- Fix omission of omitApi preview checks when promoting to GA.
- omitApi now functions fully without the preview feature flag.
No matching updates in this bucket.
Backend updates in 2025-w02
- Permission model status upgraded from Active Development to Stable.
- WebCryptoAPI Ed25519 and X25519 algorithms graduated to stable, eliminating ExperimentalWarning.
- Minor enhancements include new partialDeepStrictEqual assertion, trace‑env CLI options, blocklist support for dgram and net, module stripTypeScriptTypes, and deprecation of features.{ipv6,uv} and features.tls.
- Enabled experimental strip types flag by default, allowing Node.js to execute TypeScript files via STDIN eval and worker eval input (experimental).
- Added process.ref() and process.unref() methods and extended lib to support TypeScript in STDIN eval and worker eval input.
- Updated documentation (examples, parseArg defaults, security notes) and performed numerous build, dependency, and test stability improvements.
- Fixed critical security vulnerabilities (CVE‑2024‑46981 remote code execution, CVE‑2024‑51741 denial‑of‑service) and related ACL selector DoS.
- Resolved multiple stability bugs including crashes in module memory defragmentation, cluster config loading, incorrect hash key expiration counts, and a memory leak on failed RDB loads.
- Corrected stream inconsistencies (XINFO lag, XTRIM tombstone handling) and fixed cluster command issues (CLUSTER SHARDS empty array, SORT … GET error message).
- Critical security fixes addressing remote code execution (CVE‑2024‑51741) and denial‑of‑service vulnerabilities (CVE‑2024‑46981).
- Multiple stability bugs resolved, including OOM crashes, stream lag/tombstone inaccuracies, XTRIM misbehavior, and various cluster crash and compatibility issues.
- Security fix for CVE‑2024‑46981 addressing remote code execution via Lua script commands
- Upgrade recommended due to security urgency