OpenTelemetry JS Statement on Node.js DOS Mitigation

The recent Node.js denial-of-service issue isn't a vulnerability in OpenTelemetry itself, but stems from how some applications use AsyncLocalStorage with older Node.js versions (before 20.20.0). The Node.js team has fixed the underlying behavior in newer versions, and the recommended mitigation is to upgrade to Node.js 20 or later – no changes are needed within OpenTelemetry configurations. This issue was a visibility inclusion in a security release, but isn't classified as a security vulnerability by V8.