Node browser runtime release notes

Node browser runtime v1.1.105

Wed, 15 Mar 2023 00:00:00 +0000

Fixes

Better HAR aggregation logic to ensure data isn't missing.

Node browser runtime v1.1.102

Mon, 06 Mar 2023 00:00:00 +0000

Improvements

Allows users to set configurable timeouts for heavy monitors

Node browser runtime v1.1.108

Tue, 11 Apr 2023 00:00:00 +0000

Fixes

Updates packages to mitigate CVEs

Node browser runtime v1.1.111

Tue, 18 Apr 2023 00:00:00 +0000

Fixes

Prevent cookie exceptions on simple browser SSL verification.

Node browser runtime v1.1.113

Thu, 20 Apr 2023 00:00:00 +0000

Fixes

Remediates vm2 vulnerability.

Node browser runtime v1.1.115

Thu, 27 Apr 2023 00:00:00 +0000

Fixes

Upgrades joi version to remediate CVE-2023-25166

Node browser runtime v1.1.33

Thu, 15 Sep 2022 00:00:00 +0000

Fixes

Lowered our Cert Check SecLevel down, so a bunch of monitor failing due to low security standards, will stop failing.

Node browser runtime v1.1.36

Tue, 04 Oct 2022 00:00:00 +0000

Improvements

Improved alerts for accounts that aren't up-to-date on node security requirements.

Node browser runtime v1.1.46

Mon, 10 Oct 2022 00:00:00 +0000

New Features

Allowed custom headers to be passed to the cert check, which helps prevent cert checks from failing on endpoints depending on custom headers.
Parsed cookies from response headers and added them to the redirect headers, which helps prevent certification checks from failing on endpoints that depend on cookies.

Improvements

Proper cookie handling

Node browser runtime v1.1.65

Fri, 04 Nov 2022 00:00:00 +0000

Improvements

Required all needed modules at the start of the runtime which allowed the kick off the builds sooner resulting in some saved time in the performance metrics.
Simple Browser monitors should run faster due to having timeout limits set on requests for SSL checks
Added headers to all matching domains, but not urls that do not share the base domain
Improved performance for allow and deny lists

Node browser runtime v1.1.68

Thu, 10 Nov 2022 00:00:00 +0000

Fixes

Kubernetes job managers should be running jobs successfully again, after having their queues backed up with jobs due to having the JOB_ID
Simple and Scripted monitors with successful checks should not have unrelated timeout error anymore

Node browser runtime v1.1.75

Tue, 17 Jan 2023 00:00:00 +0000

Fixes

Fixes the synthetics v1 and v2 TT headers to follow same format as old minion.

Node browser runtime v1.1.70

Tue, 29 Nov 2022 00:00:00 +0000

Fixes

Removed support for net-ping module

Node browser runtime v1.1.704

Thu, 01 Dec 2022 00:00:00 +0000

Fixes

Adds node-vault to allow customers to integrate with Hashicorp vault for secrets management.
Adds OTPAuth for customers to use single sign on.

Node browser runtime v1.1.77

Tue, 17 Jan 2023 00:00:00 +0000

New Features

Utilize Google's DeclarativeNetRequest API to set deny/allow listing, reducing overhead on the system.

Node browser runtime v1.1.78

Tue, 17 Jan 2023 00:00:00 +0000

Fixes

Reverts the changes made to utilize Chrome's DeclarativeNetRequest.

Node browser runtime v1.1.90

Thu, 09 Feb 2023 00:00:00 +0000

Fixes

Removed some console logging.
Reverted feature that added declarativeNetRequest to allow/deny list.

Features

Enabled chrome preserve log and the collection of the har at end of the script. This brings us closer to parity with Chrome 72.

Node browser runtime v1.1.79

Tue, 17 Jan 2023 00:00:00 +0000

Fixes

Fixes CVE-2022-41940 by updating the necessary Node modules.

Node browser runtime v1.1.99

Tue, 28 Feb 2023 00:00:00 +0000

Fixes

Fixes the bug where customers were seeing secondary requests not be blocked by our URL filters.

Features

Adds the feature of accepting device emulation jobs.

Node browser runtime v2.0.10

Tue, 30 May 2023 00:00:00 +0000

Fixes

Fixes the logic that sends Stack trace to SJM on runtime crash.

Node browser runtime v2.0.20

Tue, 13 Jun 2023 00:00:00 +0000

Fixes

Previous fix to remediate urllib vulnerability was rolled back due to errors. Dependency was pinned instead. Resolves CVE-2023-32314.

Security Patches

CVE-2023-2968
CVE-2023-32695
CVE-2023-32314

Node browser runtime v2.0.12

Thu, 01 Jun 2023 00:00:00 +0000

Fixes

Support for Japanese text in screenshots.

Node browser runtime v2.0.15

Fri, 02 Jun 2023 00:00:00 +0000

Security Patches

CVE-2023-32314

Node browser runtime v2.0.3

Mon, 15 May 2023 00:00:00 +0000

Fixes

Fixes Bug where proxy configs were ignored when Authentication was supplied.
Fixes Bug that was causing performance metrics to not be captured on some Simple browser runs.
Fixes Bug that was causing the har to be dropped when first page visited does not load.
Fixes bug where some requests are not assigned to correct page.
Prevents user from closing the browser session prematurely.

Features

Upgrades chrome from 100 to Chrome 112
Customers have enhanced support for selenium webDriver's API.

Node browser runtime v2.0.29

Thu, 27 Jul 2023 00:00:00 +0000

New Feature

Allows customers to get screenshots when a simple browser job fails with a status code error

Security Updates

CVE-2023-32695

Node browser runtime v2.0.32

Mon, 21 Aug 2023 00:00:00 +0000

Fixes

Update got library retry logic to avoid false failures

Security Patches

CVE-2022-25883
CVE-2023-26115
CVE-2022-37614

Node browser runtime v2.0.35

Wed, 05 Oct 2022 00:00:00 +0000

Fixes

Removes deprecation warnings for $driver and $browser
Fixes missing har on timed out jobs

Node browser runtime v2.1.10

Thu, 14 Dec 2023 00:00:00 +0000

Fixes

Adds filter to scrub NR Access Keys and bearer tokens

Security patches

Pins glob version to remediate CWE-772
Removes access to VM module

Node browser runtime v2.1.12

Thu, 28 Dec 2023 00:00:00 +0000

Fixes

Prevents Module Deny-list bypass via node qualified require statements
Deny-list "module" module

Node browser runtime v2.1.5

Wed, 06 Dec 2023 00:00:00 +0000

Fixes

When running in K8 mode, unhealthy Runtimes now exit if they cannot reach SJM's 'Job' endpoint.
Pinning Yarn to version 2.4.3.
Truncates script logs to expected size.
Upgrade base Ubuntu image.
Set minimum TLS version to accommodate upgraded Ubuntu base image OpenSSL.

Security patches

CVE-2023-43646
CVE-2023-46233
CVE-2023-28155
CVE-2023-45857

Node browser runtime v2.2.1

Thu, 04 Jan 2024 00:00:00 +0000

Improvements

Upgrade Chrome version from 112 to 117

Node browser runtime v2.2.10

Thu, 25 Jan 2024 00:00:00 +0000

Improvements

Increase browser extension proxy timeout to better accommodate resource-constrained environments
Additional error logging

Fixes

Unblock ensighten.com as a legitimate endpoint

Node browser runtime v2.2.2

Mon, 08 Jan 2024 00:00:00 +0000

Security patches

Update Axios

Node browser runtime v2.2.22

Wed, 07 Feb 2024 00:00:00 +0000

New Features

Step monitor support

Fixes

Added missing argument to step monitor script
Fixed step monitor secure credential evaluation

Security patches

CVE-2023-26159
CWE-1321

Node browser runtime v2.2.33

Mon, 26 Feb 2024 00:00:00 +0000

Fixes

Adds additional fonts for displaying Chinese and Korean characters in screenshots

Security patches

CWE-1333

Node browser runtime v2.2.28

Tue, 13 Feb 2024 00:00:00 +0000

Fixes

Reduces Polling frequency for successful requests while in Kubernetes clusters.

Node browser runtime v2.2.49

Fri, 05 Apr 2024 00:00:00 +0000

Features

Adds Custom Node Modules support for private Job Managers

Fixes

Customers can't see cookie values anymore to mask sensitive data

Security patches

CVE-2024-28849

Node browser runtime v2.2.45

Wed, 20 Mar 2024 00:00:00 +0000

Features

Adds form-data module
Adds async module

Fixes

Step monitor Assert element step no longer preemptively throws error when element not found
Masks sensitive header values in HAR log

Security patches

CVE-2023-4228

Node browser runtime v2.3.21

Mon, 29 Apr 2024 00:00:00 +0000

Features

Adds Webassembly (WASM) support for private Job Managers

Fixes

Scrubs URI encoded secure credentials from job results

Node browser runtime v2.3.28

Fri, 24 May 2024 00:00:00 +0000

Fixes

Fixed an issue where Certificate Check Monitor failed with a "no certificate" error when the subjectAltName field was not provided.

Node browser runtime v2.3.41

Thu, 27 Jun 2024 00:00:00 +0000

Fixes

Unblock viewpoint.com
Shim the selenium function getAllWindowHandles() to not account for all devtool windows
Add a retryer to our findElement() functionality in step monitor to handle race condition

Security Patches

CVE-2024-37890

Node browser runtime v2.3.60

Thu, 25 Jul 2024 00:00:00 +0000

Features

Uses FIPs-compliant base images for the runtime

Fixes

Fixes step monitors failing when there are errors in the har

Security Patches

Upgrades various packages to mitigate CVE-2024-37890

Node browser runtime v3.0.1

Thu, 08 Aug 2024 00:00:00 +0000

Features

Supports running Firefox browsers for synthetics monitors.

Patches

Updates synthetics-browser-extension to patch ws vulnerabilities.

Node browser runtime v3.0.12

Tue, 03 Dec 2024 00:00:00 +0000

Features

Enabled support for Podman.

Node browser runtime v3.0.15

Tue, 10 Dec 2024 00:00:00 +0000

Fixes

Removes ssh keys from the runtime image to improve security.

Node browser runtime v3.0.26

Mon, 31 Mar 2025 00:00:00 +0000

Fixes

Upgrade axios to 1.8.2

Node browser runtime v3.0.24

Wed, 12 Mar 2025 00:00:00 +0000

Fixes

Updated packages to remediate CVE-2023-26156.
Updated latest chrome version from chrome-117 to chrome-131.

Node browser runtime v3.0.32

Thu, 26 Jun 2025 00:00:00 +0000

Improvements

Updated chrome builder options for chrome 131

Node browser runtime v3.0.30

Tue, 13 May 2025 00:00:00 +0000

Improvements

Upgrade internal axios to 1.8.2

Node browser runtime v3.0.35

Mon, 07 Jul 2025 00:00:00 +0000

Improvements

Base image upgrade

Node browser runtime v3.0.39

Tue, 29 Jul 2025 00:00:00 +0000

Improvements

Fixed the form-data vulnerability and underlying Ubuntu vulnerabilities to address security vulnerabilities in Node Browser runtimes.

Node browser runtime v3.0.4

Wed, 21 Aug 2024 00:00:00 +0000

Features

Adds proxy support for Firefox monitors.

Security Patches

Updates packages to remediate CVE-2024-39338.

Node browser runtime v3.0.41

Wed, 13 Aug 2025 00:00:00 +0000

Improvements

Fixed the tmp CVE-2025-54798 vulnerability and underlying Ubuntu vulnerabilities to address security vulnerabilities in Node Browser runtimes.

Node browser runtime v3.0.55

Tue, 07 Oct 2025 00:00:00 +0000

Fixed the underlying Ubuntu vulnerabilities to address security vulnerabilities in Node browser runtimes, below are the CVE's fixed.

CVE-2025-6297
CVE-2025-8058
CVE-2025-59798
CVE-2025-59799
CVE-2025-59800
CVE-2025-7462
CVE-2024-10963
CVE-2025-9230
CVE-2025-9900
CVE-2025-8961
CVE-2025-9165
CVE-2024-58090
CVE-2025-21872
CVE-2025-21873
CVE-2025-21875
CVE-2025-21877
CVE-2025-21878
CVE-2025-21880
CVE-2025-21881
CVE-2025-21883
CVE-2025-21885
CVE-2025-21888
CVE-2025-21889
CVE-2025-21890
CVE-2025-21891
CVE-2025-21892
CVE-2025-21894
CVE-2025-21895
CVE-2025-21898
CVE-2025-21903
CVE-2025-21904
CVE-2025-21905
CVE-2025-21908
CVE-2025-21909
CVE-2025-21910
CVE-2025-21911
CVE-2025-21912
CVE-2025-21913
CVE-2025-21914
CVE-2025-21915
CVE-2025-21916
CVE-2025-21917
CVE-2025-21918
CVE-2025-21919
CVE-2025-21920
CVE-2025-21922
CVE-2025-21924
CVE-2025-21925
CVE-2025-21926
CVE-2025-21927
CVE-2025-21928
CVE-2025-21929
CVE-2025-21930
CVE-2025-21934
CVE-2025-21935
CVE-2025-21936
CVE-2025-21937
CVE-2025-21941
CVE-2025-21944
CVE-2025-21945
CVE-2025-21946
CVE-2025-21947
CVE-2025-21948
CVE-2025-21950
CVE-2025-21951
CVE-2025-21955
CVE-2025-21956
CVE-2025-21957
CVE-2025-21959
CVE-2025-21960
CVE-2025-21961
CVE-2025-21962
CVE-2025-21963
CVE-2025-21964
CVE-2025-21966
CVE-2025-21967
CVE-2025-21968
CVE-2025-21969
CVE-2025-21970
CVE-2025-21972
CVE-2025-21975
CVE-2025-21976
CVE-2025-21977
CVE-2025-21978
CVE-2025-21979
CVE-2025-21980
CVE-2025-21981
CVE-2025-21982
CVE-2025-21986
CVE-2025-21991
CVE-2025-21992
CVE-2025-21994
CVE-2025-21995
CVE-2025-21996
CVE-2025-21997
CVE-2025-21999
CVE-2025-22001
CVE-2025-22003
CVE-2025-22004
CVE-2025-22005
CVE-2025-22007
CVE-2025-22008
CVE-2025-22009
CVE-2025-22010
CVE-2025-22011
CVE-2025-22013
CVE-2025-22014
CVE-2025-22015
CVE-2025-22016
CVE-2025-22017
CVE-2025-37756
CVE-2025-37785
CVE-2025-37889
CVE-2025-38477
CVE-2025-38500
CVE-2025-38569
CVE-2025-38617
CVE-2025-38618

Node browser runtime v3.0.50

Mon, 22 Sep 2025 00:00:00 +0000

Improvements

Upgrade Chrome browser version from 131 to 134

Fixes

Fixed CVE-2025-58754 and the underlying Ubuntu vulnerabilities to address security vulnerabilities in Node browser runtimes.

Node browser runtime v3.0.43

Thu, 04 Sep 2025 00:00:00 +0000

Improvements

Fixed the underlying Ubuntu vulnerabilities to address security vulnerabilities in Node Browser runtimes.

Node browser runtime vrc1.0

Thu, 16 Oct 2025 00:00:00 +0000

Improvements

Upgraded Chrome browser to 140.

Node browser runtime vrc1.10

Wed, 11 Feb 2026 00:00:00 +0000

Security Patches

Fixed the following vulnerabilities:
- CVE-2026-25547
- CVE-2025-13465
- CVE-2026-24842
- CVE-2025-11468
- CVE-2025-12084
- CVE-2025-13837
- CVE-2025-15282
- CVE-2025-15366
- CVE-2025-15367
- CVE-2026-0672
- CVE-2026-0865
- CVE-2025-28162
- CVE-2025-28164
- CVE-2025-15281
- CVE-2026-0861
- CVE-2026-0915
- CVE-2026-1484
- CVE-2026-1485
- CVE-2026-1489

Node browser runtime v3.0.7

Wed, 04 Sep 2024 00:00:00 +0000

Security Patches

Updates packages to remediate CVE-2023-42282.

Node browser runtime vrc1.1

Thu, 30 Oct 2025 00:00:00 +0000

Security Patches

Fixed vulnerability (GHSA-mm7p-fcc7-pg87) for nodemailer.
Fixed vulnerability (CVE-2025-56200) for validator.

Node browser runtime vrc1.2

Tue, 04 Nov 2025 00:00:00 +0000

Improvements

Upgraded Chrome browser to 141.

Security Patches

Fixed vulnerability (CVE-2025-5889) for brace-expansion.

Node browser runtime vrc1.3

Mon, 17 Nov 2025 00:00:00 +0000

Improvements

Upgraded Chrome browser to 142.

Node browser runtime vrc1.7

Fri, 16 Jan 2026 00:00:00 +0000

Security Patches

Fixed the following vulnerability:
- CVE-2025-15284

Node browser runtime vrc1.4

Thu, 04 Dec 2025 00:00:00 +0000

Improvements

Upgraded Chrome browser to 142.0.7444.175
Fixed CVE-2025-64756 and CVE-2025-64718 vulnerabilities

Node browser runtime vrc1.5

Mon, 15 Dec 2025 00:00:00 +0000

Improvements

Fixed GHSA-rcmh-qjqh-p98v vulnerability

Node browser runtime vrc1.6

Wed, 17 Dec 2025 00:00:00 +0000

Improvements

Updated Chrome browser to version 143.0.7499.146. Users may observe a deprecation warning in browser logs stating "Automatic fallback to software WebGL has been deprecated." This change removes the automatic fallback functionality to address a high-severity security vulnerability (CVE-2025-14765).

Node browser runtime vrc1.9

Wed, 04 Feb 2026 00:00:00 +0000

Security Patches

Fixed the following vulnerabilities:
- CVE-2025-15467
- CVE-2025-68160
- CVE-2025-69418
- CVE-2025-69419
- CVE-2025-69420
- CVE-2025-69421
- CVE-2025-8732
- CVE-2026-0989
- CVE-2026-0990
- CVE-2026-0992
- CVE-2026-22795
- CVE-2026-22796

Node browser runtime vrc1.8

Tue, 27 Jan 2026 00:00:00 +0000

Security Patches

Fixed the following vulnerabilities:
- CVE-2026-23745
- CVE-2026-23950
- CVE-2026-22036

Node browser runtime vrc1.11

Mon, 02 Mar 2026 00:00:00 +0000

Improvements

Fixed an issue that occasionally caused exported HAR files to be empty (0 bytes).
Optimized system performance.

Security Patches

Fixed the following vulnerabilities:
- CVE-2025-8277
- CVE-2025-9820
- CVE-2025-10148
- CVE-2025-14017
- CVE-2025-14524
- CVE-2025-14819
- CVE-2025-14831
- CVE-2025-15079
- CVE-2025-15224
- CVE-2025-22037
- CVE-2025-37899
- CVE-2025-69873
- CVE-2026-0964
- CVE-2026-0965
- CVE-2026-0966
- CVE-2026-0967
- CVE-2026-0968
- CVE-2026-2391
- CVE-2026-24515
- CVE-2026-25068
- CVE-2026-25210
- CVE-2026-25639
- CVE-2026-25646
- CVE-2026-25896
- CVE-2026-26278
- CVE-2026-26960
- CVE-2026-26996