May 26th, 2020
The Node.js project will release security updates to all supported release lines on or shortly after Tuesday, June 2nd, 2020.
The highest severity fix will be “High”.
All supported versions (10.x, 12.x, and 14.x) of Node.js are vulnerable. Note that 13.x will be end-of-life on June 1st, before the security release date, and according to policy it will not receive any more updates.
Releases will be available on or shortly after Tuesday, June 2nd, 2020.
Contact and future updates
The current Node.js security policy can be found at https://nodejs.org/en/security/. Please follow the process outlined in https://github.com/nodejs/node/blob/master/SECURITY.md if you wish to report a vulnerability in Node.js.
Subscribe to the low-volume announcement-only nodejs-sec mailing list at https://groups.google.com/forum/#!forum/nodejs-sec to stay up to date on security vulnerabilities and security-related releases of Node.js and the projects maintained in the nodejs GitHub organization.