Release date:
2026-05-05 20:43:00 UTC
Description:
* SECURITY UPDATE: HTTP server crash on __proto__ header
- debian/patches/CVE-2026-21710.patch: initialise headersDistinct and
trailersDistinct destination maps with { __proto__: null } so a
__proto__ request header no longer resolves to Object.prototype and
cause an uncaught TypeError when req.headersDistinct or
req.trailersDistinct is accessed
- CVE-2026-21710
Updated packages:
-
alt-nodejs23-docs_23.11.1-8_amd64.deb
sha:bd882f1038ef1a52f29e9578bd4b349cf63c2224
-
alt-nodejs23-nodejs_23.11.1-8_amd64.deb
sha:f157d1cd4ca50c59f2d9ca3fac6f3879e75d50ac
-
alt-nodejs23-nodejs-devel_23.11.1-8_amd64.deb
sha:bf523d7647160a67fb05bb23ca333f8b7e7d0693
-
alt-nodejs23-npm_10.9.2-23.11.1.6_amd64.deb
sha:655dbfa0e4a361b1a27f6cef43f0930c42c25ff0
-
alt-nodejs23-docs_23.11.1-8_arm64.deb
sha:5667660ae8a66e090e73cd947ee998fed4cca5e0
-
alt-nodejs23-nodejs_23.11.1-8_arm64.deb
sha:91aafac2eeba8e43662a38e31d4b8fed4b999ff4
-
alt-nodejs23-nodejs-devel_23.11.1-8_arm64.deb
sha:2e183f8ece8a613e002b15f44826afc4ac22d365
-
alt-nodejs23-npm_10.9.2-23.11.1.6_arm64.deb
sha:c988c2bdfd86056f1c49f44e538e72586f1d984e
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
