- Patched libuv to fix an out-of-bounds read vulnerability (CVE‑2021‑22918) affecting Node's dns.lookup().
- Adjusted Windows installer directory permissions to prevent local privilege escalation (CVE‑2021‑22921) via PATH/DLL hijacking.
- Included upstream cherry‑pick of uv security fix and installer hardening commits.
Community impact
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.