- Fixed CVE‑2021‑22931: added strict hostname validation in DNS library to prevent RCE, XSS and domain‑hijacking risks.
- Fixed CVE‑2021‑22940: patched use‑after‑free bug in HTTP/2 stream cancellation, including a follow‑up fix for CVE‑2021‑22930.
- Fixed CVE‑2021‑22939: corrected handling of undefined rejectUnauthorized option in HTTPS API to reject invalid certificates.
Community impact
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.