=====================================================================

                                  CERT-Renater

                      Note d'Information No. 2022/VULN297

_____________________________________________________________________

DATE                : 30/08/2022

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache SkyWalking versions prior
                                  to 0.5.1.

=====================================================================
https://lists.apache.org/list?dev@skywalking.apache.org:2022-7
_____________________________________________________________________


Apache SkyWalking NodeJS patch version 0.5.1 Released

Hi the SkyWalking Community


On behalf of the SkyWalking Team, I’m glad to announce that SkyWalking
NodeJS 0.5.1 is now released.

SkyWalking NodeJS 0.5.1 is a patch release that fixed a vulnerability in
all previous   versions <=0.5.0, we recommend all users who are using
versions <=0.5.0 should upgrade to this version.


  The vulnerability will cause NodeJS services that has this agent
installed to be unavailable if the header includes an illegal SkyWalking
header, such as

  (1) OAP is unhealthy and the downstream service's agent can't
establish      the connection.
  (2) Some sampling mechanism is activated in downstream agents.


Detail https://skywalking.apache.org/events/release-apache-skywalking-nodejs-0-5-1/


SkyWalking NodeJS: The NodeJS Agent for Apache SkyWalking, which
provides the native tracing abilities for NodeJS backend project.

SkyWalking: APM (application performance monitor) tool for
distributed systems, especially designed for microservices, cloud
native and container-based (Docker, Kubernetes, Mesos) architectures.


Download Links: http://skywalking.apache.org/downloads/

Release Notes : https://github.com/apache/skywalking-nodejs/blob/v$VERSION/CHANGELOG.md

Website: http://skywalking.apache.org/


SkyWalking NodeJS Resources:
- Issue: https://github.com/apache/skywalking/issues
- Mailing list: dev@skywalking.apache.org
- Documents: https://github.com/apache/skywalking-nodejs/blob/v$VERSION/README.md


The Apache SkyWalking Team

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================