As promised, the Node.js Foundation updated all maintenance, long-term-support, and stable releases of Node.js to address two critical vulnerabilities.
The patches were announced a week ago and were expected earlier this week, but the Foundation held back the release in order to include the latest OpenSSL version, also patched this week. Node.js 0.10.x (Maintenance) and 0.12.x (LTS) depend on OpenSSL 1.0.1, and Node.js 4.x (LTS Argon) and 5.x depend on OpenSSL 1.0.2.
To read this article in full or to leave a comment, please click here