Changes.Watch
Digest
weekly changelog digest

Security changelog digest

Jul 14 - Jul 20, 2025. Useful releases, risky migrations, and noisy updates from the Security channel.

ClerkCloudflareGitHubNode.jsSentrySupabase

Most useful

2025-07-15, Version 20.19.4 'Iron' (LTS), @RafaelGSS2025-07-15, Version 22.17.1 'Jod' (LTS), @RafaelGSS2025-07-15, Version 24.4.1 (Current), @RafaelGSS

Most risky

2025-07-15, Version 20.19.4 'Iron' (LTS), @RafaelGSS2025-07-15, Version 22.17.1 'Jod' (LTS), @RafaelGSS2025-07-15, Version 24.4.1 (Current), @RafaelGSS

Noise filtered

No matching updates in this bucket.

all updates

Security updates in 2025-w29

3 updates
Node.jsUsefulAI-assisted summary

2025-07-15, Version 20.19.4 'Iron' (LTS), @RafaelGSS

score 0
  • ~Fixed CVE‑2025‑27210: prevented Windows reserved device names (CON, PRN, AUX) from bypassing path.normalize() protection.
  • ~Updated lib to correctly handle all Windows reserved driver names.
Security-relevantsecuritybugfixsource failing
Source
Node.jsUsefulAI-assisted summary

2025-07-15, Version 22.17.1 'Jod' (LTS), @RafaelGSS

score 0
  • ~- Fixed CVE‑2025‑27210 by handling Windows reserved device names (CON, PRN, AUX) and tightening path.normalize() traversal protection.
  • ~- Updated lib to block reserved driver names on Windows.
  • ~- Patched MSVS v17.14 compilation issue on Windows builds.
Security-relevantsecuritybugfixsource failing
Source
Node.jsUsefulAI-assisted summary

2025-07-15, Version 24.4.1 (Current), @RafaelGSS

score 0
  • ~Patched CVE-2025-27209: mitigated HashDoS in V8 by reverting recent rapidhash changes.
  • ~Patched CVE-2025-27210: fixed Windows reserved device names (CON, PRN, AUX) bypass in path.normalize().
  • ~Updated V8 dependency and added handling for all Windows reserved driver names.
Security-relevantsecuritybugfixsource failing
Source