Visit NES for Lodash Home Page
Lodash 4.17 Release Notes
3 versions
Comprehensive release notes and changelog for Lodash 4.17, including security patches, bug fixes, and feature updates across all supported versions.
April 2026
4.17.25
Released Apr 9, 2026 Full Version:
4.17.23-lodash-4.17.25
Notes
- This release contains backported security fixes to remediate two vulnerabilities.
- Full version:
@neverendingsupport/lodash@4.17.23-lodash-4.17.25
Bug Fixes
_.unset:- Block unsafe traversal via
constructorandprototype.- This fixes a moderate-severity Prototype Pollution vulnerability (CVE-2026-2950).
- Block unsafe traversal via
_.omit:- Block unsafe traversal via
constructorandprototype.- This fixes a moderate-severity Prototype Pollution vulnerability (CVE-2026-2950).
- Block unsafe traversal via
_.template:- Harden against code injection via
options.imports.- This fixes a high-severity Code Injection vulnerability (CVE-2026-4800).
- Harden against code injection via
February 2026
Stay in the loop
~/herodevs-spring-framework-support
herodevs@nes:open-source$ ./display-support-info.sh