Hi, sorry that i forgot to mention it in the changelog: https://security-tracker.debian.org/tracker/CVE-2014-7191 is closed by node-qs 2.2.4-1 Thanks, Jérémy.