Node.js / update detail

2026-03-24, Version 20.20.2 'Iron' (LTS), @marco-ippolito

Official Node.js changelog summary with source attribution, release tags, and community reactions.

Track this Node.js release note alongside related changelog updates, risky changes, and weekly digest signals from the developer community.

Node.js2 months agoMar 24, 2026, 08:35 PMUsefulAI-assisted summary

score 0

~Fixed multiple CVE‑related vulnerabilities including array index hash collisions, timing‑side‑channel issues in Web Crypto HMAC/KMAC, and unsafe header prototypes
+Added permission checks to lib/fs/promises and realpath.native to harden file‑system APIs
~Improved error handling for NGHTTP2 flow‑control errors and wrapped TLS SNICallback in try/catch

Security-relevant

official source

Verify the original release note

Every summary should remain traceable to the original changelog or release source.

AI-assisted summarysource failing

related updates

Node.js4 days agoJun 1, 2026, 01:10 PMUsefulAI-assisted summary

score 0

−Increase Buffer.poolSize default to 64 KiB and add new Buffer‑related improvements; introduce httpValidation option for stricter header validation and permission.drop API; upgrade crypto root certificates to NSS 3.123.1, harden WebCrypto...