Update node Docker tag to v16.11.1
This MR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
node | ironbank-docker | patch |
16.11.0 -> 16.11.1
|
node | patch |
16.11.0 -> 16.11.1
|
|
node | stage | patch |
16.11.0 -> 16.11.1
|
Release Notes
nodejs/node
v16.11.1
This is a security release.
Notable changes
-
CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
- The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at CVE-2021-22959 after publication.
-
CVE-2021-22960: HTTP Request Smuggling when parsing the body (Medium)
- The parse ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. More details will be available at CVE-2021-22960 after publication.
Commits
- [
af488f8dc8
] - deps: update llhttp to 6.0.4 (Matteo Collina) nodejs-private/node-private#284 - [
2d1eefad98
] - http: add regression test for smuggling content length (Matteo Collina) nodejs-private/node-private#284 - [
45d419ab1c
] - http: add regression test for chunked smuggling (Matteo Collina) nodejs-private/node-private#284
Configuration
-
If you want to rebase/retry this MR, check this box.
This MR has been generated by Renovate Bot.
Edited by renovate