Node.js patches will be delayed by as much as two days due to the impending release of updates to OpenSSL, which is leveraged in Node.js.
The Node.js Foundation announced a week ago that it would have patches out by yesterday to mend issues pertaining to potential denial-of-service and out-of-bound access vulnerabilities. But these security releases will wait until late Thursday or Friday, after OpenSSL releases security updates that impact versions 1.0.2, 1.0.1, 1.0.0 and 0.9.8 of OpenSSL. The intent is to release the Node.js fixes with the OpenSSL upgrades included.
To read this article in full or to leave a comment, please click here