- Fix CVE-2021-22931: add proper handling of atypical characters in DNS hostnames to prevent remote code execution, XSS, and domain hijacking.
- Fix CVE-2021-22940: patch use‑after‑free vulnerability in HTTP/2 stream cancel handling.
- Fix CVE-2021-22939: validate "rejectUnauthorized" when undefined in HTTPS API, preventing acceptance of expired certificates.
Community impact
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.