 min read - Data is the lifeblood of every organization. As your organization’s data footprint expands across the clouds and between your own business lines to drive value, it is essential to secure data at all stages of the cloud adoption and throughout the data lifecycle. While there are different mechanisms available to encrypt data throughout its lifecycle (in transit, at rest and in use), application-level encryption (ALE) provides an additional layer of protection by encrypting data at its source. ALE can enhance…

Attention new clients: exciting financial incentives for VMware Cloud Foundation on IBM Cloud

4 min read - New client specials: Get up to 50% off when you commit to a 1- or 3-year term contract on new VCF-as-a-Service offerings, plus an additional value of up to USD 200K in credits through 30 June 2025 when you migrate your VMware workloads to IBM Cloud®.1 Low starting prices: On-demand VCF-as-a-Service deployments begin under USD 200 per month.2 The IBM Cloud benefit: See the potential for a 201%3 return on investment (ROI) over 3 years with reduced downtime, cost and…

The history of the central processing unit (CPU)

10 min read - The central processing unit (CPU) is the computer’s brain. It handles the assignment and processing of tasks, in addition to functions that make a computer run. There’s no way to overstate the importance of the CPU to computing. Virtually all computer systems contain, at the least, some type of basic CPU. Regardless of whether they’re used in personal computers (PCs), laptops, tablets, smartphones or even in supercomputers whose output is so strong it must be measured in floating-point operations per…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters