weekly changelog digest

Sentry changelog digest

Jan 20 - Jan 26, 2025. Useful releases, risky migrations, and noisy updates from the Sentry channel.

Most useful

Most risky

Noise filtered

No matching updates in this bucket.

all updates

Sentry updates in 2025-w04

4 updates

Node.js1 year agoJan 21, 2025, 05:04 PMUsefulAI-assisted summary

score 0

~Fixed HTTP/2 memory leak on premature connection close and addressed ERR_PROTO issues (CVE‑2025‑23085).
~Patched path traversal vulnerability in normalize() on Windows (CVE‑2025‑23084).
~Updated undici to v5.28.5, mitigating insufficient randomness in fetch() (CVE‑2025‑22150).

Security-relevantsecuritybugfixsource failing

Node.js1 year agoJan 21, 2025, 05:03 PMUsefulAI-assisted summary

score 0

~Fix multiple CVEs: internal worker permission check (CVE‑2025‑23083), HTTP/2 memory leak and ERR_PROTO (CVE‑2025‑23085), and Windows path traversal in normalize() (CVE‑2025‑23084)
~Update undici to v6.21.1 addressing CVE‑2025‑22150 (insufficiently random values in fetch)
~Apply related patches to src, loader, permission, and path modules

Security-relevantsecuritybugfixsource failing

Node.js1 year agoJan 21, 2025, 05:02 PMUsefulAI-assisted summary

score 0

+Throw on InternalWorker usage when permission model is enabled (CVE‑2025‑23083)
~Fix HTTP/2 memory leak on premature close and ERR_PROTO (CVE‑2025‑23085)
~Patch path traversal in normalize() on Windows and update undici to v6.21.1 (CVE‑2025‑23084, CVE‑2025‑22150)

Security-relevantsecuritybugfixsource failing

Node.js1 year agoJan 21, 2025, 05:00 PMUsefulAI-assisted summary

score 0

+Added permission check that throws on InternalWorker usage when the permission model is enabled (CVE‑2025‑23083).
~Patched HTTP/2 memory leak and ERR_PROTO handling, and fixed path traversal in normalize() on Windows (CVE‑2025‑23085, CVE‑2025‑23084).
~Updated undici to v6.21.1, addressing CVE‑2025‑22150 (insufficiently random values).

Security-relevantsecuritybugfixsource failing