Releases: nodejs/node
Release list
2026-01-13, Version 24.13.0 'Krypton' (LTS), @marco-ippolito
This is a security release.
Notable Changes
lib:
- (CVE-2025-59465) add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#797
- (CVE-2025-55132) disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#748
lib,permission: - (CVE-2025-55130) require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760
src: - (CVE-2025-59466) rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#773
src,lib: - (CVE-2025-55131) refactor unsafe buffer creation to remove zero-fill toggle (Π‘ΠΊΠΎΠ²ΠΎΡΠΎΠ΄Π° ΠΠΈΠΊΠΈΡΠ° ΠΠ½Π΄ΡΠ΅Π΅Π²ΠΈΡ) nodejs-private/node-private#759
tls: - (CVE-2026-21637) route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796
Commits
- [
2092785d01] - deps: update c-ares to v1.34.6 (Node.js GitHub Bot) #60997 - [
3e58b7f2af] - deps: update undici to 7.18.2 (Node.js GitHub Bot) #61283 - [
4ba536a5a6] - (CVE-2025-59465) lib: add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#797 - [
89adaa21fd] - (CVE-2025-55132) lib: disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#748 - [
7302b4dae1] - (CVE-2025-55130) lib,permission: require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760 - [
ac030753c4] - (CVE-2025-59466) src: rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#773 - [
20075692fe] - (CVE-2025-55131) src,lib: refactor unsafe buffer creation to remove zero-fill toggle (Π‘ΠΊΠΎΠ²ΠΎΡΠΎΠ΄Π° ΠΠΈΠΊΠΈΡΠ° ΠΠ½Π΄ΡΠ΅Π΅Π²ΠΈΡ) nodejs-private/node-private#759 - [
20591b0618] - (CVE-2026-21637) tls: route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796
2026-01-13, Version 22.22.0 'Jod' (LTS), @marco-ippolito
This is a security release.
Notable Changes
lib:
- (CVE-2025-59465) add TLSSocket default error handler
- (CVE-2025-55132) disable futimes when permission model is enabled
lib,permission: - (CVE-2025-55130) require full read and write to symlink APIs
src: - (CVE-2025-59466) rethrow stack overflow exceptions in async_hooks
src,lib: - (CVE-2025-55131) refactor unsafe buffer creation to remove zero-fill toggle
tls: - (CVE-2026-21637) route callback exceptions through error handlers
Commits
- [
6badf4e6f4] - deps: update c-ares to v1.34.6 (Node.js GitHub Bot) #60997 - [
37509c3ff0] - deps: update undici to 6.23.0 (Matteo Collina) nodejs-private/node-private#791 - [
eb8e41f8db] - (CVE-2025-59465) lib: add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#797 - [
ebbf942a83] - (CVE-2025-55132) lib: disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#748 - [
6b4849583a] - (CVE-2025-55130) lib,permission: require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760 - [
ddadc31f09] - (CVE-2025-59466) src: rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#773 - [
d4d9f3915f] - (CVE-2025-55131) src,lib: refactor unsafe buffer creation to remove zero-fill toggle (Π‘ΠΊΠΎΠ²ΠΎΡΠΎΠ΄Π° ΠΠΈΠΊΠΈΡΠ° ΠΠ½Π΄ΡΠ΅Π΅Π²ΠΈΡ) nodejs-private/node-private#759 - [
25d6799df6] - (CVE-2026-21637) tls: route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796
2026-01-13, Version 20.20.0 'Iron' (LTS), @marco-ippolito
This is a security release.
Notable Changes
lib:
- (CVE-2025-55132) disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#802
- (CVE-2025-59465) add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#797
lib,permission: - (CVE-2025-55130) require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760
src: - (CVE-2025-59466) rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#773
src,lib: - (CVE-2025-55131) refactor unsafe buffer creation to remove zero-fill toggle (Π‘ΠΊΠΎΠ²ΠΎΡΠΎΠ΄Π° ΠΠΈΠΊΠΈΡΠ° ΠΠ½Π΄ΡΠ΅Π΅Π²ΠΈΡ) nodejs-private/node-private#759
tls: - (CVE-2026-21637) route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796
Commits
- [
8f9ba3f623] - deps: update c-ares to v1.34.6 (Node.js GitHub Bot) #60997 - [
97fc9b0eb7] - deps: update undici to 6.23.0 (Matteo Collina) nodejs-private/node-private#792 - [
14fbbb510c] - (CVE-2025-55132) lib: disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#802 - [
1febc48d5b] - (CVE-2025-59465) lib: add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#797 - [
494f62dc23] - (CVE-2025-55130) lib,permission: require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760 - [
d7a5c587c0] - (CVE-2025-59466) src: rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#773 - [
51f4de4b4a] - (CVE-2025-55131) src,lib: refactor unsafe buffer creation to remove zero-fill toggle (Π‘ΠΊΠΎΠ²ΠΎΡΠΎΠ΄Π° ΠΠΈΠΊΠΈΡΠ° ΠΠ½Π΄ΡΠ΅Π΅Π²ΠΈΡ) nodejs-private/node-private#759 - [
85f73e7057] - (CVE-2026-21637) tls: route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796
2025-12-10, Version 24.12.0 'Krypton' (LTS), @targos
Notable Changes
- [
1a00b5f68a] - (SEMVER-MINOR) http: add optimizeEmptyRequests server option (Rafael Gonzaga) #59778 - [
ff5754077d] - (SEMVER-MINOR) lib: add options to util.deprecate (Rafael Gonzaga) #59982 - [
8987159234] - (SEMVER-MINOR) module: mark type stripping as stable (Marco Ippolito) #60600 - [
92c484ebf4] - (SEMVER-MINOR) node-api: add napi_create_object_with_properties (Miguel Marcondes Filho) #59953 - [
b11bc5984e] - (SEMVER-MINOR) sqlite: allow setting defensive flag (Bart Louwers) #60217 - [
e7da5b4b7d] - (SEMVER-MINOR) src: add watch config namespace (Marco Ippolito) #60178 - [
a7f7d10c06] - (SEMVER-MINOR) src: add an option to make compile cache portable (Aditi) #58797 - [
92ea669240] - (SEMVER-MINOR) src,permission: add --allow-inspector ability (Rafael Gonzaga) #59711 - [
05d7509bd2] - (SEMVER-MINOR) v8: add cpu profile (theanarkh) #59807
Commits
- [
e4a23a35ac] - benchmark: focus on import.meta intialization in import-meta benchmark (Joyee Cheung) #60603 - [
b6114ae5c9] - benchmark: add per-suite setup option (Joyee Cheung) #60574 - [
ac8e90af7c] - buffer: speed up concat via TypedArray#set (GΓΌrgΓΌn DayΔ±oΔlu) #60399 - [
acbc8ca13e] - build: upgrade Python linter ruff, add rules ASYNC,PERF (Christian Clauss) #59984 - [
f97a609a07] - console: optimize single-string logging (GΓΌrgΓΌn DayΔ±oΔlu) #60422 - [
6cd9bdc580] - crypto: ensure documented RSA-PSS saltLength default is used (Filip Skokan) #60662 - [
0fafe24d9b] - crypto: fix argument validation in crypto.timingSafeEqual fast path (Joyee Cheung) #60538 - [
54421e0419] - debugger: fix event listener leak in the run command (Joyee Cheung) #60464 - [
c361a628b4] - deps: V8: cherry-pick 72b0e27bd936 (pthier) #60732 - [
c70f4588dd] - deps: V8: cherry-pick 6bb32bd2c194 (Erik Corry) #60732 - [
881fe784c5] - deps: V8: cherry-pick 0dd2318b5237 (Erik Corry) #60732 - [
457c33efcc] - deps: V8: cherry-pick df20105ccf36 (Erik Corry) #60732 - [
0bf45a829c] - deps: V8: backport e5dbbbadcbff (Darshan Sen) #60524 - [
4993bdc476] - deps: V8: cherry-pick 5ba9200cd046 (Juan JosΓ© Arboleda) #60620 - [
1e9abe0078] - deps: update corepack to 0.34.5 (Node.js GitHub Bot) #60842 - [
3f704ed08f] - deps: update corepack to 0.34.4 (Node.js GitHub Bot) #60643 - [
04e360fdb1] - deps: V8: cherry-pick 06bf293610ef, 146962dda8d2 and e0fb10b5148c (MichaΓ«l Zasso) #60713 - [
fcbd8dbbde] - deps: patch V8 to 13.6.233.17 (MichaΓ«l Zasso) #60712 - [
28e9433f39] - deps: V8: cherry-pick 87356585659b (Joyee Cheung) #60069 - [
3cac85b243] - deps: V8: backport 2e4c5cf9b112 (MichaΓ«l Zasso) #60654 - [
1daece1970] - deps: call OPENSSL_free after ANS1_STRING_to_UTF8 (Rafael Gonzaga) #60609 - [
5f55a9c9ea] - deps: nghttp2: revert 7784fa979d0b (Antoine du Hamel) #59790 - [
1d9e7c1f4d] - deps: update nghttp2 to 1.67.1 (nodejs-github-bot) #59790 - [
3140415068] - deps: update simdjson to 4.1.0 (Node.js GitHub Bot) #60542 - [
d911f9f1b8] - deps: update amaro to 1.1.5 (Node.js GitHub Bot) #60541 - [
daaaf04a32] - deps: V8: cherry-pick 2abc61361dd4 (Richard Lau) #60177 - [
b4f63ee5f8] - doc: update Collaborators list to reflect hybrist handle change (Antoine du Hamel) #60650 - [
effcf7a8ab] - doc: fix link in--env-file=filesection (N. Bighetti) #60563 - [
7011736703] - doc: fix linter issues (Antoine du Hamel) #60636 - [
5cc79d8945] - doc: add missing history entry forsqlite.md(Antoine du Hamel) #60607 - [
bbc649057c] - doc: correct values/references for buffer.kMaxLength (RenΓ©) #60305 - [
ea7ecb517b] - doc: recommend events.once to manage 'close' event (Dan Fabulich) #60017 - [
58bff04cc2] - doc: highlight module loading difference between import and require (Ajay A) #59815 - [
bbcbff9b4d] - doc: add CJS code snippets insqlite.md(Allon Murienik) #60395 - [
f8af33d5a7] - doc: fix typo inprocess.unrefdocumentation (μ°ν) #59698 - [
df105dc351] - doc: add some entries toglossary.md(Mohataseem Khan) #59277 - [
4955cb2b5b] - doc: improve agent.createConnection docs for http and https agents (JaeHo Jang) #58205 - [
6283bb5cc9] - doc: fix pseudo code in modules.md (chirsz) #57677 - [
d5059ea537] - doc: add missing variable in code snippet (Koushil Mankali) #55478 - [
900de373ae] - doc: add missing word insingle-executable-applications.md(Konstantin Tsabolov) #53864 - [
5735044c8b] - doc: fix typo in http.md (Michael Solomon) #59354 - [
2dee6df831] - doc: update devcontainer.json and add documentation (Joyee Cheung) #60472 - [
8f2d98d7d2] - doc: add haramj as triager (Haram Jeong) #60348 - [[
bbd7fdfff4](https://gith...
2025-11-25, Version 20.19.6 'Iron' (LTS), @marco-ippolito
Notable Changes
- [
6277910a15] - crypto: update root certificates to NSS 3.114 (Node.js GitHub Bot) #59571 - [
082e50d4a2] - doc: update the instruction on how to verify releases (Antoine du Hamel) #59113 - [
db68cec4cb] - doc: deprecate HTTP/2 priority signaling (Matteo Collina) #58313
Commits
- [
0f644df42e] - build: fix 'implicit-function-declaration' on OpenHarmony platform (hqzing) #59547 - [
fba0025b9c] - build: usewindows-2025runner (MichaΓ«l Zasso) #59673 - [
3456ec946d] - crypto: update root certificates to NSS 3.116 (Node.js GitHub Bot) #59956 - [
6277910a15] - crypto: update root certificates to NSS 3.114 (Node.js GitHub Bot) #59571 - [
1788fb5f3d] - deps: update undici to 6.22.0 (Matteo Collina) #60112 - [
5d61b55f24] - deps: update uvwasi to 0.0.23 (Node.js GitHub Bot) #59791 - [
9f1e5e4637] - deps: update histogram to 0.11.9 (Node.js GitHub Bot) #59689 - [
d0edb01d25] - deps: update googletest to eb2d85e (Node.js GitHub Bot) #59335 - [
576242ff39] - deps: V8: cherry-pick a0d0d4fc4f19 (Ho Cheung) #60716 - [
a07a277020] - deps: update corepack to 0.34.1 (Node.js GitHub Bot) #60314 - [
fa5c5af8ce] - deps: update archs files for openssl-3.0.17 (Node.js GitHub Bot) #59134 - [
556113e2fc] - deps: upgrade openssl sources to openssl-3.0.17 (Node.js GitHub Bot) #59134 - [
cd1536ca90] - deps: update corepack to 0.34.0 (Node.js GitHub Bot) #59133 - [
acec79989e] - deps: V8: cherry-pick 6b1b9bca2a8 (zhoumingtao) #59283 - [
e65b930aa7] - deps: V8: backport 2e4c5cf9b112 (MichaΓ«l Zasso) #60654 - [
1b75a601f7] - doc: fix typo on child_process.md (Angelo Gazzola) #60114 - [
a2bcb217c6] - doc: fix typo in section on microtask order (Tobias NieΓen) #59932 - [
2426d3f3ff] - doc: add security escalation policy (Ulises GascΓ³n) #59806 - [
e7f6f04758] - doc: add Miles Guicent as triager (Miles Guicent) #59562 - [
e51ef3f48b] - doc: update install_tools.bat free disk space (Stefan Stojanovic) #59579 - [
8a504d900a] - doc: fix missing link to the Error documentation in thehttppage (Alexander Makarenko) #59080 - [
8c5c8aa71d] - doc: clarify experimental platform vulnerability policy (Matteo Collina) #59591 - [
109c4bff77] - doc: add security incident reponse plan (Rafael Gonzaga) #59470 - [
4f004efdf3] - doc: add RafaelGSS as performance strategic lead (Rafael Gonzaga) #59445 - [
caa2db4bac] - doc: fix links in test.md (Vas Sudanagunta) #58876 - [
082e50d4a2] - doc: update the instruction on how to verify releases (Antoine du Hamel) #59113 - [
19a66365d9] - doc: clarify DEP0194 scope (Antoine du Hamel) #58504 - [
db68cec4cb] - doc: deprecate HTTP/2 priority signaling (Matteo Collina) #58313 - [
3b2368774f] - doc: make Stability labels not sticky in Stability index (Livia Medeiros) #58291 - [
960d05ad7d] - doc: add history entries to--input-typesection (Antoine du Hamel) #58175 - [
20616f1750] - http2: do not crash on mismatched ping buffer length (RenΓ©) #60135 - [
9eb94232c8] - lib: handle superscript variants on windows device (Rafael Gonzaga) #59261 - [
dc58b4e35f] - meta: move Michael to emeritus (Michael Dawson) #60070 - [
d943cfb260] - meta: bump actions/setup-node from 4.4.0 to 5.0.0 (dependabot[bot]) #60093 - [
de9a3aaf0f] - meta: bump step-security/harden-runner from 2.12.2 to 2.13.1 (dependabot[bot]) #60094 - [
b4b5d4a4d7] - meta: bump ossf/scorecard-action from 2.4.2 to 2.4.3 (dependabot[bot]) #60096 - [
e5b4eee901] - meta: bump actions/setup-python from 5.6.0 to 6.0.0 (dependabot[bot]) #60090 - [
7cb032c2c1] - meta: update devcontainer to the latest schema (Aviv Keller) #54347 - [
bb108191aa] - meta: callcreate-release-post.ymlpost release (Aviv Keller) #60366 - [
2a11d50526] - module: correctly detect top-level await in ambiguous contexts (Shima Ryuhei) #58646 - [
144233b71a] - process: fix wrong asyncContext under unhandled-rejections=strict (Shima Ryuhei) #60103 - [
409cb773a4] - repl: fix cpu overhead pasting big strings to the REPL (Ruben Bridgewater) #59857 - [
d1c9d80cac] - repl: add isValidParentheses check before wrap input (Xuguang Mei) #59607 - [
b8d145db2c] - src: fix order of CHECK_NOT_NULL/dereference (Tobias NieΓen) #59487 - [
2c8a73f95f] - src: remove duplicate assignment ofO_EXCLin node_constants.cc (Daniel Osvaldo R) #59049 - [
b1da374503] - test: fix typo of test-benchmark-readline.js (Deokjin Kim) #59993 - [
4b4e38f497] - test: mark sea tests flaky on macOS x64 (Richard Lau) #60068 - [
cbf4fc34c3] - test: skip more sea tests on Linux ppc64le (Richard Lau) #59755 - [
9543facad7] - test: mark test-inspector-network-fetch as flaky again (Joyee Cheung) [#59640](https://github.com/nodejs/node...
2025-11-17, Version 25.2.1 (Current), @aduh95
This release reverts the spec-compliant behavior of sometimes throwing on localStorage
access. We received feedback that this change on an experimental API was too breaking
for a semver-minor release, so we decided to push it back for Node.js 26.0.0.
Commits
- [
ff89b7b6c7] - crypto: ensure documented RSA-PSS saltLength default is used (Filip Skokan) #60662 - [
5316b580eb] - deps: V8: backport 2e4c5cf9b112 (MichaΓ«l Zasso) #60654 - [
ca878bc90e] - doc,src,lib: clarify experimental status of Web Storage support (Antoine du Hamel) #60708 - [
a4dee613fd] - Revert "lib: throw from localStorage getter on missing storage path" (Antoine du Hamel) #60750
2025-11-11, Version 25.2.0 (Current), @aduh95
Notable Changes
- [
a37c01e6a1] - (SEMVER-MINOR) lib: add options to util.deprecate (Rafael Gonzaga) #59982 - [
4fbb1ab101] - lib: throw from localStorage getter on missing storage path (RenΓ©) #60351 - [
727560a96d] - (SEMVER-MINOR) module: mark type stripping as stable (Marco Ippolito) #60600 - [
506b79e888] - (SEMVER-MINOR) net: increase network family autoselection timeout to 500ms (Rod Vagg) #60334 - [
166c72ec02] - (SEMVER-MINOR) node-api: add napi_create_object_with_properties (Miguel Marcondes Filho) #59953 - [
399b340022] - (SEMVER-MINOR) v8: adding total_allocated_bytes to HeapStatistics (Caio Lima) #60573
Commits
- [
d5158a0a2d] - benchmark: focus on import.meta intialization in import-meta benchmark (Joyee Cheung) #60603 - [
26a5305fa9] - benchmark: add per-suite setup option (Joyee Cheung) #60574 - [
4810e4b82d] - buffer: speed up concat via TypedArray#set (GΓΌrgΓΌn DayΔ±oΔlu) #60399 - [
94a94a6b3a] - console: optimize single-string logging (GΓΌrgΓΌn DayΔ±oΔlu) #60422 - [
ad376c31db] - crypto: fix argument validation in crypto.timingSafeEqual fast path (Joyee Cheung) #60538 - [
dc38a45a55] - debugger: fix event listener leak in the run command (Joyee Cheung) #60464 - [
a61e5d8e05] - deps: call OPENSSL_free after ANS1_STRING_to_UTF8 (Rafael Gonzaga) #60609 - [
51e5030afa] - deps: nghttp2: revert 7784fa979d0b (Antoine du Hamel) #59790 - [
eef838f499] - deps: update nghttp2 to 1.67.1 (nodejs-github-bot) #59790 - [
13120a43d4] - deps: update simdjson to 4.1.0 (Node.js GitHub Bot) #60542 - [
6e1b23dab8] - deps: update corepack to 0.34.2 (Node.js GitHub Bot) #60550 - [
a02e05c486] - deps: update amaro to 1.1.5 (Node.js GitHub Bot) #60541 - [
b9ba3a7947] - deps: V8: backport fe81545e6d14 (Caio Lima) #60429 - [
07bcd28494] - deps: V8: cherry-pick 7ef6a001762 (Xiao-Tao) #60259 - [
3e11658243] - doc: update Collaborators list to reflect hybrist handle change (Antoine du Hamel) #60650 - [
b8e40e4d38] - doc: fix link in--env-file=filesection (N. Bighetti) #60563 - [
9558c1c0df] - doc: fix linter issues (Antoine du Hamel) #60636 - [
cdf70de563] - doc: add missing history entry forsqlite.md(Antoine du Hamel) #60607 - [
e3c5dcf1ea] - doc: correct values/references for buffer.kMaxLength (RenΓ©) #60305 - [
a25d76c924] - doc: recommend events.once to manage 'close' event (Dan Fabulich) #60017 - [
795f32bf91] - doc: highlight module loading difference between import and require (Ajay A) #59815 - [
212775410b] - doc: add CJS code snippets insqlite.md(Allon Murienik) #60395 - [
263c06096d] - doc: fix typo inprocess.unrefdocumentation (μ°ν) #59698 - [
356bdae408] - doc: add some entries toglossary.md(Mohataseem Khan) #59277 - [
9632c398de] - doc: improve agent.createConnection docs for http and https agents (JaeHo Jang) #58205 - [
f72880dbe3] - doc: fix pseudo code in modules.md (chirsz) #57677 - [
a9c70cefe8] - doc: add missing variable in code snippet (Koushil Mankali) #55478 - [
2892d151d4] - doc: add missing word insingle-executable-applications.md(Konstantin Tsabolov) #53864 - [
9c99ab6571] - doc: fix typo in http.md (Michael Solomon) #59354 - [
3446cf375f] - doc: update devcontainer.json and add documentation (Joyee Cheung) #60472 - [
519c537875] - doc: add haramj as triager (Haram Jeong) #60348 - [
62889d7e99] - doc: clarify require(esm) description (dynst) #60520 - [
0b9ef68705] - doc: instantiate resolver object (Donghoon Nam) #60476 - [
cd5c1ad29f] - doc: correct module loading descriptions (Joyee Cheung) #60346 - [
74719dad7a] - doc: clarify Linux runtime requirements for >=25 (Joyee Cheung) #60484 - [
ca39540785] - doc: clarify --use-system-ca support status (Joyee Cheung) #60340 - [
dbf204c714] - doc,crypto: link keygen to supported types (Filip Skokan) #60585 - [
3bcf86d56d] - esm: use sync loading/resolving on non-loader-hook thread (Joyee Cheung) #60380 - [
69b3d2c845] - http: replace startsWith with strict equality (btea) #59394 - [
a38e2f5975] - http2: add diagnostics channels for client stream request body (Darshan Sen) #60480 - [
c047e73a00] - inspector: inspect HTTP response body (Chengzhong Wu) #60572 - [
d2087bae92] - inspector: support inspecting HTTP/2 request and response bodies (Darshan Sen) #60483 - [
003121c475] - inspector: fix crash when receiving non json message (Shima Ryuhei) #60388 - [
a37c01e6a1] - (SEMVER-MINOR) lib: add options to util.deprecate (Rafael Gonzaga) #59982 - [
219d2e978d] - lib: replace global SharedArrayBuffer constructor with bound method (Renegade334) #60497 - [
4fbb1ab101] - lib: throw from localStorage getter on missing storage path (RenΓ©) #60351
...
2025-11-11, Version 24.11.1 'Krypton' (LTS), @aduh95
Notable Changes
The known issue relating to Buffer.allocUnsafe incorrectly zero-filling buffers
has now been addressed and now returns uninitialized memory as documented in the
Buffer.allocUnsafe
documentation.
Commits
- [
0a15ccf3f4] - benchmark: improve cpu.sh for safety and usability (Nam Yooseong) #60162 - [
a1c7d1dac9] - benchmark: add benchmark for leaf source text modules (Joyee Cheung) #60205 - [
99e2acf46b] - benchmark: add vm.SourceTextModule benchmark (Joyee Cheung) #59396 - [
c01c72b407] - benchmark: use non-deprecated WriteUtf8V2 method (MichaΓ«l Zasso) #60173 - [
a42dbd138e] - build: ibmi follow aix visibility (SRAVANI GUNDEPALLI) #60360 - [
5673a54a5d] - build: use call command when calling python configure (Jacob Nichols) #60098 - [
c67cb727cb] - build: build v8 with -fvisibility=hidden -fvisibility-inlines-hidden (Joyee Cheung) #56290 - [
b03f7b93b1] - build: remove V8_COMPRESS_POINTERS_IN_ISOLATE_CAGE defs (Joyee Cheung) #60296 - [
2505568531] - build, src: fix include paths for vtune files (Rahul) #59999 - [
95330b036f] - crypto: update root certificates to NSS 3.116 (Node.js GitHub Bot) #59956 - [
c221d892ef] - deps: update corepack to 0.34.2 (Node.js GitHub Bot) #60550 - [
bc00aa4c77] - deps: update simdjson to 4.0.7 (Node.js GitHub Bot) #59883 - [
d03b89ec53] - deps: update corepack to 0.34.1 (Node.js GitHub Bot) #60314 - [
b7882090de] - deps: update inspector_protocol to af7f5a8173fdbc29f0835ec94395932e328b (Node.js GitHub Bot) #60312 - [
7007f9dd65] - deps: update googletest to 279f847 (Node.js GitHub Bot) #60219 - [
a56aa9ffa8] - deps: upgrade npm to 11.6.2 (npm team) #60168 - [
0bf8952721] - doc: mention more codemods indeprecations.md(Augustin Mauroy) #60243 - [
2473ca77f6] - doc: add missing CAA type to dns.resolveAny() & dnsPromises.resolveAny() (Jimmy Leung) #58899 - [
39ddd8522e] - doc: useanyforworker_threads.Worker'error' event argumenterr(Jonas Geiler) #60300 - [
eaa825fd97] - doc: update decorator documentation to reflect actual policy (Muhammad Salman Aziz) #60288 - [
a744e42282] - doc: document wildcard supported by tools/test.py (Joyee Cheung) #60265 - [
ec0d5beb09] - doc: add --heap-snapshot-on-oom to useful v8 flag (jakecastelli) #60260 - [
13da0df12a] - doc: fixblob.bytes()heading level (XTY) #60252 - [
8e771632b7] - doc: fix not working code example in vm docs (Artur Gawlik) #60224 - [
70c2080bff] - doc: improve code snippet alternative of url.parse() using WHATWG URL (Steven) #60209 - [
beadcf176e] - doc:createSQLTagStore->createTagStore(Aviv Keller) #60182 - [
b0da3b9c6a] - doc: use markdown when branch-diff major release (Rafael Gonzaga) #60179 - [
688115aa6b] - doc: update teams in collaborator-guide.md and add links (Bart Louwers) #60065 - [
923082a064] - doc: disambiguate top-levelworker_threadsmodule exports (RenΓ©) #59890 - [
7be4330870] - doc: add known issue to v24.11.0 release notes (Richard Lau) #60467 - [
4d8f62aeaf] - doc, module: change async customization hooks to experimental (Gerhard StΓΆbich) #60302 - [
d86a118bbd] - http: lazy allocate cookies array (Robert Nagy) #59734 - [
8c256d4139] - http: fix http client leaky with double response (theanarkh) #60062 - [
265e9d59fa] - http2: rename variable to additionalPseudoHeaders (Tobias NieΓen) #60208 - [
65bec037e2] - http2: do not crash on mismatched ping buffer length (RenΓ©) #60135 - [
9b83ef53b7] - inspector: add network payload buffer size limits (Chengzhong Wu) #60236 - [
03ac05c458] - inspector: support handshake response for websocket inspection (Shima Ryuhei) #60225 - [
aa04f06190] - lib: fix typo in createBlobReaderStream (SeokHun) #60132 - [
5aea1a429e] - lib: fix constructor in _errnoException stack tree (SeokHun) #60156 - [
4f7745acc7] - lib: fix typo in QuicSessionStats (SeokHun) #60155 - [
f8725861ea] - lib: remove redundant destroyHook checks (GΓΌrgΓΌn DayΔ±oΔlu) #60120 - [
696c20bf3f] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #60325 - [
90434ff99a] - meta: loop userland-migrations in deprecations (Chengzhong Wu) #60299 - [
ffbc0ae60a] - module: refactor and clarify async loader hook customizations (Joyee Cheung) #60278 - [
6ed6062f7d] - module: handle null source from async loader hooks in sync hooks (Joyee Cheung) #59929 - [
a2871baed2] - msi: fix WiX warnings (Stefan Stojanovic) #60251 - [
6199541d67] - src: fix timing of snapshot serialize callback (Joyee Cheung) #60434 - [
13b687959a] - src: add COUNT_GENERIC_USAGE utility for tests (Joyee Cheung) #60434 - [
a587623b4f] - src: conditionally disable source phase imports by default (Shelley Vohr) #60364 - [
e483267995] - src: use cached primordials_string (Sohyeon Kim) #60255 - [[
4c9a64fbaf](https://github.com...
2025-10-28, Version 25.1.0 (Current), @aduh95
Notable Changes
- [
4395fe14b9] - (SEMVER-MINOR) http: add optimizeEmptyRequests server option (Rafael Gonzaga) #59778 - [
2e55c6ad04] - (SEMVER-MINOR) sqlite: allow setting defensive flag (Bart Louwers) #60217 - [
f437204491] - (SEMVER-MINOR) src: add watch config namespace (Marco Ippolito) #60178
Commits
- [
bb27766bd5] - benchmark: improve cpu.sh for safety and usability (Nam Yooseong) #60162 - [
e600711c20] - benchmark: add benchmark for leaf source text modules (Joyee Cheung) #60205 - [
1bbcdf9039] - benchmark: add vm.SourceTextModule benchmark (Joyee Cheung) #59396 - [
22fa6bd28b] - build: ibmi follow aix visibility (SRAVANI GUNDEPALLI) #60360 - [
931028400e] - build: use call command when calling python configure (Jacob Nichols) #60098 - [
17fde3f3d1] - build: build v8 with -fvisibility=hidden -fvisibility-inlines-hidden (Joyee Cheung) #56290 - [
04cc7aae5e] - build: remove V8_COMPRESS_POINTERS_IN_ISOLATE_CAGE defs (Joyee Cheung) #60296 - [
8a2053060d] - crypto: update root certificates to NSS 3.116 (Node.js GitHub Bot) #59956 - [
fe91c0f755] - deps: update simdjson to 4.0.7 (Node.js GitHub Bot) #59883 - [
aacfc0d212] - deps: update corepack to 0.34.1 (Node.js GitHub Bot) #60314 - [
8596891a71] - deps: update inspector_protocol to af7f5a8173fdbc29f0835ec94395932e328b (Node.js GitHub Bot) #60312 - [
21bcd0eb2f] - deps: V8: cherry-pick 3d0f462a17ff (Joyee Cheung) #59396 - [
673558501c] - deps: update googletest to 279f847 (Node.js GitHub Bot) #60219 - [
425a1879b1] - doc: mention more codemods indeprecations.md(Augustin Mauroy) #60243 - [
563e1317f3] - doc: remove unnecessary statement of web storage (Deokjin Kim) #60363 - [
064c8c5cfd] - doc: add missing CAA type to dns.resolveAny() & dnsPromises.resolveAny() (Jimmy Leung) #58899 - [
99e357af35] - doc: useanyforworker_threads.Worker'error' event argumenterr(Jonas Geiler) #60300 - [
8ccff0d934] - doc: update decorator documentation to reflect actual policy (Muhammad Salman Aziz) #60288 - [
bac70c6ef3] - doc: document wildcard supported by tools/test.py (Joyee Cheung) #60265 - [
8492bc6a88] - doc: add --heap-snapshot-on-oom to useful v8 flag (jakecastelli) #60260 - [
0f0d3c0e47] - doc: fixblob.bytes()heading level (XTY) #60252 - [
8c8525cf93] - doc: fix not working code example in vm docs (Artur Gawlik) #60224 - [
8a6de3866c] - doc, assert: correct order of changes entries (Gerhard StΓΆbich) #60304 - [
6bacb6555a] - doc, module: change async customization hooks to experimental (Gerhard StΓΆbich) #60302 - [
6f3b16df16] - esm: use index-based resolution callbacks (Joyee Cheung) #59396 - [
95644a432c] - http: lazy allocate cookies array (Robert Nagy) #59734 - [
4395fe14b9] - (SEMVER-MINOR) http: add optimizeEmptyRequests server option (Rafael Gonzaga) #59778 - [
f1aa1eaaf5] - inspector: add network payload buffer size limits (Chengzhong Wu) #60236 - [
64fc625bf9] - inspector: support handshake response for websocket inspection (Shima Ryuhei) #60225 - [
0ecbb806a8] - lib: fix typo in createBlobReaderStream (SeokHun) #60132 - [
ffec5927fd] - meta: fix typo in test-shared workflow name (Ronit Sabhaya) #60321 - [
a02897e157] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #60325 - [
59223a7831] - meta: loop userland-migrations in deprecations (Chengzhong Wu) #60299 - [
2d48d17696] - module: refactor and clarify async loader hook customizations (Joyee Cheung) #60278 - [
be1b84fd93] - module: handle null source from async loader hooks in sync hooks (Joyee Cheung) #59929 - [
063fbd87d3] - msi: fix WiX warnings (Stefan Stojanovic) #60251 - [
2e55c6ad04] - (SEMVER-MINOR) sqlite: allow setting defensive flag (Bart Louwers) #60217 - [
dc93d6988a] - src: fix timing of snapshot serialize callback (Joyee Cheung) #60434 - [
267e1b3817] - src: add COUNT_GENERIC_USAGE utility for tests (Joyee Cheung) #60434 - [
4a5d7a4c2a] - src: conditionally disable source phase imports by default (Shelley Vohr) #60364 - [
f437204491] - (SEMVER-MINOR) src: add watch config namespace (Marco Ippolito) #60178 - [
36837fa0f9] - src: use cached primordials_string (Sohyeon Kim) #60255 - [
df8396ad37] - src: replace Environment::GetCurrent with args.GetIsolate (Sohyeon Kim) #60256 - [
5dd670b2b9] - src: initial enablement of IsolateGroups (James M Snell) #60254 - [
afdb362933] - src: useUtf8ValueandTwoByteValueinstead of V8 helpers (Anna Henningsen) #60244 - [
a40e533e72] - src: add a default branch for module phase (Chengzhong Wu) #60261 - [
42729f07ee] - src: stop using deprecated v8::Context::GetIsolate (MichaΓ«l Zasso) #60223 - [
7a6542c205] - test: skip failing test on macOS 15.7+ (Antoine du Hamel) #60419 - [[
29a5855a4f](https://github.com/...
2025-10-28, Version 24.11.0 'Krypton' (LTS), @richardlau
Notable Changes
This release marks the transition of Node.js 24.x into Long Term Support (LTS)
with the codename 'Krypton'. It will continue to receive updates through to
the end of April 2028.
Other than updating metadata, such as the process.release object, to reflect
that the release is LTS, no further changes from Node.js 24.10.0 are included.
Known issue
An issue has been identified in the Node.js 24.x line with Buffer.allocUnsafe
unintentionally returning zero-filled buffers. This API is
documented to return uninitialized memory.
The documented behavior will be restored in the next Node.js 24.x LTS release to bring
it back in line with previous releases. For more information, see
#60423.