- Fixed multiple high‑severity security bugs in TLS, crypto, HTTP/2, DNS, and permission handling (e.g., hostname normalization, WebCrypto output length guard, SNI case‑sensitivity)
- Added protections against resource exhaustion by capping HTTP/2 originSet size and rejecting hostnames with embedded NUL bytes
- Updated core dependencies (llhttp 9.4.2, undici 8.5.0) and upgraded OpenSSL to 3.5.7
2026-06-18, Version 26.3.1 (Current), @aduh95
Official Node.js changelog summary with source attribution, release tags, and community reactions.
Track this Node.js release note alongside related changelog updates, risky changes, and weekly digest signals from the developer community.
Verify the original release note
Every summary should remain traceable to the original changelog or release source.
More Node.js changelog updates
Introduced numerous new APIs and enhancements: caller‑supplied readFile buffers, synchronous dgram connect/bind, TCP KEEPINTVL/KEEPCNT in net.setKeepAlive, TLS certificateCompression option, HTTP idle‑socket cleanup, loader package maps,...
Community impact
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.