Changelog

nodejs/node · · 4 commits

OpenSSL 3.5.7 lands; VM sandbox fix

Node updates OpenSSL to 3.5.7 with security fixes and corrects vm proxy sandbox property queries; SEA Linux arm debug flakes are marked.

OpenSSL upgraded to 3.5.7 with security fixes (nodejs-github-bot0a58d44)

Node bumps vendored OpenSSL to 3.5.7, pulling in a broad set of upstream fixes including multiple security advisories. The release notes in-tree call out a high-severity PKCS7 use-after-free plus several moderate and low-severity issues, so this is a meaningful security maintenance update.

vm proxy sandboxes now query own properties correctly (brianathere0b07f2c)

Property queries for Proxy-backed vm sandboxes now use own-property checks and fetch attributes through the corresponding property API, instead of treating inherited properties as a match. This aligns descriptor/membership behavior and fixes the inconsistency covered by the new regression test.

Other misc changes

  • Updated OpenSSL arch config files for 3.5.7 (nodejs-github-botda00166)
  • Marked SEA build/application tests flaky on linux arm debug (trivikr141a504)