Skip to content

v3.10.5

Latest
Latest

Choose a tag to compare

View all tags
@patriksimek patriksimek released this 17 Feb 01:14
v3.10.5
408fc85

What's Changed

  • fix: allow Object.setPrototypeOf on sandbox-local objects
  • fix: block Function constructor access via getOwnPropertyDescriptor
  • fix: block Function constructor from crossing bridge regardless of access path
  • fix: block all code-executing constructors from crossing bridge via property descriptors
  • fix: block Function constructor extraction via nested property descriptors
  • fix: prevent proxy unwrapping to block Function constructor extraction via Object.entries
  • fix: prevent sandbox escape via doPreventExtensions exposure in util.inspect
  • fix: prevent sandbox escape via getFactory exposure in util.inspect
  • fix: sanitize SuppressedError sub-errors to prevent sandbox escape
  • fix: block host Function constructor leak via direct handler.get() call
  • fix: block WebAssembly.JSTag to prevent wasm-level exception catch sandbox escape in Node 25

Full Changelog: v3.10.4...v3.10.5

Assets 2
Loading