From ff3946455917e6298b6cd38e484d1782efb51d4e Mon Sep 17 00:00:00 2001 From: Beth Griggs Date: Tue, 5 Jan 2021 12:02:16 +0000 Subject: [PATCH] doc: add OpenSSL CVE fix to notable changes in v15.5.0 PR-URL: https://github.com/nodejs/node/pull/36798 Reviewed-By: Colin Ihrig Reviewed-By: Myles Borins Reviewed-By: Filip Skokan Reviewed-By: Rich Trott --- doc/changelogs/CHANGELOG_V15.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/doc/changelogs/CHANGELOG_V15.md b/doc/changelogs/CHANGELOG_V15.md index 0b575a984458d6..8a9b03c98913b7 100644 --- a/doc/changelogs/CHANGELOG_V15.md +++ b/doc/changelogs/CHANGELOG_V15.md @@ -77,6 +77,12 @@ Vulnerabilities fixed: ### Notable Changes +#### OpenSSL-1.1.1i + +OpenSSL-1.1.1i contains a fix for CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High). This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20201208.txt + +Contributed by Myles Borins [#36520](https://github.com/nodejs/node/pull/36520). + #### Extended support for `AbortSignal` in child_process and stream The following APIs now support an `AbortSignal` in their options object: