weekly changelog digest

DevOps changelog digest

Jan 12 - Jan 18, 2026. Useful releases, risky migrations, and noisy updates from the DevOps channel.

Most useful

Most risky

Noise filtered

No matching updates in this bucket.

all updates

DevOps updates in 2026-w03

3 updates

Node.js5 months agoJan 13, 2026, 01:58 PMUsefulAI-assisted summary

score 0

~Implemented multiple CVE fixes: added TLSSocket default error handler, network checks on pipe/wrap connect, stricter symlink read/write permissions, disabled futimes under permission model, rethrown stack overflow exceptions in async hoo...
~Updated core dependencies: c‑ares upgraded to v1.34.6 and undici to 7.18.2.

Security-relevantsecuritysource failing

Node.js5 months agoJan 13, 2026, 01:57 PMUsefulAI-assisted summary

score 0

+Add TLSSocket default error handler (CVE‑2025‑59465) and route TLS callback exceptions through error handlers (CVE‑2026‑21637).
−Disable futimes under the permission model, require full read/write permissions for symlink APIs, and refactor unsafe buffer creation to remove zero‑fill toggle (CVE‑2025‑55130, 55131, 55132).
+Rethrow stack‑overflow exceptions in async hooks to avoid silent failures (CVE‑2025‑59466).

Security-relevantsecuritybugfixsource failing

Node.js5 months agoJan 13, 2026, 01:55 PMUsefulAI-assisted summary

score 0

−Fixed multiple CVE vulnerabilities (disabled futimes with permission model, added TLSSocket default error handler, required full read/write for symlink APIs, rethrown stack overflow in async hooks, removed zero‑fill toggle from unsafe bu...
~Updated core dependencies: c‑ares to v1.34.6 and undici to 6.23.0
~Improved error handling and security posture across lib and TLS modules

Security-relevantsecuritybugfixsource failing