diff --git a/build.js b/build.js
index 21fba0bc6c242..d306748f7f1ab 100755
--- a/build.js
+++ b/build.js
@@ -270,7 +270,7 @@ function getSource (callback) {
},
banner: {
visible: true,
- content: 'Important security releases, please update now!'
+ content: 'Important upcoming security releases, please review'
}
}
}
diff --git a/locale/en/blog/vulnerability/december-2017-security-releases.md b/locale/en/blog/vulnerability/december-2017-security-releases.md
new file mode 100644
index 0000000000000..27bbbb54ed80a
--- /dev/null
+++ b/locale/en/blog/vulnerability/december-2017-security-releases.md
@@ -0,0 +1,33 @@
+---
+date: 2017-12-04T19:30:00.617Z
+category: vulnerability
+title: Data Confidentiality/Integrity Vulnerability, December 2017
+slug: december-2017-security-releases
+layout: blog-post.hbs
+author: Michael Dawson
+---
+
+# Summary
+The Node.js project will be releasing new versions of 4.x, 6.x, 8.x and 9.x as soon as possible after the OpenSSL release, on or soon after December 8th UTC, to incorporate a security fix.
+
+# Data Confidentiality/Integrity Vulnerability
+
+All versions of 4.x, 6.x, 8.x and 9.x are vulnerable to an issue to be fixed in the forthcoming OpenSSL-1.0.2n released on Dec 7, see https://mta.openssl.org/pipermail/openssl-announce/2017-December/000108.html for more details. The severity of this vulnerability of Node.js is HIGH (due to the way Node.js uses the OpenSSL APIs) and users of the affected versions should plan to upgrade when a fix is made available.
+
+# Impact
+
+* Versions 4.0 and later of Node.js are vulnerable
+* Versions 6.0 and later of Node.js are vulnerable
+* Versions 8.0 and later of Node.js are vulnerable
+* Versions 9.0 and later of Node.js are vulnerable
+
+# Release timing
+Releases will be available as soon as possible after the OpenSSL release, along with disclosure of the details for the vulnerability in order to allow for complete impact assessment by users.
+
+# Contact and future updates
+
+The current Node.js security policy can be found at https://nodejs.org/en/security/.
+
+Please contact security@nodejs.org if you wish to report a vulnerability in Node.js.
+
+Subscribe to the low-volume announcement-only nodejs-sec mailing list at https://groups.google.com/forum/#!forum/nodejs-sec to stay up to date on security vulnerabilities and security-related releases of Node.js and the projects maintained in the [nodejs GitHub organisation](https://github.com/nodejs/).