Node.js releases security updates for all major release lines, July 2017

We have recently become aware of a Node.js security vulnerability that can be used to cause a denial of service attack. This vulnerability affects all major release lines of Node.js. If you are running Node in production it is strongly recommended that you upgrade to the latest version of Node for the major version you are on.

If you are hosting a Marketplace add-on with Node.js or built with Atlassian Connect Express we strongly urge you to upgrade your production environment to the latest version in your release line as soon as possible.

Node provides a summary of the vulnerability:

Node.js was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js.

You can find out more about the vulnerability over on nodejs.org.

Node provides downloads to the latest version for each major release line:

We recommend that users of all these release lines upgrade as soon as possible.

Downloads

Note: The 0.10.x and 0.12.x release lines are also vulnerable to the Constant Hashtable Seeds vulnerability. We recommend that users of these release lines upgrade to one of the supported LTS release lines.