lukechilds/node - node - Gitea: Git with a cup of tea

Commit Graph

Author	SHA1	Message	Date
Evan Lucas	113c697ded	2016-10-14, Version 6.8.1 (Current) * build: Fix building with shared zlib. (Bradley T. Hughes) [#9077](https://github.com/nodejs/node/pull/9077) * stream: fix `Writable` subclass instanceof checks (Anna Henningsen) [#9088](https://github.com/nodejs/node/pull/9088) * timers: fix regression with clearImmediate() (Brian White) [#9086](https://github.com/nodejs/node/pull/9086) PR-URL: https://github.com/nodejs/node/pull/9104	8 years ago
Jeremiah Senkpiel	e4ee09a5b3	2016-10-12, Version 6.8.0 (Current) * fs: - `SyncWriteStream` now inherits from `Stream.Writable`. (Anna Henningsen) https://github.com/nodejs/node/pull/8830 - Practically, this means that when stdio is piped to a file, stdout and stderr will still be `Writable` streams. - `fs.existsSync()` has been undeprecated. `fs.exists()` remains deprecated. (Dan Fabulich) https://github.com/nodejs/node/pull/8364 * http: `http.request()` now accepts a `timeout` option. (Rene Weber) https://github.com/nodejs/node/pull/8101 * module: The module loader now maintains its own realpath cache. (Anna Henningsen) https://github.com/nodejs/node/pull/8100 * npm: Upgraded to 3.10.8 (Kat Marchán) https://github.com/nodejs/node/pull/8706 * stream: `Duplex` streams now show proper `instanceof Stream.Writable`. (Anna Henningsen) https://github.com/nodejs/node/pull/8834 * timers: Improved `setTimeout`/`Interval` performance by up to 22%. (Brian White) https://github.com/nodejs/node/pull/8661 PR-URL: https://github.com/nodejs/node/pull/9034	8 years ago
Evan Lucas	aae1862385	2016-09-27, Version 6.7.0 (Current) This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/ for details on patched vulnerabilities. Notable Changes Semver Minor: * openssl: - Upgrade to 1.0.2i, fixes a number of defects impacting Node.js: CVE-2016-6304 ("OCSP Status Request extension unbounded memory growth", high severity), CVE-2016-2183, CVE-2016-2178, and CVE-2016-6306. (Shigeki Ohtsu) https://github.com/nodejs/node/pull/8714 - Upgrade to 1.0.2j, fixes a defect included in 1.0.2i resulting in a crash when using CRLs, CVE-2016-7052. (Shigeki Ohtsu) https://github.com/nodejs/node/pull/8786 - Remove support for loading dynamic third-party engine modules. An attacker may be able to hide malicious code to be inserted into Node.js at runtime by masquerading as one of the dynamic engine modules. Originally reported by Ahmed Zaki (Skype). (Ben Noordhuis) https://github.com/nodejs/node-private/pull/73 * http: CVE-2016-5325 - Properly validate for allowable characters in the `reason` argument in `ServerResponse#writeHead()`. Fixes a possible response splitting attack vector. This introduces a new case where `throw` may occur when configuring HTTP responses, users should already be adopting try/catch here. Originally reported independently by Evan Lucas and Romain Gaucher. (Evan Lucas) https://github.com/nodejs/node-private/pull/60 Semver Patch: * buffer: Zero-fill excess bytes in new `Buffer` objects created with `Buffer.concat()` while providing a `totalLength` parameter that exceeds the total length of the original `Buffer` objects being concatenated. (Сковорода Никита Андреевич) https://github.com/nodejs/node-private/pull/64 * src: Fix regression where passing an empty password and/or salt to crypto.pbkdf2() would cause a fatal error (Rich Trott) https://github.com/nodejs/node/pull/8572 * tls: CVE-2016-7099 - Fix invalid wildcard certificate validation check whereby a TLS server may be able to serve an invalid wildcard certificate for its hostname due to improper validation of `.` in the wildcard string. Originally reported by Alexander Minozhenko and James Bunton (Atlassian). (Ben Noordhuis) https://github.com/nodejs/node-private/pull/75 v8: Fix regression where a regex on a frozen object was broken (Myles Borins) https://github.com/nodejs/node/pull/8673	8 years ago
Rod Vagg	eba39c4bc6	2016-09-27, Version 4.6.0 'Argon' (LTS) This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/ for details on patched vulnerabilities. Notable Changes Semver Minor: * openssl: - Upgrade to 1.0.2i, fixes a number of defects impacting Node.js: CVE-2016-6304 ("OCSP Status Request extension unbounded memory growth", high severity), CVE-2016-2183, CVE-2016-6303, CVE-2016-2178 and CVE-2016-6306. (Shigeki Ohtsu) https://github.com/nodejs/node/pull/8714 - Upgrade to 1.0.2j, fixes a defect included in 1.0.2i resulting in a crash when using CRLs, CVE-2016-7052. (Shigeki Ohtsu) https://github.com/nodejs/node/pull/8786 - Remove support for loading dynamic third-party engine modules. An attacker may be able to hide malicious code to be inserted into Node.js at runtime by masquerading as one of the dynamic engine modules. Originally reported by Ahmed Zaki (Skype). (Ben Noordhuis) https://github.com/nodejs/node-private/pull/70 * http: CVE-2016-5325 - Properly validate for allowable characters in the `reason` argument in `ServerResponse#writeHead()`. Fixes a possible response splitting attack vector. This introduces a new case where `throw` may occur when configuring HTTP responses, users should already be adopting try/catch here. Originally reported independently by Evan Lucas and Romain Gaucher. (Evan Lucas) https://github.com/nodejs/node-private/pull/46 Semver Patch: * buffer: Zero-fill excess bytes in new `Buffer` objects created with `Buffer.concat()` while providing a `totalLength` parameter that exceeds the total length of the original `Buffer` objects being concatenated. (Сковорода Никита Андреевич) https://github.com/nodejs/node-private/pull/65 * tls: CVE-2016-7099 - Fix invalid wildcard certificate validation check whereby a TLS server may be able to serve an invalid wildcard certificate for its hostname due to improper validation of `*.` in the wildcard string. Originally reported by Alexander Minozhenko and James Bunton (Atlassian). (Ben Noordhuis) https://github.com/nodejs/node-private/pull/63 PR-URL: https://github.com/nodejs/node-private/pull/74	8 years ago
Rod Vagg	e686be90bb	2016-09-27 Version 0.12.16 (Maintenance) Release This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/ for details on patched vulnerabilities. Notable changes: * buffer: Zero-fill excess bytes in new `Buffer` objects created with `Buffer.concat()` while providing a `totalLength` parameter that exceeds the total length of the original `Buffer` objects being concatenated. (Сковорода Никита Андреевич) * http: - CVE-2016-5325 - Properly validate for allowable characters in the `reason` argument in `ServerResponse#writeHead()`. Fixes a possible response splitting attack vector. This introduces a new case where `throw` may occur when configuring HTTP responses, users should already be adopting try/catch here. Originally reported independently by Evan Lucas and Romain Gaucher. (Evan Lucas) - Invalid status codes can no longer be sent. Limited to 3 digit numbers between 100 - 999. Lack of proper validation may also serve as a potential response splitting attack vector. Backported from v4.x. (Brian White) * openssl: - Upgrade to 1.0.1u, fixes a number of defects impacting Node.js: CVE-2016-6304 ("OCSP Status Request extension unbounded memory growth", high severity), CVE-2016-2183, CVE-2016-6303, CVE-2016-2178 and CVE-2016-6306. - Remove support for loading dynamic third-party engine modules. An attacker may be able to hide malicious code to be inserted into Node.js at runtime by masquerading as one of the dynamic engine modules. Originally reported by Ahmed Zaki (Skype). (Ben Noordhuis, Rod Vagg) * tls: CVE-2016-7099 - Fix invalid wildcard certificate validation check whereby a TLS server may be able to serve an invalid wildcard certificate for its hostname due to improper validation of `*.` in the wildcard string. Originally reported by Alexander Minozhenko and James Bunton (Atlassian). (Ben Noordhuis) PR-URL: https://github.com/nodejs/node-private/pull/72	8 years ago
Rod Vagg	f5ee3fe10e	2016-09-27 Version 0.10.47 (Maintenance) Release This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/ for details on patched vulnerabilities. Notable changes: * buffer: Zero-fill excess bytes in new `Buffer` objects created with `Buffer.concat()` while providing a `totalLength` parameter that exceeds the total length of the original `Buffer` objects being concatenated. (Сковорода Никита Андреевич) * http: - CVE-2016-5325 - Properly validate for allowable characters in the `reason` argument in `ServerResponse#writeHead()`. Fixes a possible response splitting attack vector. This introduces a new case where `throw` may occur when configuring HTTP responses, users should already be adopting try/catch here. Originally reported independently by Evan Lucas and Romain Gaucher. (Evan Lucas) - Invalid status codes can no longer be sent. Limited to 3 digit numbers between 100 - 999. Lack of proper validation may also serve as a potential response splitting attack vector. Backported from v4.x. (Brian White) * openssl: Upgrade to 1.0.1u, fixes a number of defects impacting Node.js: CVE-2016-6304 ("OCSP Status Request extension unbounded memory growth", high severity), CVE-2016-2183, CVE-2016-6303, CVE-2016-2178 and CVE-2016-6306. * tls: CVE-2016-7099 - Fix invalid wildcard certificate validation check whereby a TLS server may be able to serve an invalid wildcard certificate for its hostname due to improper validation of `*.` in the wildcard string. Originally reported by Alexander Minozhenko and James Bunton (Atlassian). (Ben Noordhuis) PR-URL: https://github.com/nodejs/node-private/pull/71	8 years ago
Jeremiah Senkpiel	ea2a309e3b	2016-09-14, Version 6.6.0 (Current) Notable changes: * crypto: Added `crypto.timingSafeEqual()`. (not-an-aardvark) https://github.com/nodejs/node/pull/8304 * events: Made the "max event listeners" memory leak warning more accessible. (Anna Henningsen) https://github.com/nodejs/node/pull/8298 * promises: Unhandled rejections now emit a process warning after the first tick. (Benjamin Gruenbaum) https://github.com/nodejs/node/pull/8223 * repl: Added auto alignment for `.editor` mode. (Prince J Wesley) https://github.com/nodejs/node/pull/8241 * util: Some functionality has been added to `util.inspect()`: - Returning `this` from a custom inspect function now works. (Anna Henningsen) https://github.com/nodejs/node/pull/8174 - Added support for Symbol-based custom inspection methods. (Anna Henningsen) https://github.com/nodejs/node/pull/8174 Refs: https://github.com/nodejs/node/issues/8428 Refs: https://github.com/nodejs/node/pull/8457 PR-URL: https://github.com/nodejs/node/pull/8466	8 years ago
Evan Lucas	0482d6d592	2016-08-26, Version 6.5.0 (Current) Notable changes: * buffer: Fix regression introduced in v6.4.0 that prevented .write() at buffer end (Anna Henningsen) https://github.com/nodejs/node/pull/8154 * deps: update V8 to 5.1.281.75 (Ali Ijaz Sheikh) https://github.com/nodejs/node/pull/8054 * inspector: * fix inspector hang while disconnecting (Aleksei Koziatinskii) https://github.com/nodejs/node/pull/8021 * add support for uncaught exception (Aleksei Koziatinskii) https://github.com/nodejs/node/pull/8043 * repl: Fix saving editor mode text in `.save` (Prince J Wesley) https://github.com/nodejs/node/pull/8145 * *Revert* "repl,util: insert carriage returns in output" (Evan Lucas) https://github.com/nodejs/node/pull/8143 PR-URL: https://github.com/nodejs/node/pull/8253	8 years ago
Myles Borins	e7bd4d2597	2016-08-15, Version 4.5.0 'Argon' (LTS) Notable Changes: Semver Minor: * buffer: * backport new buffer constructor APIs to v4.x (Сковорода Никита Андреевич) https://github.com/nodejs/node/pull/7562 * backport --zero-fill-buffers cli option (James M Snell) https://github.com/nodejs/node/pull/5745 * build: * add Intel Vtune profiling support (Chunyang Dai) https://github.com/nodejs/node/pull/5527 * repl: * copying tabs shouldn't trigger completion (Eugene Obrezkov) https://github.com/nodejs/node/pull/5958 * src: * add node::FreeEnvironment public API (Cheng Zhao) https://github.com/nodejs/node/pull/3098 * test: * run v8 tests from node tree (Bryon Leung) https://github.com/nodejs/node/pull/4704 * V8: * Add post mortem data to improve object inspection and function's context variables inspection (Fedor Indutny) https://github.com/nodejs/node/pull/3779 Semver Patch: * buffer: * ignore negative allocation lengths (Anna Henningsen) https://github.com/nodejs/node/pull/7562 * crypto: * update root certificates (Ben Noordhuis) https://github.com/nodejs/node/pull/7363 * libuv: * upgrade libuv to 1.9.1 (Saúl Ibarra Corretgé) https://github.com/nodejs/node/pull/6796 * upgrade libuv to 1.9.0 (Saúl Ibarra Corretgé) https://github.com/nodejs/node/pull/5994 * npm: * upgrade to 2.15.9 (Kat Marchán) https://github.com/nodejs/node/pull/7692	9 years ago
cjihrig	d83373d800	2016-08-15, Version 6.4.0 (Current) Notable changes: * build: zlib symbols and additional OpenSSL symbols are now exposed on Windows platforms. (Alex Hultman) https://github.com/nodejs/node/pull/7983 and https://github.com/nodejs/node/pull/7576 * child_process, cluster: Forked child processes and cluster workers now support stdio configuration. (Colin Ihrig) https://github.com/nodejs/node/pull/7811 and https://github.com/nodejs/node/pull/7838 * child_process: argv[0] can now be set to arbitrary values in spawned processes. (Pat Pannuto) https://github.com/nodejs/node/pull/7696 * fs: fs.ReadStream now exposes the number of bytes it has read so far. (Linus Unnebäck) https://github.com/nodejs/node/pull/7942 * repl: The REPL now supports editor mode. (Prince J Wesley) https://github.com/nodejs/node/pull/7275 * util: inspect() can now be configured globally using util.inspect.defaultOptions. (Roman Reiss) https://github.com/nodejs/node/pull/8013 Refs: https://github.com/nodejs/node/issues/8020 PR-URL: https://github.com/nodejs/node/pull/8070	8 years ago
Evan Lucas	c21a212bdc	2016-07-21, Version 6.3.1 (Current) Notable changes: * buffer: * Improve performance of Buffer.from(str, 'hex') and Buffer#write(str, 'hex'). (Christopher Jeffrey) https://github.com/nodejs/node/pull/7602 * Fix creating from zero-length ArrayBuffer. (Ingvar Stepanyan) https://github.com/nodejs/node/pull/7176 * deps: * Upgrade to V8 5.0.71.xx. (Ben Noordhuis) https://github.com/nodejs/node/pull/7531 * Backport V8 instanceof bugfix (Franziska Hinkelmann) https://github.com/nodejs/node/pull/7638 * repl: Fix issue with function redeclaration. (Prince J Wesley) https://github.com/nodejs/node/pull/7794 * util: Fix inspecting of boxed symbols. (Anna Henningsen) https://github.com/nodejs/node/pull/7641 PR-URL: https://github.com/nodejs/node/pull/7782	9 years ago
Jeremiah Senkpiel	7628031847	2016-07-06, Version 6.3.0 (Current) Notable changes: * buffer: Added `buffer.swap64()` to compliment `swap16()` & `swap32()`. (Zach Bjornson) https://github.com/nodejs/node/pull/7157 * build: New `configure` options have been added for building Node.js as a shared library. (Stefan Budeanu) https://github.com/nodejs/node/pull/6994 - The options are: `--shared`, `--without-v8-platform` & `--without-bundled-v8`. * crypto: Root certificates have been updated. (Ben Noordhuis) https://github.com/nodejs/node/pull/7363 * debugger: The server address is now configurable via `--debug=<address>:<port>`. (Ben Noordhuis) https://github.com/nodejs/node/pull/3316 * npm: Upgraded npm to v3.10.3 (Kat Marchán) https://github.com/nodejs/node/pull/7515 & (Rebecca Turner) https://github.com/nodejs/node/pull/7410 * readline: Added the `prompt` option to the readline constructor. (Evan Lucas) https://github.com/nodejs/node/pull/7125 * repl / vm: `sigint`/`ctrl+c` will now break out of infinite loops without stopping the Node.js instance. (Anna Henningsen) https://github.com/nodejs/node/pull/6635 * src: - Added a `node::FreeEnvironment` public C++ API. (Cheng Zhao) https://github.com/nodejs/node/pull/3098 - Refactored `require('constants')`, constants are now available directly from their respective modules. (James M Snell) https://github.com/nodejs/node/pull/6534 * stream: Improved `readable.read()` performance by up to 70%. (Brian White) https://github.com/nodejs/node/pull/7077 * timers: `setImmediate()` is now up to 150% faster in some situations. (Andras) https://github.com/nodejs/node/pull/6436 * util: Added a `breakLength` option to `util.inspect()` to control how objects are formatted across lines. (cjihrig) https://github.com/nodejs/node/pull/7499 * v8-inspector: Experimental support has been added for debugging Node.js over the inspector protocol. (Ali Ijaz Sheikh) https://github.com/nodejs/node/pull/6792 - Note: This feature is experimental, and it could be altered or removed. - You can try this feature by running Node.js with the `--inspect` flag. Refs: https://github.com/nodejs/node/pull/7441 PR-URL: https://github.com/nodejs/node/pull/7550	9 years ago
Myles Borins	21535e851c	2016-06-28, Version 4.4.7 'Argon' (LTS) This LTS release comes with 89 commits. This includes 46 commits that are docs related, 11 commits that are test related, 8 commits that are build related, and 4 commits that are benchmark related. Notable Changes: - debugger: - All properties of an array (aside from length) can now be printed in the repl (cjihrig) https://github.com/nodejs/node/pull/6448 - npm: - Upgrade npm to 2.15.8 (Rebecca Turner) https://github.com/nodejs/node/pull/7412 - stream: - Fix for a bug that became more prevalent with the stream changes that landed in v4.4.5. (Anna Henningsen) https://github.com/nodejs/node/pull/7160 - V8: - Fix for a bug in crankshaft that was causing crashes on arm64 (Myles Borins) https://github.com/nodejs/node/pull/7442 - Add missing classes to postmortem info such as JSMap and JSSet (evan.lucas) https://github.com/nodejs/node/pull/3792	9 years ago
Myles Borins	9744928cf5	doc: fix layout problem in v4 changelog The current layout is breaking the release post tool. This commit also removed erroneous entires in the main CHANGELOG for v4.4.6 and v5.12.0. PR-URL: https://github.com/nodejs/node/pull/7394 Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>	9 years ago
Evan Lucas	6a9438343b	2016-06-23, Version 5.12.0 (Stable) Notable changes: This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases for details on patched vulnerabilities. * buffer * backport allocUnsafeSlow (Сковорода Никита Андреевич) [#7169](https://github.com/nodejs/node/pull/7169) * ignore negative allocation lengths (Anna Henningsen) [#7221](https://github.com/nodejs/node/pull/7221) * deps: backport 3a9bfec from v8 upstream (Ben Noordhuis) [nodejs/node-private#40](https://github.com/nodejs/node-private/pull/40) * Fixes a Buffer overflow vulnerability discovered in v8. More details can be found in the CVE (CVE-2016-1699). PR-URL: https://github.com/nodejs/node-private/pull/51	9 years ago
Rod Vagg	fb146cecc3	2016-06-23 Version 0.12.15 (Maintenance) Release This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/ for details on patched vulnerabilities. Notable changes: * libuv: (CVE-2014-9748) Fixes a bug in the read/write locks implementation for Windows XP and Windows 2003 that can lead to undefined and potentially unsafe behaviour. More information can be found at https://github.com/libuv/libuv/issues/515 or at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/. * V8: (CVE-2016-1669) Fixes a potential Buffer overflow vulnerability discovered in V8, more details can be found in the CVE at https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669 or at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/. PR-URL: https://github.com/nodejs/node-private/pull/53	9 years ago
Rod Vagg	71b29bb8a9	2016-06-23 Version 0.10.46 (Maintenance) Release This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/ for details on patched vulnerabilities. Notable changes: * libuv: (CVE-2014-9748) Fixes a bug in the read/write locks implementation for Windows XP and Windows 2003 that can lead to undefined and potentially unsafe behaviour. More information can be found at https://github.com/libuv/libuv/issues/515 or at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/. * V8: (CVE-2016-1669) Fixes a potential Buffer overflow vulnerability discovered in V8, more details can be found in the CVE CVE-2016-1669 at https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669 or at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/. Commits: * [`3374f57973`] - deps: update libuv to 0.10.37 (Saúl Ibarra Corretgé) https://github.com/nodejs/node/pull/7293 * [`fcb9145e29`] - deps: backport 3a9bfec from v8 upstream (Myles Borins) https://github.com/nodejs/node-private/pull/43 PR-URL: https://github.com/nodejs/node-private/pull/52	9 years ago
Myles Borins	a9c34aeae7	2016-06-23, Version 4.4.6 'Argon' (LTS) This is an important security release. All Node.js users should consult the security release summary at nodejs.org for details on patched vulnerabilities. This release is specifically related to a Buffer overflow vulnerability discovered in v8, more details can be found in the CVE https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669 PR-URL: https://github.com/nodejs/node-private/pull/41	9 years ago
Evan Lucas	e427150e75	2016-06-17, Version 6.2.2 (Current) Release Notable changes: * http: - req.read(0) could cause incoming connections to stall and time out under certain conditions. (Fedor Indutny) [#7211](https://github.com/nodejs/node/pull/7211) - When freeing the socket to be reused in keep-alive Agent wait for both prefinish and end events. Otherwise the next request may be written before the previous one has finished sending the body, leading to a parser errors. (Fedor Indutny) [#7149](https://github.com/nodejs/node/pull/7149) * npm: upgrade npm to 3.9.5 (Kat Marchán) [#7139](https://github.com/nodejs/node/pull/7139) PR-URL: https://github.com/nodejs/node/pull/7323	9 years ago
Rod Vagg	daafe2c65e	2016-06-02, Version 6.2.1 (Current) * buffer: Ignore negative lengths in calls to Buffer() and Buffer.allocUnsafe(). This fixes a possible security concern (reported by Feross Aboukhadijeh) where user input is passed unchecked to the Buffer constructor or allocUnsafe() as it can expose parts of the memory slab used by other Buffers in the application. Note that negative lengths are not supported by the Buffer API and user input to the constructor should always be sanitised and type-checked. (Anna Henningsen) https://github.com/nodejs/node/pull/7030 * npm: Upgrade npm to 3.9.3 (Kat Marchán) https://github.com/nodejs/node/pull/7030 * tty: Default to blocking mode for stdio on OS X. A bug fix in libuv 1.9.0, introduced in Node.js v6.0.0, exposed problems with Node's use of non-blocking stdio, particularly on OS X which has a small output buffer. This change should fix CLI applications that have been having problems with output since Node.js v6.0.0 on OS X. The core team is continuing to address stdio concerns that exist across supported platforms and progress can be tracked at https://github.com/nodejs/node/pull/6980. (Jeremiah Senkpiel) https://github.com/nodejs/node/pull/6895 * V8: Upgrade to V8 5.0.71.52. This includes a fix that addresses problems experienced by users of node-inspector since Node.js v6.0.0, see https://github.com/nodejs/node/issues/6980 for details. (Michaël Zasso) https://github.com/nodejs/node/pull/6928	9 years ago
Anna Henningsen	b5f76dbd3e	doc: fix broken references in changelogs Some references to a few versions were broken, likely in part due to the transition to a split changelog format. PR-URL: https://github.com/nodejs/node/pull/6942 Reviewed-By: Myles Borins <myles.borins@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Roman Reiss <me@silverwind.io>	9 years ago
Myles Borins	e03c32696e	2016-05-24, Version 4.4.5 'Argon' (LTS) Notable changes: * buffer: * Buffer no longer errors if you call lastIndexOf with a search term longer than the buffer (Anna Henningsen) https://github.com/nodejs/node/pull/6511 * contextify: * Context objects are now properly garbage collected, this solves a problem some individuals were experiencing with extreme memory growth (Ali Ijaz Sheikh) https://github.com/nodejs/node/pull/6871 * deps: * update npm to 2.15.5 (Rebecca Turner) https://github.com/nodejs/node/pull/6663 * http: * Invalid status codes can no longer be sent. Limited to 3 digit numbers between 100 - 999 (Brian White) https://github.com/nodejs/node/pull/6291	9 years ago
Evan Lucas	26120e2eb0	2016-05-17, Version 6.2.0 (Stable) - buffer: fix lastIndexOf and indexOf in various edge cases (Anna Henningsen) [#6511](https://github.com/nodejs/node/pull/6511) - child_process: use /system/bin/sh on android (Ben Noordhuis) [#6745](https://github.com/nodejs/node/pull/6745) - deps: - upgrade npm to 3.8.9 (Rebecca Turner) [#6664](https://github.com/nodejs/node/pull/6664) - upgrade to V8 5.0.71.47 (Ali Ijaz Sheikh) [#6572](https://github.com/nodejs/node/pull/6572) - upgrade libuv to 1.9.1 (Saúl Ibarra Corretgé) [#6796](https://github.com/nodejs/node/pull/6796) - Intl: ICU 57 bump (Steven R. Loomis) [#6088](https://github.com/nodejs/node/pull/6088) - repl: - copying tabs shouldn't trigger completion (Eugene Obrezkov) [#5958](https://github.com/nodejs/node/pull/5958) - exports `Recoverable` (Blake Embrey) [#3488](https://github.com/nodejs/node/pull/3488) - src: add O_NOATIME constant (Rich Trott) [#6492](https://github.com/nodejs/node/pull/6492) - src,module: add --preserve-symlinks command line flag (James M Snell) [#6537](https://github.com/nodejs/node/pull/6537) - util: adhere to `noDeprecation` set at runtime (Anna Henningsen) [#6683](https://github.com/nodejs/node/pull/6683) As of this release the 6.X line now includes 64-bit binaries for Linux on Power Systems running in big endian mode in addition to the existing 64-bit binaries for running in little endian mode. PR-URL: https://github.com/nodejs/node/pull/6810	9 years ago
James M Snell	c663a6db05	doc: refactor the changelog by version The changelog was getting rather huge and difficult to manage. It also wasn't very useful in terms of being able to quickly find specific Node.js versions, or tracking the history for a single major release stream. This reorganizes the changelog by versions separated out over multiple files. An index of the most recent versions is provided in the main log. PR-URL: https://github.com/nodejs/node/pull/6503 Reviewed-By: Myles Borins <myles.borins@gmail.com> Reviewed-By: Robert Lindstaedt <robert.lindstaedt@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org> Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>	9 years ago
Rod Vagg	98b534ff5a	2016-05-06 Version 0.12.14 (Maintenance) Release Notable changes: * npm: Correct erroneous version number in v2.15.1 code (Forrest L Norvell) https://github.com/nodejs/node/pull/5988 * openssl: Upgrade to v1.0.1t, addressing security vulnerabilities (Shigeki Ohtsu) https://github.com/nodejs/node/pull/6553 - Fixes CVE-2016-2107 "Padding oracle in AES-NI CBC MAC check" - Fixes CVE-2016-2105 "EVP_EncodeUpdate overflow" - See https://nodejs.org/en/blog/vulnerability/openssl-may-2016/ for full details	9 years ago
Rod Vagg	1ec421e122	2016-05-06 Version 0.10.45 (Maintenance) Release Notable changes: * npm: Correct erroneous version number in v2.15.1 code (Forrest L Norvell) https://github.com/nodejs/node/pull/5987 * openssl: Upgrade to v1.0.1t, addressing security vulnerabilities (Shigeki Ohtsu) https://github.com/nodejs/node/pull/6553 - Fixes CVE-2016-2107 "Padding oracle in AES-NI CBC MAC check" - Fixes CVE-2016-2105 "EVP_EncodeUpdate overflow" - See https://nodejs.org/en/blog/vulnerability/openssl-may-2016/ for full details	9 years ago
Myles Borins	2bceda6493	doc: get rid of sneaky hard tabs in CHANGELOG My editor did something strange. Sorry about that PR-URL: https://github.com/nodejs/node/pull/6608 Reviewed-By: Colin Ihrig <cjihrig@gmail.com>	9 years ago
Myles Borins	7c7e50f813	2016-05-05, Version 4.4.4 'Argon' (LTS) Notable changes * deps: * update openssl to 1.0.2h. (Shigeki Ohtsu) [#6551](https://github.com/nodejs/node/pull/6551) - Please see our blog postfor more info on the security contents of this release. https://nodejs.org/en/blog/vulnerability/openssl-may-2016/ PR-URL: https://github.com/nodejs/node/pull/6583 Reviewed-By: James M Snell <jasnell@gmail.com>	9 years ago
Jeremiah Senkpiel	b9ceb42ae2	2016-05-05, Version 6.1.0 (Current) * assert: `deep{Strict}Equal()` now works correctly with circular references. (Rich Trott) https://github.com/nodejs/node/pull/6432 * debugger: Arrays are now formatted correctly in the debugger repl. (cjihrig) https://github.com/nodejs/node/pull/6448 * deps: Upgrade OpenSSL sources to 1.0.2h (Shigeki Ohtsu) https://github.com/nodejs/node/pull/6550 - Please see our blog post for more info on the security contents of this release: - https://nodejs.org/en/blog/vulnerability/openssl-may-2016/ * net: Introduced a `Socket#connecting` property. (Fedor Indutny) https://github.com/nodejs/node/pull/6404 - Previously this information was only available as the undocumented, internal `_connecting` property. * process: Introduced `process.cpuUsage()`. (Patrick Mueller) https://github.com/nodejs/node/pull/6157 * stream: `Writable#setDefaultEncoding()` now returns `this`. (Alexander Makarenko) https://github.com/nodejs/node/pull/5040 * util: Two new additions to `util.inspect()`: - Added a `maxArrayLength` option to truncate the formatting of Arrays. (James M Snell) https://github.com/nodejs/node/pull/6334 - This is set to `100` by default. - Added a `showProxy` option for formatting proxy intercepting handlers. (James M Snell) https://github.com/nodejs/node/pull/6465 - Inspecting proxies is non-trivial and as such this is off by default. PR-URL: https://github.com/nodejs/node/pull/6557	9 years ago
Evan Lucas	a465627210	2016-05-05, Version 5.11.1 (Stable) Notable changes * buffer: safeguard against accidental kNoZeroFill (Сковорода Никита Андреевич) [nodejs/node-private#35](https://github.com/nodejs/node-private/pull/35) * deps: upgrade openssl sources to 1.0.2h (Shigeki Ohtsu) [#6552](https://github.com/nodejs/node/pull/6552)	9 years ago
James M Snell	b8f035b07c	doc: fix v6 changelog Not quite sure how, but quite a few of the commits were missing from the original changelog generated for v6 relative to v5.11.0. This updates the change log. PR-URL: https://github.com/nodejs/node/pull/6435 Reviewed-By: Myles Borins <myles.borins@gmail.com> Reviewed-By: Evan Lucas <evanlucas@me.com>	9 years ago
Myles Borins	cc5d9767af	meta: split CHANGELOG into two files The unfortunate has happened, our CHANGELOG is now over 1 MB and cannot be viewed on github. This commit breaks the CHANGELOG into two files so that we can continue to show our changes rendered in the github UI. Closes: https://github.com/nodejs/node/issues/5533 PR-URL: https://github.com/nodejs/node/pull/6337 Reviewed-By: Claudio Rodriguez <cjrodr@yahoo.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Roman Reiss <me@silverwind.io>	9 years ago
James M Snell	1a29a5773a	2016-04-26, Version 6.0.0 (Current) Release The following significant (semver-major) changes have been made since the previous Node v5.0.0 release. * Buffer * New Buffer constructors have been added [#4682](https://github.com/nodejs/node/pull/4682) * Previously deprecated Buffer APIs are removed [#5048](https://github.com/nodejs/node/pull/5048), [#4594](https://github.com/nodejs/node/pull/4594) * Improved error handling [#4514](https://github.com/nodejs/node/pull/4514) * Cluster * Worker emitted as first argument in 'message' event [#5361](https://github.com/nodejs/node/pull/5361). * Crypto * Improved error handling [#3100](https://github.com/nodejs/node/pull/3100), [#5611](https://github.com/nodejs/node/pull/5611) * Simplified Certificate class bindings [#5382](https://github.com/nodejs/node/pull/5382) * Improved control over FIPS mode [#5181](https://github.com/nodejs/node/pull/5181) * pbkdf2 digest overloading is deprecated [#4047](https://github.com/nodejs/node/pull/4047) * Dependencies * Reintroduce shared c-ares build support [#5775](https://github.com/nodejs/node/pull/5775). * V8 updated to 5.0.71.31 [#6111](https://github.com/nodejs/node/pull/6111). * DNS * Add resolvePtr API to query plain DNS PTR records [#4921](https://github.com/nodejs/node/pull/4921). * Domains * Clear stack when no error handler [#4659](https://github.com/nodejs/node/pull/4659). * File System * The `fs.realpath()` and `fs.realpathSync()` methods have been updated to use a more efficient libuv implementation. This change includes the removal of the `cache` argument and the method can throw new errors [#3594](https://github.com/nodejs/node/pull/3594) * FS apis can now accept and return paths as Buffers [#5616](https://github.com/nodejs/node/pull/5616). * Error handling and type checking improvements [#5616](https://github.com/nodejs/node/pull/5616), [#5590](https://github.com/nodejs/node/pull/5590), [#4518](https://github.com/nodejs/node/pull/4518), [#3917](https://github.com/nodejs/node/pull/3917). * fs.read's string interface is deprecated [#4525](https://github.com/nodejs/node/pull/4525) * HTTP * 'clientError' can now be used to return custom errors from an HTTP server [#4557](https://github.com/nodejs/node/pull/4557). * Modules * Current directory is now prioritized for local lookups [#5689](https://github.com/nodejs/node/pull/5689) * Symbolic links are preserved when requiring modules [#5950](https://github.com/nodejs/node/pull/5950) * Net * DNS hints no longer implicitly set [#6021](https://github.com/nodejs/node/pull/6021). * Improved error handling and type checking [#5981](https://github.com/nodejs/node/pull/5981), [#5733](https://github.com/nodejs/node/pull/5733), [#2904](https://github.com/nodejs/node/pull/2904) * OS X * MACOSX_DEPLOYMENT_TARGET has been bumped up to 10.7 [#6402](https://github.com/nodejs/node/pull/6402). * Path * Improved type checking [#5348](https://github.com/nodejs/node/pull/5348). * Process * Introduce process warnings API [#4782](https://github.com/nodejs/node/pull/4782). * Throw exception when non-function passed to nextTick [#3860](https://github.com/nodejs/node/pull/3860). * Readline * Emit key info unconditionally [#6024](https://github.com/nodejs/node/pull/6024) * REPL * Assignment to `_` will emit a warning. [#5535](https://github.com/nodejs/node/pull/5535) * Timers * Fail early when callback is not a function [#4362](https://github.com/nodejs/node/pull/4362) * TLS * Rename 'clientError' to 'tlsClientError' [#4557](https://github.com/nodejs/node/pull/4557) * SHA1 used for sessionIdContext [#3866](https://github.com/nodejs/node/pull/3866) * TTY * Previously deprecated setRawMode wrapper is removed [#2528](https://github.com/nodejs/node/pull/2528). * Util * Changes to Error object formatting [#4582](https://github.com/nodejs/node/pull/4582). * Windows * Windows XP and Vista are no longer supported [#5167](https://github.com/nodejs/node/pull/5167), [#5167](https://github.com/nodejs/node/pull/5167).	9 years ago
Minqi Pan	879aeb5e49	doc: add Minqi Pan to collaborators Also changed alias P.S.V.R to Minqi Pan. Reviewed-By: Johan Bergström <bugs@bergstroem.nu> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com> PR-URL: https://github.com/nodejs/node/pull/6387	9 years ago
Myles Borins	1fa8fce210	2016-04-20, Version 5.11.0 (Stable) Release Buffer: * Buffer.prototype.compare can now compare sub-ranges of two Buffers (James M Snell) https://github.com/nodejs/node/pull/5880 deps: * update to http-parser 2.7.0 (Fedor Indutny) https://github.com/nodejs/node/pull/6279 * update ESLint to 2.7.0 (silverwind) https://github.com/nodejs/node/pull/6132 net: * adds support for passing DNS lookup hints to createConnection() (Colin Ihrig) https://github.com/nodejs/node/pull/6000 node: * Make the builtin libraries available for the --eval and --print CLI options (Anna Henningsen) https://github.com/nodejs/node/pull/6207 npm: * upgrade npm to 3.8.6 (Kat Marchán) https://github.com/nodejs/node/pull/6153 repl: * Pressing enter in the repl will repeat the last command by default if no input has been received. This behaviour was in node previously and was not removed intentionally. (Rich Trott) https://github.com/nodejs/node/pull/6090 src: * add SIGINFO to supported signals (James Reggio) https://github.com/nodejs/node/pull/6093 streams: * Fix a regression that caused by net streams requesting multiple chunks synchronously when combined with cork/uncork (Matteo Collina) https://github.com/nodejs/node/pull/6164 zlib: * The flushing flag is now configurable allowing for decompression of partial data (Anna Henningsen) https://github.com/nodejs/node/pull/6069 PR-URL: https://github.com/nodejs/node/pull/6322	9 years ago
Vladimir Varankin	31524d7310	doc: fix a typo in 5.10.1's changelog PR-URL: https://github.com/nodejs/node/pull/6076 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Roman Klauke <romaaan.git@gmail.com> Reviewed-By: Myles Borins <myles.borins@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>	9 years ago
Myles Borins	82d57d39ae	2016-04-05, Version 5.10.1 (Stable) Release Notable changes: http: * Enclose IPv6 Host header in square brackets. This will enable proper seperation of the host adress from any port reference (Mihai Potra) https://github.com/nodejs/node/pull/5314 path: * Make win32.isAbsolute more consistent (Brian White) https://github.com/nodejs/node/pull/6028 PR-URL: https://github.com/nodejs/node/pull/6060 Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>	9 years ago
Rod Vagg	5fc6938cff	2016-03-31 Version 0.10.44 (Maintenance) Release Notable changes: * npm: Upgrade to v2.15.1. IMPORTANT: This is a major upgrade to npm v2 LTS from the previously deprecated npm v1. (Forrest L Norvell) * npm: Upgrade to v2.15.1. Fixes a security flaw in the use of authentication tokens in HTTP requests that would allow an attacker to set up a server that could collect tokens from users of the command-line interface. Authentication tokens have previously been sent with every request made by the CLI for logged-in users, regardless of the destination of the request. This update fixes this by only including those tokens for requests made against the registry or registries used for the current install. IMPORTANT: This is a major upgrade to npm v2 LTS from the previously deprecated npm v1. (Forrest L Norvell) https://github.com/nodejs/node/pull/5967 * openssl: OpenSSL v1.0.1s disables the EXPORT and LOW ciphers as they are obsolete and not considered safe. This release of Node.js turns on `OPENSSL_NO_WEAK_SSL_CIPHERS` to fully disable the 27 ciphers included in these lists which can be used in SSLv3 and higher. Full details can be found in our LTS discussion on the matter (https://github.com/nodejs/LTS/issues/85). (Shigeki Ohtsu) https://github.com/nodejs/node/pull/5712 PR-URL: https://github.com/nodejs/node/pull/5968	9 years ago
Rod Vagg	4882ec4e36	2016-03-31 Version 0.12.13 (LTS) Release Notable changes: * npm: Upgrade to v2.15.1. Fixes a security flaw in the use of authentication tokens in HTTP requests that would allow an attacker to set up a server that could collect tokens from users of the command-line interface. Authentication tokens have previously been sent with every request made by the CLI for logged-in users, regardless of the destination of the request. This update fixes this by only including those tokens for requests made against the registry or registries used for the current install. (Forrest L Norvell) https://github.com/nodejs/node/pull/5967 * openssl: OpenSSL v1.0.1s disables the EXPORT and LOW ciphers as they are obsolete and not considered safe. This release of Node.js turns on `OPENSSL_NO_WEAK_SSL_CIPHERS` to fully disable the 27 ciphers included in these lists which can be used in SSLv3 and higher. Full details can be found in our LTS discussion on the matter (https://github.com/nodejs/LTS/issues/85). (Shigeki Ohtsu) https://github.com/nodejs/node/pull/5712 PR-URL: https://github.com/nodejs/node/pull/5967	9 years ago
Evan Lucas	64c87e2cf4	2016-03-31 Version 5.10.0 (Stable) Release Notable changes: * buffer: * make byteLength work with ArrayBuffer & DataView (Jackson Tian) [#5255](https://github.com/nodejs/node/pull/5255) * backport --zero-fill-buffers command line option (James M Snell) [#5744](https://github.com/nodejs/node/pull/5744) * backport new buffer constructor APIs (James M Snell) [#5763](https://github.com/nodejs/node/pull/5763) * add swap16() and swap32() methods (James M Snell) [#5724](https://github.com/nodejs/node/pull/5724) * fs: add the fs.mkdtemp() function. (Florian MARGAINE) [#5333](https://github.com/nodejs/node/pull/5333) * net: emit host in lookup event (HUANG Wei) [#5598](https://github.com/nodejs/node/pull/5598) * node: --no-browser-globals configure flag (Fedor Indutny) [#5853](https://github.com/nodejs/node/pull/5853) * npm: Upgrade to v3.8.3. Fixes a security flaw in the use of authentication tokens in HTTP requests that would allow an attacker to set up a server that could collect tokens from users of the command-line interface. Authentication tokens have previously been sent with every request made by the CLI for logged-in users, regardless of the destination of the request. This update fixes this by only including those tokens for requests made against the registry or registries used for the current install. (Forrest L Norvell) [npm/node#6](https://github.com/npm/node/pull/6) * repl: support standalone blocks (Prince J Wesley) [#5581](https://github.com/nodejs/node/pull/5581) * src: override v8 thread defaults using cli options (Tom Gallacher) [#4344](https://github.com/nodejs/node/pull/4344) PR-URL: https://github.com/nodejs/node/pull/5970	9 years ago
Myles Borins	05510211a6	2016-03-31, Version v4.4.2 'Argon' (LTS) Notable Changes * https: - Under certain conditions ssl sockets may have been causing a memory leak when keepalive is enabled. This is no longer the case. - (Alexander Penev) https://github.com/nodejs/node/pull/5713 * lib: - The way that we were internally passing arguments was causing a potential leak. By copying the arguments into an array we can avoid this - (Nathan Woltman) https://github.com/nodejs/node/pull/4361 * npm: - Upgrade to v2.15.1. Fixes a security flaw in the use of authentication tokens in HTTP requests that would allow an attacker to set up a server that could collect tokens from users of the command-line interface. Authentication tokens have previously been sent with every request made by the CLI for logged-in users, regardless of the destination of the request. This update fixes this by only including those tokens for requests made against the registry or registries used for the current install. (Forrest L Norvell) * repl: - Previously if you were using the repl in strict mode the column number would be wrong in a stack trace. This is no longer an issue. - (Prince J Wesley) https://github.com/nodejs/node/pull/5416 PR-URL: https://github.com/nodejs/node/pull/5961	9 years ago
Jeremiah Senkpiel	80ec0cc4d8	2016-03-23, Version 5.9.1 (Stable) Notable changes: * buffer: Now properly throws RangeErrors on out-of-bounds writes (Matt Loring) https://github.com/nodejs/node/pull/5605 - This effects write{Float\|Double} when the noAssert option is not used. * timers: - Returned timeout objects now have a Timeout constructor name (Jeremiah Senkpiel) https://github.com/nodejs/node/pull/5793 - Performance of Immediate processing is now ~20-40% faster (Brian White) https://github.com/nodejs/node/pull/4169 * vm: Fixed a contextify regression introduced in v5.9.0 (Ali Ijaz Sheikh) https://github.com/nodejs/node/pull/5800 PR-URL: https://github.com/nodejs/node/pull/5831	9 years ago
Myles Borins	2c672891e1	2016-03-22, Version v4.4.1 'Argon' (LTS) This LTS release comes with 113 commits, 56 of which are doc related, 18 of which are build / tooling related, 16 of which are test related and 7 which are benchmark related. Notable Changes: * build: - Updated Logos for the OSX + Windows installers - (Rod Vagg) https://github.com/nodejs/node/pull/5401 - (Robert Jefe Lindstaedt) https://github.com/nodejs/node/pull/5531 - New option to select your VS Version in the Windows installer - (julien.waechter) https://github.com/nodejs/node/pull/4645 - Support Visual C++ Build Tools 2015 - (João Reis) https://github.com/nodejs/node/pull/5627 * tools: - Gyp now works on OSX without XCode - (Shigeki Ohtsu) https://github.com/nodejs/node/pull/1325 PR-URL: https://github.com/nodejs/node/pull/5835	9 years ago
Evan Lucas	e7039dbd94	2016-03-16, Version 5.9.0 (Stable) Notable changes: * contextify: Fixed a memory consumption issue related to heavy use of `vm.createContext` and `vm.runInNewContext`. (Ali Ijaz Sheikh) https://github.com/nodejs/node/pull/5392 * governance: The following members have been added as collaborators: - Andreas Madsen (@AndreasMadsen) - Benjamin Gruenbaum (@benjamingr) - Claudio Rodriguez (@claudiorodriguez) - Glen Keane (@thekemkid) - Jeremy Whitlock (@whitlockjc) - Matt Loring (@matthewloring) - Phillip Johnsen (@phillipj) * lib: copy arguments object instead of leaking it (Nathan Woltman) https://github.com/nodejs/node/pull/4361 * src: allow combination of -i and -e cli flags (Rich Trott) https://github.com/nodejs/node/pull/5655 * v8: backport fb4ccae from v8 upstream (Vladimir Krivosheev) #4231 - breakout events from v8 to offer better support for external debuggers * zlib: add support for concatenated members (Kári Tristan Helgason) https://github.com/nodejs/node/pull/5120 PR-URL: https://github.com/nodejs/node/pull/5702	9 years ago
Jeremiah Senkpiel	3c8475241d	2016-03-08, Version 5.8.0 (Stable) Notable changes: * child_process: “send()” now accepts an options parameter (cjihrig) https://github.com/nodejs/node/pull/5283 - Currently the only option is “keepOpen”, which keeps the underlying socket open after the message is sent. * constants: “ENGINE_METHOD_RSA” is now correctly exposed (Sam Roberts) https://github.com/nodejs/node/pull/5463 * Fixed two regressions which originated in v5.7.0: - http: Errors inside of http client callbacks now propagate correctly (Trevor Norris) https://github.com/nodejs/node/pull/5591 - path: Fixed normalization of absolute paths (Evan Lucas) https://github.com/nodejs/node/pull/5589 * repl: “start()” no longer requires an options parameter (cjihrig) https://github.com/nodejs/node/pull/5388 * util: Improved “format()” performance 50-300% (Evan Lucas) https://github.com/nodejs/node/pull/5360 PR-URL: https://github.com/nodejs/node/pull/5559	9 years ago
Myles Borins	9277aed48a	2016-03-08, Version 4.4.0 'Argon' (LTS) In December we announced that we would be doing a minor release in order to get a number of voted on SEMVER-MINOR changes into LTS. Our ability to release this was delayed due to the unforeseen security release v4.3. We are quickly bumping to v4.4 in order to bring you the features that we had committed to releasing. This release also includes over 70 fixes to our docs and over 50 fixes to tests. The SEMVER-MINOR changes include: * deps: - An update to v8 that introduces a new flag --perf_basic_prof_only_functions (Ali Ijaz Sheikh) https://github.com/nodejs/node/pull/3609 * http: - A new feature in http(s) agent that catches errors on keep alived connections (José F. Romaniello) https://github.com/nodejs/node/pull/4482 * src: - Better support for Big-Endian systems (Bryon Leung) https://github.com/nodejs/node/pull/3410 * tls: - A new feature that allows you to pass common SSL options to `tls.createSecurePair` (Коренберг Марк) https://github.com/nodejs/node/pull/2441 * tools - a new flag `--prof-process` which will execute the tick processor on the provided isolate files (Matt Loring) https://github.com/nodejs/node/pull/4021 Notable semver patch changes include: * buld: - Support python path that includes spaces. This should be of particular interest to our Windows users who may have python living in `c:/Program Files` (Felix Becker) https://github.com/nodejs/node/pull/4841 * https: - A potential fix for https://github.com/nodejs/node/issues/3692 HTTP/HTTPS client requests throwing EPROTO (Fedor Indutny) https://github.com/nodejs/node/pull/4982 * installer: - More readable profiling information from isolate tick logs (Matt Loring) https://github.com/nodejs/node/pull/3032 * npm: - upgrade to npm 2.14.20 (Kat Marchán) https://github.com/nodejs/node/pull/5510 process: - Add support for symbols in event emitters. Symbols didn't exist when it was written ¯\_(ツ)_/¯ (cjihrig) https://github.com/nodejs/node/pull/4798 * querystring: - querystring.parse() is now 13-22% faster! (Brian White) https://github.com/nodejs/node/pull/4675 * streams: - performance improvements for moving small buffers that shows a 5% throughput gain. IoT projects have been seen to be as much as 10% faster with this change! (Matteo Collina) https://github.com/nodejs/node/pull/4354 * tools: - eslint has been updated to version 2.1.0 (Rich Trott) https://github.com/nodejs/node/pull/5214 PR-URL: https://github.com/nodejs/node/pull/5301	9 years ago
Rod Vagg	46170bca24	2016-03-08 Version 0.12.12 (LTS) Release Notable changes: * openssl: Fully remove SSLv2 support, the `--enable-ssl2` command line argument will now produce an error. The DROWN Attack (https://drownattack.com/) creates a vulnerability where SSLv2 is enabled by a server, even if a client connection is not using SSLv2. The SSLv2 protocol is widely considered unacceptably broken and should not be supported. More information is available at https://www.openssl.org/news/vulnerabilities.html#2016-0800 Note that the upgrade to OpenSSL 1.0.1s in Node.js v0.12.11 removed internal SSLv2 support. The change in this release was originally intended for v0.12.11. The `--enable-ssl2` command line argument now produces an error rather than being a no-op. PR-URL: https://github.com/nodejs/nodejs.org/pull/562	9 years ago
Rod Vagg	8938355398	2016-03-04 Version 0.10.43 (Maintenance) Release Notable changes: * http_parser: Update to http-parser 1.2 to fix an unintentionally strict limitation of allowable header characters. (James M Snell) https://github.com/nodejs/node/pull/5242 * domains: - Prevent an exit due to an exception being thrown rather than emitting an 'uncaughtException' event on the `process` object when no error handler is set on the domain within which an error is thrown and an 'uncaughtException' event listener is set on `process`. (Julien Gilli) https://github.com/nodejs/node/pull/3887 - Fix an issue where the process would not abort in the proper function call if an error is thrown within a domain with no error handler and `--abort-on-uncaught-exception` is used. (Julien Gilli) https://github.com/nodejs/node/pull/3887 * openssl: Upgrade from 1.0.1r to 1.0.1s (Ben Noordhuis) https://github.com/nodejs/node/pull/5508 - Fix a double-free defect in parsing malformed DSA keys that may potentially be used for DoS or memory corruption attacks. It is likely to be very difficult to use this defect for a practical attack and is therefore considered low severity for Node.js users. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0705 - Fix a defect that can cause memory corruption in certain very rare cases relating to the internal `BN_hex2bn()` and `BN_dec2bn()` functions. It is believed that Node.js is not invoking the code paths that use these functions so practical attacks via Node.js using this defect are _unlikely_ to be possible. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0797 - Fix a defect that makes the CacheBleed Attack (https://ssrg.nicta.com.au/projects/TS/cachebleed/) possible. This defect enables attackers to execute side-channel attacks leading to the potential recovery of entire RSA private keys. It only affects the Intel Sandy Bridge (and possibly older) microarchitecture when using hyper-threading. Newer microarchitectures, including Haswell, are unaffected. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0702 - Remove SSLv2 support, the `--enable-ssl2` command line argument will now produce an error. The DROWN Attack (https://drownattack.com/) creates a vulnerability where SSLv2 is enabled by a server, even if a client connection is not using SSLv2. The SSLv2 protocol is widely considered unacceptably broken and should not be supported. More information is available at https://www.openssl.org/news/vulnerabilities.html#2016-0800 PR-URL: https://github.com/nodejs/node/pull/5404	9 years ago
Rod Vagg	4f08540b73	2016-03-03 Version 0.12.11 (LTS) Release Notable changes: * http_parser: Update to http-parser 2.3.2 to fix an unintentionally strict limitation of allowable header characters. (James M Snell) https://github.com/nodejs/node/pull/5241 * domains: - Prevent an exit due to an exception being thrown rather than emitting an 'uncaughtException' event on the `process` object when no error handler is set on the domain within which an error is thrown and an 'uncaughtException' event listener is set on `process`. (Julien Gilli) https://github.com/nodejs/node/pull/3885 - Fix an issue where the process would not abort in the proper function call if an error is thrown within a domain with no error handler and `--abort-on-uncaught-exception` is used. (Julien Gilli) https://github.com/nodejs/node/pull/3885 * openssl: Upgrade from 1.0.2f to 1.0.2g (Ben Noordhuis) https://github.com/nodejs/node/pull/5509 - Fix a double-free defect in parsing malformed DSA keys that may potentially be used for DoS or memory corruption attacks. It is likely to be very difficult to use this defect for a practical attack and is therefore considered low severity for Node.js users. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0705 - Fix a defect that can cause memory corruption in certain very rare cases relating to the internal `BN_hex2bn()` and `BN_dec2bn()` functions. It is believed that Node.js is not invoking the code paths that use these functions so practical attacks via Node.js using this defect are _unlikely_ to be possible. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0797 - Fix a defect that makes the CacheBleed Attack (https://ssrg.nicta.com.au/projects/TS/cachebleed/) possible. This defect enables attackers to execute side-channel attacks leading to the potential recovery of entire RSA private keys. It only affects the Intel Sandy Bridge (and possibly older) microarchitecture when using hyper-threading. Newer microarchitectures, including Haswell, are unaffected. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0702 PR-URL: https://github.com/nodejs/node/pull/5403	9 years ago
Jeremiah Senkpiel	9091ccdc2d	2016-03-02, Version 5.7.1 (Stable) Notable changes: * governance: The Core Technical Committee (CTC) added four new members to help guide Node.js core development: Evan Lucas, Rich Trott, Ali Ijaz Sheikh and Сковорода Никита Андреевич (Nikita Skovoroda). * openssl: Upgrade from 1.0.2f to 1.0.2g (Ben Noordhuis) https://github.com/nodejs/node/pull/5507 - Fix a double-free defect in parsing malformed DSA keys that may potentially be used for DoS or memory corruption attacks. It is likely to be very difficult to use this defect for a practical attack and is therefore considered low severity for Node.js users. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0705 - Fix a defect that can cause memory corruption in certain very rare cases relating to the internal `BN_hex2bn()` and `BN_dec2bn()` functions. It is believed that Node.js is not invoking the code paths that use these functions so practical attacks via Node.js using this defect are _unlikely_ to be possible. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0797 - Fix a defect that makes the CacheBleed Attack (https://ssrg.nicta.com.au/projects/TS/cachebleed/) possible. This defect enables attackers to execute side-channel attacks leading to the potential recovery of entire RSA private keys. It only affects the Intel Sandy Bridge (and possibly older) microarchitecture when using hyper-threading. Newer microarchitectures, including Haswell, are unaffected. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0702 * Fixed several regressions that appeared in v5.7.0: - path.relative(): - Output is no longer unnecessarily verbose (Brian White) https://github.com/nodejs/node/pull/5389 - Resolving UNC paths on Windows now works correctly (Owen Smith) https://github.com/nodejs/node/pull/5456 - Resolving paths with prefixes now works correctly from the root directory (Owen Smith) https://github.com/nodejs/node/pull/5490 - url: Fixed an off-by-one error with `parse()` (Brian White) https://github.com/nodejs/node/pull/5394 - dgram: Now correctly handles a default address case when offset and length are specified (Matteo Collina) https://github.com/nodejs/node/pull/5407 PR-URL: https://github.com/nodejs/node/pull/5464	9 years ago

1 2 3 4

163 Commits (41173de77b04ec9b659dc59d6b448556147a410e)