FIND-20260329-020 · 2026-03-29 · Innovation Veille

Node.js security releases March 24 — v22.22.2 (LTS), v24.14.1 (LTS), v25.8.2 (Current), v20.20.2 (LTS)

release HIGH
On March 24, 2026, the Node.js team released security updates across all active release lines: v20.20.2 (Iron LTS), v22.22.2 (Jod LTS), v24.14.1 (Krypton LTS), and v25.8.2 (Current). All four releases address multiple CVEs. ODS uses Node.js LTS in the ods-dashboard (Next.js), notification-hub email workers, and various build tools. Previous tracked versions were v22.22.2 and v25.8.2 — these already reflect the patched versions, meaning last-versions.json is current. Ensure all ODS services using Node.js have been rebuilt with these patched base images.

Source

https://nodejs.org/en/blog/vulnerability/march-2026-security-releases

ODS Impact

ods-dashboard (Next.js/Hono), notification-hub (email processing workers), all CI/CD pipelines using Node.js tooling. Docker base images should reference node:22.22.2-alpine or node:24.14.1-alpine for LTS. Run npm audit in all Node.js services to check for transitive dependency CVEs.

Security Review

License: MIT | Maintenance: ACTIVE | Risk: LOW | Recommendation: SAFE_TO_USE

Tags

nodejs release security lts npm
Generated by ODS Innovation Veille · 2026-03-29T09:06:40+00:00