Node.js 22.17.1 LTS has been released to address a security issue related to bypassing path traversal protection in path.normalize() and fix MSVS v17.14 compilation issue.
Node.js — Node v22.17.1 (LTS)
This is a security release.
Notable Changes
- (CVE-2025-27210) Windows Device Names (CON, PRN, AUX) Bypass Path Traversal Protection in path.normalize()
Commits
- [
8cf5d66ab7] - (CVE-2025-27210) lib: handle all windows reserved driver name (RafaelGSS) nodejs-private/node-private#721- [
9c0cb487ec] - win,build: fix MSVS v17.14 compilation issue (StefanStojanovic) #58902
