Skip to content

Blog: add OpenSSL Jan Sec Release Assessment#8572

Merged
RafaelGSS merged 4 commits intomainfrom
add-openssl-assessment
Jan 29, 2026
Merged

Blog: add OpenSSL Jan Sec Release Assessment#8572
RafaelGSS merged 4 commits intomainfrom
add-openssl-assessment

Conversation

@RafaelGSS
Copy link
Member

@RafaelGSS RafaelGSS commented Jan 28, 2026

cc: @nodejs/tsc @nodejs/security

Copilot AI review requested due to automatic review settings January 28, 2026 17:14
@RafaelGSS RafaelGSS requested a review from a team as a code owner January 28, 2026 17:14
@vercel
Copy link

vercel bot commented Jan 28, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Review Updated (UTC)
nodejs-org Ready Ready Preview Jan 28, 2026 8:18pm

Request Review

@github-actions
Copy link
Contributor

github-actions bot commented Jan 28, 2026

👋 Codeowner Review Request

The following codeowners have been identified for the changed files:

Team reviewers: @nodejs/nodejs-website

Please review the changes when you have a chance. Thank you! 🙏

@RafaelGSS RafaelGSS added the github_actions:pull-request Trigger Pull Request Checks label Jan 28, 2026
@github-actions github-actions bot removed the github_actions:pull-request Trigger Pull Request Checks label Jan 28, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Jan 28, 2026
edited
Loading

Lighthouse Results

URL Performance Accessibility Best Practices SEO Report
/en 🟢 97 🟢 96 🟢 100 🟢 100 🔗
/en/about 🟢 99 🟢 97 🟢 100 🟠 88 🔗
/en/about/previous-releases 🟢 98 🟢 100 🟢 100 🟢 100 🔗
/en/download 🟢 99 🟢 100 🟠 81 🟢 100 🔗
/en/download/archive/current 🟢 100 🟢 100 🟢 100 🟢 100 🔗
/en/blog 🟢 100 🟢 100 🟢 96 🟢 100 🔗

@codecov
Copy link

codecov bot commented Jan 28, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 74.98%. Comparing base (6003a64) to head (1100377).
⚠️ Report is 2 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #8572      +/-   ##
==========================================
- Coverage   75.01%   74.98%   -0.04%     
==========================================
  Files         103      103              
  Lines        9037     9037              
  Branches      311      312       +1     
==========================================
- Hits         6779     6776       -3     
- Misses       2256     2259       +3     
  Partials        2        2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Copilot AI reviewed Jan 28, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds a security assessment blog post for OpenSSL vulnerabilities disclosed in January 2026, analyzing their impact on Node.js.

Changes:

  • Adds a new vulnerability assessment blog post documenting 12 CVEs from OpenSSL's January 2026 security advisory
  • Identifies 3 CVEs affecting Node.js (with Low to Moderate severity) and 9 CVEs that do not affect Node.js
  • Documents that affected vulnerabilities will be included in regular releases rather than dedicated security releases due to limited attack surface

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@github-actions
Copy link
Contributor

github-actions bot commented Jan 28, 2026
edited
Loading

📦 Build Size Comparison

Summary

Metric Value
Old Total Size 3.74 MB
New Total Size 3.74 MB
Delta 248.00 B (+0.01%)

Changes

➕ Added Assets (1)
Name Size
.next/static/chunks/f79446d8d21af36f.js 206.15 KB
➖ Removed Assets (1)
Name Size
.next/static/chunks/2357a96b28a198c4.js 205.91 KB

@RafaelGSS
Update apps/site/pages/en/blog/vulnerability/openssl-fixes-in-regular…
a8fe8c6 
…-releases-jan2026.md

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Rafael Gonzaga <rafael.nunu@hotmail.com>
@RafaelGSS RafaelGSS added the github_actions:pull-request Trigger Pull Request Checks label Jan 28, 2026
@github-actions github-actions bot removed the github_actions:pull-request Trigger Pull Request Checks label Jan 28, 2026
@RafaelGSS @richardlau
Apply suggestions from code review
1100377 
Co-authored-by: Richard Lau <richard.lau@ibm.com>
Signed-off-by: Rafael Gonzaga <rafael.nunu@hotmail.com>
@RafaelGSS RafaelGSS enabled auto-merge January 29, 2026 12:29
@RafaelGSS RafaelGSS added this pull request to the merge queue Jan 29, 2026
Merged via the queue into main with commit 5046ba5 Jan 29, 2026
13 checks passed
@RafaelGSS RafaelGSS deleted the add-openssl-assessment branch January 29, 2026 12:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bjohansebas bjohansebas bjohansebas approved these changes

Copilot code review Copilot Copilot left review comments

@UlisesGascon UlisesGascon UlisesGascon approved these changes

@richardlau richardlau richardlau approved these changes

@marco-ippolito marco-ippolito marco-ippolito approved these changes

@avivkeller avivkeller avivkeller approved these changes

+1 more reviewer

@sentry sentry[bot] sentry[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@RafaelGSS @UlisesGascon @richardlau @marco-ippolito @avivkeller @bjohansebas