- Patched multiple high‑, medium‑ and low‑severity CVEs that bypass Node.js permission model (e.g., module load, process.binding, Buffer paths).
- Updated OpenSSL dependencies to 3.0.10+quic1, incorporating recent security advisories.
- Added runtime restrictions for process.binding, Module.constructor, and filesystem APIs when the permission model is enabled.
Community impact
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.