OpenSSL vulnerability in NodeJS


is the current Pinegrow version affected by this vulnerability?

"The OpenSSL project announced this week that they will be releasing versions 3.0.2 and 1.1.1n on the 15th of March 2022 between 1300-1700 UTC. The releases will fix two security defects that are labelled as “HIGH” severity under their security policy.

Node.js v12.x, v14.x and v16.x use OpenSSL v1.1.1 and Node.js v17.x uses OpenSSL v3. Therefore all active release lines are impacted by this update."



Hi @Lutz,
Thanks for notice! The version of NW.js that Pinegrow uses does incorporate Node.js v16.4.2. However, Pinegrow doesn’t directly use the OpenSSL package, so this shouldn’t be a concern. We will keep our eye on the Node.js blog!