On July 18, the Apache SkyWalking team announced the release of the SkyWalking NodeJS 0.5.1 patch version (CVE-2022-36127) on the official blog, and reminded all users to upgrade in time.
In the latest tweet from the official account @ASFSkyWalking, Apache SkyWalking also publicly announced the news:
It is reported that the newly released SkyWalking NodeJS 0.5.1 patch version fixes all the vulnerabilities in earlier versions <= 0.5.0. SkyWalking recommends that all users using version <= 0.5.0 upgrade to this version. (NodeJS has service unavailability impact on installed services)
If the header contains an illegal SkyWalking header, such as (1) OAP is unhealthy, and the downstream service's proxy cannot establish a connection, the vulnerability will render the NodeJS service with the proxy installed unusable. (2) Some sampling mechanisms are activated in downstream agents.
SkyWalking is the first personal open source APM project (application performance monitoring system for distributed systems) developed into a top-level Apache project in China, including monitoring, tracking and diagnosis functions for distributed systems in a cloud-native architecture, especially for microservices, Cloud native and containerized (Docker, Kubernetes, Mesos) architectures.
The newly released SkyWalking NodeJS 0.5.1 patch version can be downloaded using the link below:
Download link: https://skywalking.apache.org/downloads/
Reference link: https://twitter.com/ASFSkyWalking/status/1548895800289525760
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。