Tuesday, March 14, 2023
HomeNodejsOpenSSL 3.0.7 upgrade analysis|Node.js

OpenSSL 3.0.7 upgrade analysis|Node.js

The susceptability in the OpenSSL Safety And Security Advisory of Dec 13 2022 do not impact any kind of energetic Node.js launch lines.

Our analysis of the protection advisory is:

Node.js does not call OpenSSL as a different procedure (so the opportunity to utilize the - plan flag is void), neither phone call
the features X509_VERIFY_PARAM_add0_policy()' as well as X509_VERIFY_PARAM_set1_policies()’.
As a result, Node.js is not influenced by this susceptability.

Get in touch with as well as future updates

The present Node.js protection plan can be located at https://github.com/nodejs/node/blob/HEAD/SECURITY.md#security,.
consisting of details on exactly how to report a susceptability in Node.js.

Sign up for the low-volume announcement-only nodejs-sec newsletter at.
https://groups.google.com/forum/#!forum/nodejs-sec to keep up to day on.
protection susceptabilities as well as security-related launches of Node.js as well as the.
tasks preserved in the.
nodejs GitHub company


Most Popular

Recent Comments