- Add http1Options and strictSingleValueFields options to http2 for HTTP/1 fallback and relaxed header validation
- Enable ESM entry‑point support in SEA and promote sqlite to a release‑candidate module
- Rename Duplex.toWeb() option to readableType, add fast‑path stream APIs, improve test runner SIGINT handling, and update Windows build tools and GitHub‑Actions runners
Docker changelog digest
Feb 23 - Mar 1, 2026. Useful releases, risky migrations, and noisy updates from the Docker channel.
No matching updates in this bucket.
Docker updates in 2026-w09
- Add new options and APIs: async_hooks.trackPromises, fs.watch ignore, http.setGlobalProxyFromEnv, module subpath imports starting with '/', stream.bytes() consumer, and test runner env and fail‑expectation options.
- Enable ESM support in the embedder API and set SQLite defensive mode and prepare options as defaults.
- Update dependencies (e.g., LIEF, npm 11.9.0, undici 7.21.0) and improve documentation across events, security, and deprecations.
- Fixed a security vulnerability where crafted CRLF sequences in Redis error replies could be used to manipulate data read by a connection.
- Improved handling of Redis error messages to sanitize injected newline characters.
- Fix a vulnerability where CR\r\n sequences could be injected into Redis error replies, allowing data manipulation by a malicious user.
- Apply a security patch to sanitize error responses, preventing manipulation of connection data.
- Fix prevents data manipulation by injecting CRLF sequences into Redis error replies
- Ensures connections cannot be tricked into reading tampered data
- Fix for CRLF injection in Redis error replies
- Prevents malicious manipulation of data read by connections
- Fixed a security issue where injected CRLF sequences could manipulate data read from Redis error replies.
- Added the missing HOTKEYS HELP subcommand and ensured INFO correctly displays module information.
- Resolved an RDB loading bug that prevented hash table expansion, reducing load times.