Skip to content

Commit 6add85e

Browse files
marco-ippolitoRafaelGSS
marco-ippolito
authored and
RafaelGSS
committed
2026-01-13, Version 22.22.0 'Jod' (LTS)
This is a security release. Notable changes: lib: * (CVE-2025-59465) add TLSSocket default error handler * (CVE-2025-55132) disable futimes when permission model is enabled lib,permission: * (CVE-2025-55130) require full read and write to symlink APIs src: * (CVE-2025-59466) rethrow stack overflow exceptions in async_hooks src,lib: * (CVE-2025-55131) refactor unsafe buffer creation to remove zero-fill toggle tls: * (CVE-2026-21637) route callback exceptions through error handlers PR-URL: nodejs-private/node-private#801
1 parent d4d9f39 commit 6add85e

File tree

3 files changed

+38
-4
lines changed

3 files changed

+38
-4
lines changed

CHANGELOG.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,8 @@ release.
3737
</tr>
3838
<tr>
3939
<td valign="top">
40-
<b><a href="doc/changelogs/CHANGELOG_V22.md#22.21.1">22.21.1</a></b><br/>
40+
<b><a href="doc/changelogs/CHANGELOG_V22.md#22.22.0">22.22.0</a></b><br/>
41+
<a href="doc/changelogs/CHANGELOG_V22.md#22.21.1">22.21.1</a><br/>
4142
<a href="doc/changelogs/CHANGELOG_V22.md#22.21.0">22.21.0</a><br/>
4243
<a href="doc/changelogs/CHANGELOG_V22.md#22.20.0">22.20.0</a><br/>
4344
<a href="doc/changelogs/CHANGELOG_V22.md#22.19.0">22.19.0</a><br/>

doc/changelogs/CHANGELOG_V22.md

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@
99
</tr>
1010
<tr>
1111
<td>
12+
<a href="#22.22.0">22.22.0</a><br/>
1213
<a href="#22.21.1">22.21.1</a><br/>
1314
<a href="#22.21.0">22.21.0</a><br/>
1415
<a href="#22.20.0">22.20.0</a><br/>
@@ -67,6 +68,38 @@
6768
* [io.js](CHANGELOG_IOJS.md)
6869
* [Archive](CHANGELOG_ARCHIVE.md)
6970

71+
<a id="22.22.0"></a>
72+
73+
## 2026-01-13, Version 22.22.0 'Jod' (LTS), @marco-ippolito
74+
75+
This is a security release.
76+
77+
### Notable Changes
78+
79+
lib:
80+
81+
* (CVE-2025-59465) add TLSSocket default error handler
82+
* (CVE-2025-55132) disable futimes when permission model is enabled
83+
lib,permission:
84+
* (CVE-2025-55130) require full read and write to symlink APIs
85+
src:
86+
* (CVE-2025-59466) rethrow stack overflow exceptions in async\_hooks
87+
src,lib:
88+
* (CVE-2025-55131) refactor unsafe buffer creation to remove zero-fill toggle
89+
tls:
90+
* (CVE-2026-21637) route callback exceptions through error handlers
91+
92+
### Commits
93+
94+
* \[[`6badf4e6f4`](https://github.com/nodejs/node/commit/6badf4e6f4)] - **deps**: update c-ares to v1.34.6 (Node.js GitHub Bot) [#60997](https://github.com/nodejs/node/pull/60997)
95+
* \[[`37509c3ff0`](https://github.com/nodejs/node/commit/37509c3ff0)] - **deps**: update undici to 6.23.0 (Matteo Collina) [nodejs-private/node-private#791](https://github.com/nodejs-private/node-private/pull/791)
96+
* \[[`eb8e41f8db`](https://github.com/nodejs/node/commit/eb8e41f8db)] - **(CVE-2025-59465)** **lib**: add TLSSocket default error handler (RafaelGSS) [nodejs-private/node-private#797](https://github.com/nodejs-private/node-private/pull/797)
97+
* \[[`ebbf942a83`](https://github.com/nodejs/node/commit/ebbf942a83)] - **(CVE-2025-55132)** **lib**: disable futimes when permission model is enabled (RafaelGSS) [nodejs-private/node-private#748](https://github.com/nodejs-private/node-private/pull/748)
98+
* \[[`6b4849583a`](https://github.com/nodejs/node/commit/6b4849583a)] - **(CVE-2025-55130)** **lib,permission**: require full read and write to symlink APIs (RafaelGSS) [nodejs-private/node-private#760](https://github.com/nodejs-private/node-private/pull/760)
99+
* \[[`ddadc31f09`](https://github.com/nodejs/node/commit/ddadc31f09)] - **(CVE-2025-59466)** **src**: rethrow stack overflow exceptions in async\_hooks (Matteo Collina) [nodejs-private/node-private#773](https://github.com/nodejs-private/node-private/pull/773)
100+
* \[[`d4d9f3915f`](https://github.com/nodejs/node/commit/d4d9f3915f)] - **(CVE-2025-55131)** **src,lib**: refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) [nodejs-private/node-private#759](https://github.com/nodejs-private/node-private/pull/759)
101+
* \[[`25d6799df6`](https://github.com/nodejs/node/commit/25d6799df6)] - **(CVE-2026-21637)** **tls**: route callback exceptions through error handlers (Matteo Collina) [nodejs-private/node-private#796](https://github.com/nodejs-private/node-private/pull/796)
102+
70103
<a id="22.21.1"></a>
71104

72105
## 2025-10-28, Version 22.21.1 'Jod' (LTS), @aduh95

src/node_version.h

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -23,13 +23,13 @@
2323
#define SRC_NODE_VERSION_H_
2424

2525
#define NODE_MAJOR_VERSION 22
26-
#define NODE_MINOR_VERSION 21
27-
#define NODE_PATCH_VERSION 2
26+
#define NODE_MINOR_VERSION 22
27+
#define NODE_PATCH_VERSION 0
2828

2929
#define NODE_VERSION_IS_LTS 1
3030
#define NODE_VERSION_LTS_CODENAME "Jod"
3131

32-
#define NODE_VERSION_IS_RELEASE 0
32+
#define NODE_VERSION_IS_RELEASE 1
3333

3434
#ifndef NODE_STRINGIFY
3535
#define NODE_STRINGIFY(n) NODE_STRINGIFY_HELPER(n)

0 commit comments

Comments
 (0)