Title: Node.js 20.19.4 includes OpenSSL 3.0.15 which has known CVEs fixed in 3.0.16 · Issue #59548 · nodejs/node · GitHub
Open Graph Title: Node.js 20.19.4 includes OpenSSL 3.0.15 which has known CVEs fixed in 3.0.16 · Issue #59548 · nodejs/node
X Title: Node.js 20.19.4 includes OpenSSL 3.0.15 which has known CVEs fixed in 3.0.16 · Issue #59548 · nodejs/node
Description: Version v20.19.4 Platform Linux CPC-jiec-GCIK3D 6.6.87.2-microsoft-standard-WSL2 #1 SMP PREEMPT_DYNAMIC Thu Jun 5 18:30:46 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Subsystem openssl What steps will reproduce the bug? I noticed that Node.j...
Open Graph Description: Version v20.19.4 Platform Linux CPC-jiec-GCIK3D 6.6.87.2-microsoft-standard-WSL2 #1 SMP PREEMPT_DYNAMIC Thu Jun 5 18:30:46 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Subsystem openssl What steps will ...
X Description: Version v20.19.4 Platform Linux CPC-jiec-GCIK3D 6.6.87.2-microsoft-standard-WSL2 #1 SMP PREEMPT_DYNAMIC Thu Jun 5 18:30:46 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Subsystem openssl What steps will ...
Opengraph URL: https://github.com/nodejs/node/issues/59548
X: @github
Domain: redirect.github.com
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Node.js 20.19.4 includes OpenSSL 3.0.15 which has known CVEs fixed in 3.0.16","articleBody":"### Version\n\nv20.19.4\n\n### Platform\n\n```text\nLinux CPC-jiec-GCIK3D 6.6.87.2-microsoft-standard-WSL2 #1 SMP PREEMPT_DYNAMIC Thu Jun 5 18:30:46 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux\n```\n\n### Subsystem\n\nopenssl\n\n### What steps will reproduce the bug?\n\nI noticed that Node.js 20.19.4 LTS currently includes OpenSSL `3.0.15+quic` (By running `node -e \"console.log('OpenSSL version:', process.versions.openssl)\"`). OpenSSL 3.0.16 was recently released with fixes for a couple of security vulnerabilities. I wanted to bring this to your attention in case it would be helpful to consider updating to the newer version.\n\n### How often does it reproduce? Is there a required condition?\n\nOpenSSL 3.0.16 includes fixes for:\n\n1. **CVE-2024-13176** - [GHSA-r9fv-h47r-823f](https://github.com/advisories/GHSA-r9fv-h47r-823f)\n2. **CVE-2024-9143** - [GHSA-q764-r57m-9wp9](https://github.com/advisories/GHSA-q764-r57m-9wp9)\n\n### What is the expected behavior? Why is that the expected behavior?\n\nWould it be possible to consider updating OpenSSL to version 3.0.16 in a future Node.js 20.x LTS patch release? I understand this would need to go through the normal testing and release process.\n\n### What do you see instead?\n\nCurrently, Node.js 20.x LTS latest version uses OpenSSL `3.0.15+quic`\n\n### Additional information\n\nThank you!","author":{"url":"https://github.com/jiec-msft","@type":"Person","name":"jiec-msft"},"datePublished":"2025-08-20T11:02:31.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":3},"url":"https://github.com/59548/node/issues/59548"}
| route-pattern | /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) |
| route-controller | voltron_issues_fragments |
| route-action | issue_layout |
| fetch-nonce | v2:ec50b6c6-d6c1-d31e-1945-0b55f01be9a1 |
| current-catalog-service-hash | 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 |
| request-id | CFD2:2D3E39:3EC321:54C4F4:6A4C2519 |
| html-safe-nonce | e229d72df8e4ed783f2d9c95602018c2f1003ac337ac80b0ebe05b1b18339ede |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJDRkQyOjJEM0UzOTozRUMzMjE6NTRDNEY0OjZBNEMyNTE5IiwidmlzaXRvcl9pZCI6IjM5NDQ4ODMxMDQ3MzcxNDIwNDEiLCJyZWdpb25fZWRnZSI6ImlhZCIsInJlZ2lvbl9yZW5kZXIiOiJpYWQifQ== |
| visitor-hmac | 7682067e2ea2d10066562dcc9da7bae82784bf3eb3a8736991debadd62855b30 |
| hovercard-subject-tag | issue:3337654806 |
| github-keyboard-shortcuts | repository,issues,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/nodejs/node/59548/issue_layout |
| twitter:image | https://opengraph.githubassets.com/0acc87fe44167bcfa19252cd6b0a6429c6ba0507b3e17df614724764bff0e6b5/nodejs/node/issues/59548 |
| twitter:card | summary_large_image |
| og:image | https://opengraph.githubassets.com/0acc87fe44167bcfa19252cd6b0a6429c6ba0507b3e17df614724764bff0e6b5/nodejs/node/issues/59548 |
| og:image:alt | Version v20.19.4 Platform Linux CPC-jiec-GCIK3D 6.6.87.2-microsoft-standard-WSL2 #1 SMP PREEMPT_DYNAMIC Thu Jun 5 18:30:46 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Subsystem openssl What steps will ... |
| og:image:width | 1200 |
| og:image:height | 600 |
| og:site_name | GitHub |
| og:type | object |
| og:author:username | jiec-msft |
| hostname | github.com |
| expected-hostname | github.com |
| None | 1b6b16d04026f131a36d57e3b01d0f4d26a51800edf48bf5ed0256e0ac905511 |
| turbo-cache-control | no-preview |
| go-import | github.com/nodejs/node git https://github.com/nodejs/node.git |
| octolytics-dimension-user_id | 9950313 |
| octolytics-dimension-user_login | nodejs |
| octolytics-dimension-repository_id | 27193779 |
| octolytics-dimension-repository_nwo | nodejs/node |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 27193779 |
| octolytics-dimension-repository_network_root_nwo | nodejs/node |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 9ee13484b32cf23e15fde191da4c9aa47d41201c |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width