New Node.js versions available with OpenSSL vulnerability remediations

Change effective on 04 November 2022

The following Node.js versions have been released, and are available for use on Heroku: 19.0.1, 18.12.1, 16.18.1,14.21.1. These versions address several vulnerabilities classified as medium and high related to OpenSSL. We highly recommend rebuilding any and all Heroku apps that use Node.js as soon as possible to pickup one of these new versions.

You can read details about these fixes on the Node.js blog.

Please note that while Heroku stack images (heroku-18, heroku-20, and heroku-22) have already been patched for these OpenSSL vulnerabilities (details on that here), Node.js includes it’s own statically linked copies of OpenSSL, which may still be vulnerable unless updated to one of these new versions.