Title: Node.js 20.19.4 includes OpenSSL 3.0.15 which has known CVEs fixed in 3.0.16 · Issue #59548 · nodejs/node · GitHub
Open Graph Title: Node.js 20.19.4 includes OpenSSL 3.0.15 which has known CVEs fixed in 3.0.16 · Issue #59548 · nodejs/node
X Title: Node.js 20.19.4 includes OpenSSL 3.0.15 which has known CVEs fixed in 3.0.16 · Issue #59548 · nodejs/node
Description: Version v20.19.4 Platform Linux CPC-jiec-GCIK3D 6.6.87.2-microsoft-standard-WSL2 #1 SMP PREEMPT_DYNAMIC Thu Jun 5 18:30:46 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Subsystem openssl What steps will reproduce the bug? I noticed that Node.j...
Open Graph Description: Version v20.19.4 Platform Linux CPC-jiec-GCIK3D 6.6.87.2-microsoft-standard-WSL2 #1 SMP PREEMPT_DYNAMIC Thu Jun 5 18:30:46 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Subsystem openssl What steps will ...
X Description: Version v20.19.4 Platform Linux CPC-jiec-GCIK3D 6.6.87.2-microsoft-standard-WSL2 #1 SMP PREEMPT_DYNAMIC Thu Jun 5 18:30:46 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Subsystem openssl What steps will ...
Opengraph URL: https://github.com/nodejs/node/issues/59548
X: @github
Domain: github.com
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Node.js 20.19.4 includes OpenSSL 3.0.15 which has known CVEs fixed in 3.0.16","articleBody":"### Version\n\nv20.19.4\n\n### Platform\n\n```text\nLinux CPC-jiec-GCIK3D 6.6.87.2-microsoft-standard-WSL2 #1 SMP PREEMPT_DYNAMIC Thu Jun 5 18:30:46 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux\n```\n\n### Subsystem\n\nopenssl\n\n### What steps will reproduce the bug?\n\nI noticed that Node.js 20.19.4 LTS currently includes OpenSSL `3.0.15+quic` (By running `node -e \"console.log('OpenSSL version:', process.versions.openssl)\"`). OpenSSL 3.0.16 was recently released with fixes for a couple of security vulnerabilities. I wanted to bring this to your attention in case it would be helpful to consider updating to the newer version.\n\n### How often does it reproduce? Is there a required condition?\n\nOpenSSL 3.0.16 includes fixes for:\n\n1. **CVE-2024-13176** - [GHSA-r9fv-h47r-823f](https://github.com/advisories/GHSA-r9fv-h47r-823f)\n2. **CVE-2024-9143** - [GHSA-q764-r57m-9wp9](https://github.com/advisories/GHSA-q764-r57m-9wp9)\n\n### What is the expected behavior? Why is that the expected behavior?\n\nWould it be possible to consider updating OpenSSL to version 3.0.16 in a future Node.js 20.x LTS patch release? I understand this would need to go through the normal testing and release process.\n\n### What do you see instead?\n\nCurrently, Node.js 20.x LTS latest version uses OpenSSL `3.0.15+quic`\n\n### Additional information\n\nThank you!","author":{"url":"https://github.com/jiec-msft","@type":"Person","name":"jiec-msft"},"datePublished":"2025-08-20T11:02:31.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":3},"url":"https://github.com/59548/node/issues/59548"}
| route-pattern | /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) |
| route-controller | voltron_issues_fragments |
| route-action | issue_layout |
| fetch-nonce | v2:88c1168c-a375-c60d-a51a-3b2850825cf2 |
| current-catalog-service-hash | 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 |
| request-id | 9C9C:55935:3D9DF6:566624:6A4D1E7A |
| html-safe-nonce | 8080f6003e4c14f498f89f3906cb5ce8e936bd2fa210c73915e47fffae805614 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiI5QzlDOjU1OTM1OjNEOURGNjo1NjY2MjQ6NkE0RDFFN0EiLCJ2aXNpdG9yX2lkIjoiNDIxMTQzMjk0OTgzNTE3NzU5NCIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9 |
| visitor-hmac | 97c93448c6baa92250176097074022a5000af40dae28d534e8119951e3b4694e |
| hovercard-subject-tag | issue:3337654806 |
| github-keyboard-shortcuts | repository,issues,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/nodejs/node/59548/issue_layout |
| twitter:image | https://opengraph.githubassets.com/0acc87fe44167bcfa19252cd6b0a6429c6ba0507b3e17df614724764bff0e6b5/nodejs/node/issues/59548 |
| twitter:card | summary_large_image |
| og:image | https://opengraph.githubassets.com/0acc87fe44167bcfa19252cd6b0a6429c6ba0507b3e17df614724764bff0e6b5/nodejs/node/issues/59548 |
| og:image:alt | Version v20.19.4 Platform Linux CPC-jiec-GCIK3D 6.6.87.2-microsoft-standard-WSL2 #1 SMP PREEMPT_DYNAMIC Thu Jun 5 18:30:46 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Subsystem openssl What steps will ... |
| og:image:width | 1200 |
| og:image:height | 600 |
| og:site_name | GitHub |
| og:type | object |
| og:author:username | jiec-msft |
| hostname | github.com |
| expected-hostname | github.com |
| None | 92571a8944142227b7e19cd10918b1ddd06e5066c1ad5bc7e4769cf6140a87e6 |
| turbo-cache-control | no-preview |
| go-import | github.com/nodejs/node git https://github.com/nodejs/node.git |
| octolytics-dimension-user_id | 9950313 |
| octolytics-dimension-user_login | nodejs |
| octolytics-dimension-repository_id | 27193779 |
| octolytics-dimension-repository_nwo | nodejs/node |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 27193779 |
| octolytics-dimension-repository_network_root_nwo | nodejs/node |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 93f17a978ee60bc4668e1d7b90e6bd2d622261fd |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width