Blog: add OpenSSL Jan Sec Release Assessment #8572
Open
+83
−0
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Contributor
👋 Codeowner Review RequestThe following codeowners have been identified for the changed files: Team reviewers: @nodejs/nodejs-website Please review the changes when you have a chance. Thank you! 🙏 |
github-actions
bot
removed
the
github_actions:pull-request
Contributor
|
Lighthouse Results
|
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #8572 +/- ##
==========================================
- Coverage 75.01% 74.98% -0.04%
==========================================
Files 103 103
Lines 9037 9037
Branches 311 312 +1
==========================================
- Hits 6779 6776 -3
- Misses 2256 2259 +3
Partials 2 2 ☔ View full report in Codecov by Sentry. |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds a security assessment blog post for OpenSSL vulnerabilities disclosed in January 2026, analyzing their impact on Node.js.
Changes:
- Adds a new vulnerability assessment blog post documenting 12 CVEs from OpenSSL's January 2026 security advisory
- Identifies 3 CVEs affecting Node.js (with Low to Moderate severity) and 9 CVEs that do not affect Node.js
- Documents that affected vulnerabilities will be included in regular releases rather than dedicated security releases due to limited attack surface
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
apps/site/pages/en/blog/vulnerability/openssl-fixes-in-regular-releases-jan2026.md
Outdated
Show resolved
Hide resolved
Contributor
📦 Build Size ComparisonSummary
Changes➕ Added Assets (1)
➖ Removed Assets (1)
|
…-releases-jan2026.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Rafael Gonzaga <rafael.nunu@hotmail.com>
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
Comment on lines
26
to
32
| | Branch | OpenSSL Version | Affected | | ||
| | ------ | --------------- | -------- | | ||
| | v20.x | 3.0.15 | No | | ||
| | v22.x | 3.0.17 | No | | ||
| | v24.x | 3.5.4 | Yes | | ||
| | v25.x | 3.5.4 | Yes | | ||
| | main | 3.5.4 | Yes | |
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
marco-ippolito
approved these changes
Jan 28, 2026
bjohansebas
approved these changes
Jan 28, 2026
github-actions
bot
removed
the
github_actions:pull-request
richardlau
reviewed
Jan 28, 2026
apps/site/pages/en/blog/vulnerability/openssl-fixes-in-regular-releases-jan2026.md
Outdated
Show resolved
Hide resolved
apps/site/pages/en/blog/vulnerability/openssl-fixes-in-regular-releases-jan2026.md
Outdated
Show resolved
Hide resolved
Co-authored-by: Richard Lau <richard.lau@ibm.com> Signed-off-by: Rafael Gonzaga <rafael.nunu@hotmail.com>
bjohansebas
reviewed
Jan 28, 2026
|
|
||
| ## Analysis | ||
|
|
||
| All three vulnerabilities relate to how Node.js processes PFX (PKCS#12) certificate files, |
richardlau
approved these changes
Jan 28, 2026
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
cc: @nodejs/tsc @nodejs/security