Release date:
2026-05-05 22:12:59 UTC
Description:
* SECURITY UPDATE: HTTP server crash on __proto__ header
- debian/patches/CVE-2026-21710.patch: initialise headersDistinct and
trailersDistinct destination maps with { __proto__: null } so a
__proto__ request header no longer resolves to Object.prototype and
cause an uncaught TypeError when req.headersDistinct or
req.trailersDistinct is accessed
- CVE-2026-21710
Updated packages:
-
alt-nodejs23-docs_23.11.1-8_amd64.deb
sha:bd882f1038ef1a52f29e9578bd4b349cf63c2224
-
alt-nodejs23-nodejs_23.11.1-8_amd64.deb
sha:9d45caf142da023b8d1e0f246c1ffe5c5c9fcebe
-
alt-nodejs23-nodejs-devel_23.11.1-8_amd64.deb
sha:a2840f8fa2036fb7be1f674cb4ab58d4e890bb44
-
alt-nodejs23-npm_10.9.2-23.11.1.6_amd64.deb
sha:655dbfa0e4a361b1a27f6cef43f0930c42c25ff0
-
alt-nodejs23-docs_23.11.1-8_arm64.deb
sha:5667660ae8a66e090e73cd947ee998fed4cca5e0
-
alt-nodejs23-nodejs_23.11.1-8_arm64.deb
sha:15e3bc54d0d16e4c51a69bc0c9fb64a4fc96bf59
-
alt-nodejs23-nodejs-devel_23.11.1-8_arm64.deb
sha:0bb39ef27f8739ea313b7ad0e4c81d3b00f0f02e
-
alt-nodejs23-npm_10.9.2-23.11.1.6_arm64.deb
sha:c988c2bdfd86056f1c49f44e538e72586f1d984e
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
