← Back to feed
Security patch:
nodejs/node v25.8.2: 2026-03-24, Version 25.8.2 (Current), @RafaelGSS
GitHub·Backend·SecurityFix·3/24/2026
This is a security release. ### Notable Changes * (CVE-2026-21637) wrap `SNICallback` invocation in `try`/`catch` (Matteo Collina) - High * (CVE-2026-21710) use null prototype for `headersDistinct`/`trailersDistinct` (Matteo Collina) - High * (CVE-2026-21711) include permission check to `pipe_w
Why it matters → A security vulnerability was patched. Upgrade affected versions to mitigate risk.
Who should care → Anyone running affected versions in production.
nodenode.js
View original source ↗Source payload preview
{
"id": 300880364,
"url": "https://api.github.com/repos/nodejs/node/releases/300880364",
"body": "\n\n\nThis is a security release.\n\n### Notable Changes\n\n* (CVE-2026-21637) wrap `SNICallback` invocation in `try`/`catch` (Matteo Collina) - High\n* (CVE-2026-21710) use null prototype for `headersDistinct`/`trailersDistinct` (Matteo Collina) - High\n* (CVE-2026-21711) include permission check to `pipe_wrap.cc` (RafaelGSS) - Medium\n* (CVE-2026-21712) handle url crash on different url formats (RafaelGSS) - Medium\n* (CVE-2026-21713) use timing-safe comparison in Web Cryptography HMAC and KMAC (Filip Skokan) - Medium\n* (CVE-2026-21714) handle `NGHTTP2_ERR_FLOW_CONTROL` error code (RafaelGSS) - Medium\n* (CVE-2026-21717) test array index hash collision (Joyee Cheung) - Medium\n* (CVE-
…