v22.17.1

📅 Jul 15, 2025📦 node-jsView on GitHub →

🐛 2 fixes🔧 2 symbols

Summary

This is a security release primarily addressing CVE-2025-27210, which involved a path traversal bypass on Windows using reserved device names.

Migration Steps

Update Node.js to the latest security release to mitigate CVE-2025-27210, especially for applications running on Windows.

🐛 Bug Fixes

Fixed a security vulnerability (CVE-2025-27210) where Windows reserved device names (CON, PRN, AUX, etc.) could bypass path traversal protection in path.normalize().
Fixed a compilation issue with Microsoft Visual Studio (MSVS) v17.14.

Affected Symbols

path.normalize lib