生命周期结束 (EOL)
¥End-Of-Life (EOL)
Node.js 版本达到生命周期结束的原因和方式
¥Why and how Node.js releases reach End-Of-Life
Node.js 的主要版本会按照可预测的时间表发布、修补并指定为停产版本。由于永久维护所有发布线不可行,因此在计划的维护期之后,项目将停止维护 Node.js 主要发布线。
¥Major versions of Node.js are released, patched, and designated End-Of-Life on a predictable schedule. As it's not feasible to maintain all release lines in perpetuity, after a planned maintenance period, a Node.js major release line will stop being maintained by the project.
¥View the Node.js release schedule.
发布线达到 EOL 时会发生什么
¥What Happens When a Release Line Reaches EOL
当某个版本达到生命周期终点时,这意味着它将不再接收更新,包括安全补丁。这可能导致在这些版本上运行的应用程序容易受到安全问题和错误的影响,而这些问题和错误永远无法得到修复。
¥When a version reaches End-Of-Life, it means that it will no longer receive updates, including security patches. This can leave applications running on these versions vulnerable to security issues and bugs that will never be fixed.
-
不再有漏洞修复:当新的安全版本在较新的主要产品线中暴露出问题并发布补丁时,即使相同的漏洞影响到 EOL 版本线,也不会有任何新的版本针对它们。仍在使用 EOL 版本并使用受影响代码路径的用户将立即面临利用这些已披露漏洞的攻击。
¥No more vulnerability fixes: When new security releases reveal issues and patches in newer major lines, even if the same vulnerability affects EOL release lines, there will not be any new releases for them. Users still clinging on to EOL release lines and using affected code paths will be immediately vulnerable to attacks exploiting these disclosed vulnerabilities.
-
工具链中断:EOL 版本可能不再动态链接到其所依赖的共享库的较新版本,从而阻止或破坏系统更新。
¥Tool-chain breakage: EOL releases may no longer dynamically link to newer versions of the shared libraries they depend on, blocking or breaking system updates.
-
生态系统漂移:许多流行的用户级软件包会随着时间的推移而放弃对 EOL Node.js 版本的支持。当应用程序坚持使用过时的软件包时,它可能会遭受更多未修复的漏洞和错误,从而进一步偏离生态系统的常态。
¥Ecosystem drift: Many popular user-land packages drop support for EOL Node.js releases over time. When an application clings onto outdated packages, it may suffer from even more unfixed vulnerabilities and bugs, further drifting away from ecosystem norm.
-
合规性危险信号:许多行业审计禁止未维护的运行时。
¥Compliance red flags: Many industry audits forbid unmaintained runtimes.
EOL 版本
¥EOL Versions
版本 (代号) | 上次更新 | 漏洞 | 详情 |
---|---|---|---|
v23 | 2高2中 | ||
v21 | 6高6中 | ||
v19 | 1高3中2低 | ||
v18 (Hydrogen) | 14高20中4低 | ||
v17 | 1高3中1低 | ||
v16 (Gallium) | 11高18中4低 | ||
v15 | 1严重6高1中1低 | ||
v14 (Fermium) | 2严重16高16中5低 | ||
v13 | 1严重2高 | ||
v12 (Erbium) | 2严重13高6中3低 | ||
v11 | 3高1中 | ||
v10 (Dubnium) | 1严重12高3中1低 | ||
v9 | 1严重4高1中1低 | ||
v8 (Carbon) | 1严重11高2中1低 | ||
v7 | 3高2中 | ||
v6 (Boron) | 16高12中 | ||
v5 | 15高8中 | ||
v4 (Argon) | 2严重17高9中 | ||
v0 | 2严重 |
商业支持
¥Commercial Support
尽管使用 EOL 版本存在明显的缺点,但在实践中,组织仍面临着阻碍立即升级的限制,例如遗留代码库、合规性要求或复杂的依赖关系链。对于无法立即升级但需要持续获得 Node.js 停产版本安全支持的用户,可以通过 OpenJS 生态系统可持续发展计划 合作伙伴关系获得商业支持。
¥Despite the obvious downsides of using EOL releases, in practice, organizations face constraints that prevent immediate upgrades, such as legacy codebases, compliance requirements, or complex dependency chains. For users who cannot upgrade immediately but needs continued security support for End-Of-Life versions of Node.js, commercial support is available through the OpenJS Ecosystem Sustainability Program partnership.
Node.js 目前与 HeroDevs 合作,为已过官方维护阶段的 Node.js 版本提供永不停止的支持 (NES)。这包括安全补丁、合规性协助和技术支持,以帮助你在规划升级策略时弥补差距。更多详细信息,请访问 HeroDevs Node.js NES 页面。
¥Node.js currently partners with HeroDevs to provide Never-Ending Support (NES) for Node.js versions past their official maintenance phase. This includes security patches, compliance assistance, and technical support to help bridge the gap while you plan your upgrade strategy. For more detailed information, visit the HeroDevs Node.js NES page.
通过 NES 使用 EOL 版本应被视为一种临时解决方案——目标始终应该是升级到积极支持的版本。
¥Using EOL releases through NES should be viewed as a temporary solution—the goal should always be to upgrade to actively supported versions.