- Strengthened TLS and DNS security: hostname normalization for server identity, case‑sensitive SNI fix, rejecting hostnames with embedded NUL bytes, and binding reusable sessions to authenticated hosts.
- Hardened cryptographic and HTTP modules: added length guard for WebCrypto cipher output, capped HTTP/2 originSet size, redacted proxy credentials in tunnel errors, and fixed response‑queue poisoning in http.Agent.
- Updated native dependencies: upgraded nghttp2 to 1.69.0, OpenSSL to 3.5.7, and Undici to 7.28.0, addressing integration and security concerns.
2026-06-18, Version 24.17.0 'Krypton' (LTS), @aduh95
Official Node.js changelog summary with source attribution, release tags, and community reactions.
Track this Node.js release note alongside related changelog updates, risky changes, and weekly digest signals from the developer community.
Verify the original release note
Every summary should remain traceable to the original changelog or release source.
More Node.js changelog updates
Introduced numerous new APIs and enhancements: caller‑supplied readFile buffers, synchronous dgram connect/bind, TCP KEEPINTVL/KEEPCNT in net.setKeepAlive, TLS certificateCompression option, HTTP idle‑socket cleanup, loader package maps,...
Community impact
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.