[CVE-2022-36127] Release Apache SkyWalking for NodeJS 0.5.1

Release Apache SkyWalking NodeJS 0.5.1 to fix CVE-2022-36127.

SkyWalking NodeJS 0.5.1 is released. Go to downloads page to find release tars.

SkyWalking NodeJS 0.5.1 is a patch release that fixed a vulnerability(CVE-2022-36127) in all previous versions <=0.5.0, we recommend all users who are using versions <=0.5.0 should upgrade to this version.

The vulnerability could cause NodeJS services that has this agent installed to be unavailable if the header includes an illegal SkyWalking header, such as

  • OAP is unhealthy and the downstream service’s agent can’t establish the connection.
  • Some sampling mechanism is activated in downstream agents.