mirror of https://github.com/lukechilds/node.git
Tree:
4198253a18
V8-icu-patch-4.x
archived-io.js-v0.10
archived-io.js-v0.12
canary-base
cpu-docs
master
process-exit-stdio-flushing
v0.10
v0.10-staging
v0.10.0-release
v0.10.1-release
v0.10.10-release
v0.10.11-release
v0.10.12-release
v0.10.13-release
v0.10.14-release
v0.10.15-release
v0.10.16-release
v0.10.17-release
v0.10.18-release
v0.10.19-release
v0.10.2-release
v0.10.20-release
v0.10.21-release
v0.10.22-release
v0.10.23-release
v0.10.24-release
v0.10.25-release
v0.10.26-release
v0.10.27-release
v0.10.28-release
v0.10.29-release
v0.10.3-release
v0.10.30-release
v0.10.31-release
v0.10.32-release
v0.10.33-release
v0.10.34-release
v0.10.35-release
v0.10.36-release
v0.10.37-release
v0.10.38-release
v0.10.39-release
v0.10.4-release
v0.10.5-release
v0.10.6-release
v0.10.7-release
v0.10.8-release
v0.10.9-release
v0.11.0-release
v0.11.1-release
v0.11.10-release
v0.11.11-release
v0.11.12-release
v0.11.13-release
v0.11.14-release
v0.11.15-release
v0.11.16-release
v0.11.2-release
v0.11.3-release
v0.11.4-release
v0.11.5-release
v0.11.6-release
v0.11.7-release
v0.11.8-release
v0.11.9-release
v0.12
v0.12-staging
v0.12.0-release
v0.12.1-release
v0.12.2-release
v0.12.3-release
v0.12.4-release
v0.12.5-release
v0.12.6-release
v0.7.4-release
v0.8.10-release
v0.8.11-release
v0.8.12-release
v0.8.13-release
v0.8.14-release
v0.8.15-release
v0.8.16-release
v0.8.17-release
v0.8.18-release
v0.8.19-release
v0.8.20-release
v0.8.21-release
v0.8.22-release
v0.8.23-release
v0.8.24-release
v0.8.25-release
v0.8.26-release
v0.8.27-release
v0.8.28-release
v0.8.7-release
v0.8.8-release
v0.8.9-release
v0.9.1-release
v0.9.10-release
v0.9.11-release
v0.9.12-release
v0.9.2-release
v0.9.3-release
v0.9.4-release
v0.9.5-release
v0.9.6-release
v0.9.7-release
v0.9.8-release
v0.9.9-release
v1.8.0-commit
v1.x
v2.0.2
v2.3.1-release
v3.x
v4.0.0-rc
v4.8.5-proposal
v4.x
v4.x-staging
v5.x
v6
v6.12.0-proposal
v6.x
v6.x-staging
v7.x
v7.x-staging
v8.x
v8.x-staging
v9.0.0-proposal
v9.x
v9.x-staging
heads/tags/v0.5.6
jenkins-accept-commit-temp2
jenkins-accept-pull-request-temp2
jenkins-test-pull-request-temp
v0.0.1
v0.0.2
v0.0.3
v0.0.4
v0.0.5
v0.0.6
v0.1.0
v0.1.1
v0.1.10
v0.1.100
v0.1.101
v0.1.102
v0.1.103
v0.1.104
v0.1.11
v0.1.12
v0.1.13
v0.1.14
v0.1.15
v0.1.16
v0.1.17
v0.1.18
v0.1.19
v0.1.2
v0.1.20
v0.1.21
v0.1.22
v0.1.23
v0.1.24
v0.1.25
v0.1.26
v0.1.27
v0.1.28
v0.1.29
v0.1.3
v0.1.30
v0.1.31
v0.1.32
v0.1.33
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.1.9
v0.1.90
v0.1.91
v0.1.92
v0.1.93
v0.1.94
v0.1.95
v0.1.96
v0.1.97
v0.1.98
v0.1.99
v0.10.0
v0.10.1
v0.10.10
v0.10.11
v0.10.12
v0.10.13
v0.10.14
v0.10.15
v0.10.16
v0.10.17
v0.10.18
v0.10.19
v0.10.2
v0.10.20
v0.10.21
v0.10.22
v0.10.23
v0.10.24
v0.10.25
v0.10.26
v0.10.27
v0.10.28
v0.10.29
v0.10.3
v0.10.30
v0.10.31
v0.10.32
v0.10.33
v0.10.34
v0.10.35
v0.10.36
v0.10.37
v0.10.38
v0.10.39
v0.10.4
v0.10.40
v0.10.41
v0.10.41-rc.1
v0.10.42
v0.10.43
v0.10.44
v0.10.45
v0.10.46
v0.10.47
v0.10.48
v0.10.5
v0.10.6
v0.10.7
v0.10.8
v0.10.9
v0.11.0
v0.11.1
v0.11.10
v0.11.11
v0.11.12
v0.11.13
v0.11.14
v0.11.15
v0.11.16
v0.11.2
v0.11.3
v0.11.4
v0.11.5
v0.11.6
v0.11.7
v0.11.8
v0.11.9
v0.12.0
v0.12.1
v0.12.10
v0.12.11
v0.12.12
v0.12.13
v0.12.14
v0.12.15
v0.12.16
v0.12.17
v0.12.18
v0.12.2
v0.12.3
v0.12.4
v0.12.5
v0.12.6
v0.12.7
v0.12.8
v0.12.8-rc.1
v0.12.9
v0.2.0
v0.2.1
v0.2.2
v0.2.3
v0.2.4
v0.2.5
v0.2.6
v0.3.0
v0.3.1
v0.3.2
v0.3.3
v0.3.4
v0.3.5
v0.3.6
v0.3.7
v0.3.8
v0.4.0
v0.4.1
v0.4.10
v0.4.11
v0.4.12
v0.4.2
v0.4.3
v0.4.4
v0.4.5
v0.4.6
v0.4.7
v0.4.8
v0.4.9
v0.5.0
v0.5.1
v0.5.10
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.5-rc1
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.6.1
v0.6.10
v0.6.11
v0.6.12
v0.6.13
v0.6.14
v0.6.15
v0.6.16
v0.6.17
v0.6.18
v0.6.19
v0.6.2
v0.6.20
v0.6.21
v0.6.3
v0.6.4
v0.6.5
v0.6.6
v0.6.7
v0.6.8
v0.6.9
v0.7.0
v0.7.1
v0.7.10
v0.7.10-fixed
v0.7.11
v0.7.12
v0.7.2
v0.7.3
v0.7.4
v0.7.5
v0.7.6
v0.7.7
v0.7.8
v0.7.9
v0.8.0
v0.8.1
v0.8.10
v0.8.11
v0.8.12
v0.8.13
v0.8.14
v0.8.15
v0.8.16
v0.8.17
v0.8.18
v0.8.19
v0.8.2
v0.8.20
v0.8.21
v0.8.22
v0.8.23
v0.8.24
v0.8.25
v0.8.26
v0.8.27
v0.8.28
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.8.7
v0.8.8
v0.8.9
v0.9.0
v0.9.1
v0.9.10
v0.9.11
v0.9.12
v0.9.2
v0.9.3
v0.9.4
v0.9.5
v0.9.6
v0.9.7
v0.9.8
v0.9.9
v1.0.0
v1.0.0-release
v1.0.1
v1.0.1-release
v1.0.2
v1.0.2-release
v1.0.3
v1.0.4
v1.1.0
v1.2.0
v1.3.0
v1.4.1
v1.4.2
v1.4.3
v1.5.0
v1.5.1
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.7.0
v1.7.1
v1.8.1
v1.8.2
v1.8.3
v1.8.4
v2.0.0
v2.0.1
v2.0.2
v2.1.0
v2.2.0
v2.2.1
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v2.4.0
v2.5.0
v3.0.0
v3.0.0-rc.3
v3.0.0-rc.4
v3.0.0-rc.5
v3.0.0-rc.6
v3.0.0-rc.7
v3.0.0-rc1
v3.0.0-rc2
v3.1.0
v3.2.0
v3.3.0
v3.3.1
v4.0.0
v4.0.0-rc.1
v4.0.0-rc.2
v4.0.0-rc.3
v4.0.0-rc.4
v4.0.0-rc.5
v4.1.0
v4.1.1
v4.1.2
v4.2.0
v4.2.1
v4.2.2
v4.2.2-rc.1
v4.2.2-rc.2
v4.2.3
v4.2.4
v4.2.4-rc.1
v4.2.5
v4.2.6
v4.3.0
v4.3.1
v4.3.1-rc.1
v4.3.1-rc.2
v4.3.2
v4.4.0
v4.4.0-rc.1
v4.4.0-rc.2
v4.4.0-rc.3
v4.4.0-rc.4
v4.4.1
v4.4.2
v4.4.3
v4.4.4
v4.4.5
v4.4.6
v4.4.7
v4.5.0
v4.6.0
v4.6.1
v4.6.2
v4.7.0
v4.7.1
v4.7.2
v4.7.3
v4.8.0
v4.8.1
v4.8.2
v4.8.3
v4.8.4
v5.0.0
v5.0.0-rc.1
v5.0.0-rc.2
v5.1.0
v5.1.1
v5.10.0
v5.10.1
v5.11.0
v5.11.1
v5.12.0
v5.2.0
v5.3.0
v5.4.0
v5.4.1
v5.5.0
v5.6.0
v5.7.0
v5.7.1
v5.8.0
v5.8.1-rc.1
v5.9.0
v5.9.1
v6.0.0
v6.1.0
v6.10.0
v6.10.1
v6.10.2
v6.10.3
v6.11.0
v6.11.1
v6.11.2
v6.11.3
v6.11.4
v6.2.0
v6.2.1
v6.2.2
v6.3.0
v6.3.1
v6.4.0
v6.5.0
v6.6.0
v6.7.0
v6.8.0
v6.8.1
v6.9.0
v6.9.1
v6.9.2
v6.9.3
v6.9.4
v6.9.5
v7.0.0
v7.1.0
v7.10.0
v7.10.1
v7.2.0
v7.2.1
v7.3.0
v7.4.0
v7.5.0
v7.6.0
v7.7.0
v7.7.1
v7.7.2
v7.7.3
v7.7.4
v7.8.0
v7.9.0
v8.0.0
v8.1.0
v8.1.1
v8.1.2
v8.1.3
v8.1.4
v8.2.0
v8.2.1
v8.3.0
v8.4.0
v8.5.0
v8.6.0
v8.7.0
${ noResults }
181 Commits (4198253a185e20b7a9d0fb363fabacece712200d)
Author | SHA1 | Message | Date |
---|---|---|---|
Myles Borins | b26a469211 |
2017-01-03, Version 4.7.1 'Argon' (LTS)
This LTS release comes with 180 commits. This includes 117 which are test related, 34 which are doc related, 15 which are build / tool related, and 1 commit which is an update to dependencies. Notable Changes: * build: - shared library support is now working for AIX builds (Stewart Addison) https://github.com/nodejs/node/pull/9675 * repl: - Passing options to the repl will no longer overwrite defaults (cjihrig) https://github.com/nodejs/node/pull/7826 * timers: - Re canceling a cancelled timers will no longer throw (Jeremiah Senkpiel) https://github.com/nodejs/node/pull/9685 PR-URL: https://github.com/nodejs/node/pull/10395 |
8 years ago |
Myles Borins | 2bf1c24f6a |
2017-01-03, Version 6.9.3 'Boron' (LTS) Release
This LTS release comes with 312 commits. This includes 229 that are test related, 62 that are docs related, 17 which are build / tools related, and 4 commits which are updates to dependencies. Notable Changes: * build: - shared library support is now working for AIX builds (Stewart Addison) https://github.com/nodejs/node/pull/9675 * deps: - *npm*: upgrade npm to 3.10.10 (Rebecca Turner) https://github.com/nodejs/node/pull/9847 - *V8*: Destructuring of arrow function arguments via computed property no longer throws (Michaël Zasso) https://github.com/nodejs/node/pull/10386) * inspector: - /json/version returns object, not an object wrapped in an array (Ben Noordhuis) https://github.com/nodejs/node/pull/9762 * module: - using --debug-brk and --eval together now works as expected (Kelvin Jin) https://github.com/nodejs/node/pull/8876 * process: - improve performance of nextTick up to 20% (Evan Lucas) https://github.com/nodejs/node/pull/8932 * repl: - the division operator will no longer be accidentally parsed as regex (Teddy Katz) https://github.com/nodejs/node/pull/10103 - improved support for generator functions (Teddy Katz) https://github.com/nodejs/node/pull/9852 * timers: - Re canceling a cancelled timers will no longer throw (Jeremiah Senkpiel) https://github.com/nodejs/node/pull/9685 PR-URL: https://github.com/nodejs/node/pull/10394 |
8 years ago |
Rod Vagg | 2a5f789141 |
2016-12-21 Version 0.12.18 (Maintenance) Release
Notable changes: * npm: upgrade from v2.15.1 to v2.15.11, including accurate updated license (Jeremiah Senkpiel) * process: `process.versions.ares` now outputs the c-ares version (Johan Bergström) PR-URL: https://github.com/nodejs/node/pull/10352 |
8 years ago |
cjihrig | ffd01da0f2 |
2016-12-20, Version 7.3.0 (Current)
Notable changes: * buffer: - buffer.fill() now works properly for the UCS2 encoding on Big-Endian machines. (Anna Henningsen) https://github.com/nodejs/node/pull/9837 * cluster: - disconnect() now returns a reference to the disconnected worker. (Sean Villars) https://github.com/nodejs/node/pull/10019 * crypto: - The built-in list of Well-Known CAs (Certificate Authorities) can now be extended via a NODE_EXTRA_CA_CERTS environment variable. (Sam Roberts) https://github.com/nodejs/node/pull/9139 * http: - Remove stale timeout listeners in order to prevent a memory leak when using keep alive. (Karl Böhlmark) https://github.com/nodejs/node/pull/9440 * tls: - Allow obvious key/passphrase combinations. (Sam Roberts) https://github.com/nodejs/node/pull/10294 * url: - Including base argument in URL.originFor() to meet specification compliance. (joyeecheung) https://github.com/nodejs/node/pull/10021 - Improve URLSearchParams to meet specification compliance. (Timothy Gu) https://github.com/nodejs/node/pull/9484 PR-URL: https://github.com/nodejs/node/pull/10277 |
8 years ago |
Jeremiah Senkpiel | 8ab8363677 |
2016-12-06, Version 7.2.1 (Current)
Notable changes: * buffer: - Reverted the runtime deprecation of calling `Buffer()` without `new`. (Anna Henningsen) https://github.com/nodejs/node/pull/9529 - Fixed `buffer.transcode()` for single-byte character encodings to `UCS2`. (Anna Henningsen) https://github.com/nodejs/node/pull/9838 * promise: `--trace-warnings` now produces useful stacktraces for Promise warnings. (Anna Henningsen) https://github.com/nodejs/node/pull/9525 * repl: Fixed a bug preventing correct parsing of generator functions. (Teddy Katz) https://github.com/nodejs/node/pull/9852 * V8: Fixed a significant `instanceof` performance regression. (Franziska Hinkelmann) https://github.com/nodejs/node/pull/9730 PR-URL: https://github.com/nodejs/node/pull/10127 |
8 years ago |
Myles Borins | 6ade6dedab |
2016-12-06, Version 4.7.0 'Argon' (LTS)
This LTS release comes with 108 commits. This includes 30 which are doc related, 28 which are test related, 16 which are build / tool related, and 4 commits which are updates to dependencies. Notable Changes: The SEMVER-MINOR changes include: * build: - export openssl symbols on Windows making it possible to build addons linked against the bundled version of openssl (Alex Hultman) https://github.com/nodejs/node/pull/7576 * debugger: - make listen address configurable in the debugger server (Ben Noordhuis) https://github.com/nodejs/node/pull/3316 * dgram: - generalized send queue to handle close fixing a potential throw when dgram socket is closed in the listening event handler. (Matteo Collina) https://github.com/nodejs/node/pull/7066 * http: - Introduce the 451 status code "Unavailable For Legal Reasons" (Max Barinov) https://github.com/nodejs/node/pull/4377 * tls: - introduce `secureContext` for `tls.connect` which is useful for caching client certificates, key, and CA certificates. (Fedor Indutny) https://github.com/nodejs/node/pull/4246 Notable SEMVER-PATCH changes include: * build: - introduce the configure --shared option for embedders (sxa555) https://github.com/nodejs/node/pull/6994 * gtest: - the test reporter now outputs tap comments as yamlish (Johan Bergström) https://github.com/nodejs/node/pull/9262 * src: - node no longer aborts when c-ares initialization fails (Ben Noordhuis) https://github.com/nodejs/node/pull/8710 * tls: - fix memory leak when writing data to TLSWrap instance during handshake (Fedor Indutny) https://github.com/nodejs/node/pull/9586 PR-URL: https://github.com/nodejs/node/pull/9736 |
8 years ago |
Myles Borins | c4391f4664 |
2016-12-06, Version 6.9.2 'Boron' (LTS) Release
This LTS release comes with 144 commits. This includes 47 that are docs related, 46 that are test related, 15 which are build / tools related, and 9 commits which are updates to dependencies Notable Changes: * buffer: - coerce slice parameters consistently (Sakthipriyan Vairamani (thefourtheye)) https://github.com/nodejs/node/pull/9101 * deps: - *npm*: - upgrade npm to 3.10.9 (Kat Marchán) https://github.com/nodejs/node/pull/9286 - *V8*: - Various fixes to destructuring edge cases - cherry-pick 3c39bac from V8 upstream (Cristian Cavalli) https://github.com/nodejs/node/pull/9138 - cherry pick 7166503 from upstream v8 (Cristian Cavalli) https://github.com/nodejs/node/pull/9173 * gtest: - the test reporter now outputs tap comments as yamlish (Johan Bergström) https://github.com/nodejs/node/pull/9262 * inspector: - inspector now prompts user to use 127.0.0.1 rather than localhost (Eugene Ostroukhov) https://github.com/nodejs/node/pull/9451 * tls: - fix memory leak when writing data to TLSWrap instance during handshake (Fedor Indutny) https://github.com/nodejs/node/pull/9586 PR-URL: https://github.com/nodejs/node/pull/9735 |
8 years ago |
Jeremiah Senkpiel | db3f12f7e0 |
2016-11-22, Version 7.2.0 (Current)
This is a security release impacting Windows 10 users. Notable changes: * crypto: The `Decipher` methods `setAuthTag()` and `setAAD` now return `this`. (Kirill Fomichev) https://github.com/nodejs/node/pull/9398 * dns: Implemented `{ttl: true}` for `resolve4()` and `resolve6()`. (Ben Noordhuis) https://github.com/nodejs/node/pull/9296 & https://github.com/nodejs/node/pull/9296 * libuv: Upgrade to v1.10.1 (cjihrig) https://github.com/nodejs/node/pull/9647 - Fixed a potential buffer overflow when writing data to console on Windows 10. (CVE-2016-9551) * process: Added a new `external` property to the data returned by `memoryUsage()`. (Fedor Indutny) https://github.com/nodejs/node/pull/9587 * tls: Fixed a memory leak when writes were queued on TLS connection that was destroyed during handshake. (Fedor Indutny) https://github.com/nodejs/node/pull/9626 * V8 (dep): Upgrade to v5.4.500.43 (Michaël Zasso) https://github.com/nodejs/node/pull/9697 * v8: The data returned by `getHeapStatistics()` now includes three new fields: `malloced_memory`, `peak_malloced_memory`, and `does_zap_garbage`. (Gareth Ellis) https://github.com/nodejs/node/pull/8610 PR-URL: https://github.com/nodejs/node/pull/9745 |
8 years ago |
Evan Lucas | 9314886053 |
2016-11-08, Version 7.1.0 (Current)
Notable changes: * buffer: add buffer.transcode to transcode a buffer's content from one encoding to another primarily using ICU (James M Snell) * child_process: add public API for IPC channel (cjihrig) * icu * Upgraded to ICU 58 - small icu (Steven R. Loomis) * Add `cldr`, `tz`, and `unicode` to `process.versions` (Steven R. Loomis) * lib: make `String(global) === '[object global]'` (Anna Henningsen) * libuv: Upgraded to 1.10.0 (cjihrig) * readline: use icu based string width calculation (James M Snell) * src: * add NODE_PRESERVE_SYMLINKS environment variable that has the same effect as the `--preserve-symlinks` flag (Marc Udoff) * Fix `String#toLocaleUpperCase()` and `String#toLocaleLowerCase()` (Steven R. Loomis) PR-URL: https://github.com/nodejs/node/pull/9438 |
8 years ago |
Myles Borins | 3562658bed |
2016-11-08, Version 4.6.2 'Argon' (LTS)
This LTS release comes with 219 commits. This includes 80 commits that are docs related, 58 commits that are test related, 20 commits that are build / tool related, and 9 commits that are updates to dependencies. Notable Changes * build: - It is now possible to build the documentation from the release tarball (Anna Henningsen) https://github.com/nodejs/node/pull/8413 * buffer: - Buffer.alloc() will no longer incorrectly return a zero filled buffer when an encoding is passed (Teddy Katz) https://github.com/nodejs/node/pull/9238 * deps: - upgrade npm in LTS to 2.15.11 (Kat Marchán) https://github.com/nodejs/node/pull/8928 * repl: - Enable tab completion for global properties (Lance Ball) https://github.com/nodejs/node/pull/7369 * url: - `url.format()` will now encode all `#` in `search` (Ilkka Myller) https://github.com/nodejs/node/pull/8072 PR-URL: https://github.com/nodejs/node/pull/9298 |
8 years ago |
James M Snell | 1e4fafcb1a |
2016-10-25, Version 7.0.0 (Current)
Notable Changes: * Buffer * Passing invalid input to Buffer.byteLength will now throw an error [#8946](https://github.com/nodejs/node/pull/8946). * Calling Buffer without new is now deprecated and will emit a process warning [#8169](https://github.com/nodejs/node/pull/8169). * Passing a negative number to allocUnsafe will now throw an error [#7079](https://github.com/nodejs/node/pull/7079). * Child Process * The fork and execFile methods now have stronger argument validation [#7399](https://github.com/nodejs/node/pull/7399). * Cluster * The worker.suicide method is deprecated and will emit a process warning [#3747](https://github.com/nodejs/node/pull/3747). * Deps * V8 has been updated to 5.4.500.36 [#8317](https://github.com/nodejs/node/pull/8317), [#8852](https://github.com/nodejs/node/pull/8852), [#9253](https://github.com/nodejs/node/pull/9253). * NODE_MODULE_VERSION has been updated to 51 [#8808](https://github.com/nodejs/node/pull/8808). * File System * A process warning is emitted if a callback is not passed to async file system methods [#7897](https://github.com/nodejs/node/pull/7897). * Intl * Intl.v8BreakIterator constructor has been deprecated and will emit a process warning [#8908](https://github.com/nodejs/node/pull/8908). * Promises * Unhandled Promise rejections have been deprecated and will emit a process warning [#8217](https://github.com/nodejs/node/pull/8217). * Punycode * The `punycode` module has been deprecated [#7941](https://github.com/nodejs/node/pull/7941). * URL * An Experimental WHATWG URL Parser has been introduced [#7448](https://github.com/nodejs/node/pull/7448). PR-URL: https://github.com/nodejs/node/pull/9099 |
8 years ago |
Myles Borins | 4b65a65e75 |
2016-10-19, Version 6.9.1 'Boron' (LTS) Release
Notable changes: * streams: Fix a regression introduced in v6.8.0 in readable stream that caused unpipe to remove the wrong stream (Anna Henningsen) PR-URL: https://github.com/nodejs/node/pull/9186 |
8 years ago |
Jeremiah Senkpiel | 252cc3d00b |
doc: v6 is now LTS rather than Current
PR-URL: https://github.com/nodejs/node/pull/9182 Reviewed-By: Claudio Rodriguez <cjrodr@yahoo.com> Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Myles Borins <myles.borins@gmail.com> |
8 years ago |
Jeremiah Senkpiel | e44eb0e6ce |
doc: fix some table problems in changelog.md
PR-URL: https://github.com/nodejs/node/pull/9183 Reviewed-By: Claudio Rodriguez <cjrodr@yahoo.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Myles Borins <myles.borins@gmail.com> Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com> |
8 years ago |
Rod Vagg | 0e6750d1cd |
2016-10-18 Node.js v6.9.0 'Boron' (LTS) Release
This release marks the transition of Node.js v6 into Long Term Support (LTS) with the codename 'Boron'. The v6 release line now moves in to "Active LTS" and will remain so until April 2018. After that time it will move in to "Maintenance" until end of life in April 2019. This is also a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/ for details on patched vulnerabilities. Notable changes: * crypto: Don't automatically attempt to load an OpenSSL configuration file, from the `OPENSSL_CONF` environment variable or from the default location for the current platform. Always triggering a configuration file load attempt may allow an attacker to load compromised OpenSSL configuration into a Node.js process if they are able to place a file in a default location. (Fedor Indutny, Rod Vagg) * node: Introduce the `process.release.lts` property, set to `"Boron"`. This value is `"Argon"` for v4 LTS releases and `undefined` for all other releases. (Rod Vagg) * V8: Backport fix for CVE-2016-5172, an arbitrary memory read. The parser in V8 mishandled scopes, potentially allowing an attacker to obtain sensitive information from arbitrary memory locations via crafted JavaScript code. This vulnerability would require an attacker to be able to execute arbitrary JavaScript code in a Node.js process. (Rod Vagg) * **v8_inspector**: Generate a UUID for each execution of the inspector. This provides additional security to prevent unauthorized clients from connecting to the Node.js process via the v8_inspector port when running with `--inspect`. Since the debugging protocol allows extensive access to the internals of a running process, and the execution of arbitrary code, it is important to limit connections to authorized tools only. Vulnerability originally reported by Jann Horn. (Eugene Ostroukhov) PR-URL: https://github.com/nodejs/node-private/pull/81 |
8 years ago |
Rod Vagg | 83c7a8897c |
2016-10-18, Version 4.6.1 'Argon' (LTS)
This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/ for details on patched vulnerabilities. Notable changes: * c-ares: fix for single-byte buffer overwrite, CVE-2016-5180, more information at https://c-ares.haxx.se/adv_20160929.html (Daniel Stenberg) PR-URL: https://github.com/nodejs/node/pull/9153 |
8 years ago |
Rod Vagg | 107f77594b |
2016-10-18 Version 0.10.48 (Maintenance) Release
This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/ for details on patched vulnerabilities. Notable changes: * c-ares: fix for single-byte buffer overwrite, CVE-2016-5180, more information at https://c-ares.haxx.se/adv_20160929.html (Rod Vagg) PR-URL: https://github.com/nodejs/node/pull/9154 |
8 years ago |
Rod Vagg | 26e2f0d9e4 |
2016-10-18 Version 0.12.17 (Maintenance) Release
This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/ for details on patched vulnerabilities. Notable changes: * c-ares: fix for single-byte buffer overwrite, CVE-2016-5180, more information at https://c-ares.haxx.se/adv_20160929.html (Daniel Stenberg) PR-URL: https://github.com/nodejs/node/pull/9147 |
8 years ago |
Evan Lucas | 113c697ded |
2016-10-14, Version 6.8.1 (Current)
* build: Fix building with shared zlib. (Bradley T. Hughes) [#9077](https://github.com/nodejs/node/pull/9077) * stream: fix `Writable` subclass instanceof checks (Anna Henningsen) [#9088](https://github.com/nodejs/node/pull/9088) * timers: fix regression with clearImmediate() (Brian White) [#9086](https://github.com/nodejs/node/pull/9086) PR-URL: https://github.com/nodejs/node/pull/9104 |
8 years ago |
Jeremiah Senkpiel | e4ee09a5b3 |
2016-10-12, Version 6.8.0 (Current)
* fs: - `SyncWriteStream` now inherits from `Stream.Writable`. (Anna Henningsen) https://github.com/nodejs/node/pull/8830 - Practically, this means that when stdio is piped to a file, stdout and stderr will still be `Writable` streams. - `fs.existsSync()` has been undeprecated. `fs.exists()` remains deprecated. (Dan Fabulich) https://github.com/nodejs/node/pull/8364 * http: `http.request()` now accepts a `timeout` option. (Rene Weber) https://github.com/nodejs/node/pull/8101 * module: The module loader now maintains its own realpath cache. (Anna Henningsen) https://github.com/nodejs/node/pull/8100 * npm: Upgraded to 3.10.8 (Kat Marchán) https://github.com/nodejs/node/pull/8706 * stream: `Duplex` streams now show proper `instanceof Stream.Writable`. (Anna Henningsen) https://github.com/nodejs/node/pull/8834 * timers: Improved `setTimeout`/`Interval` performance by up to 22%. (Brian White) https://github.com/nodejs/node/pull/8661 PR-URL: https://github.com/nodejs/node/pull/9034 |
8 years ago |
Evan Lucas | aae1862385 |
2016-09-27, Version 6.7.0 (Current)
This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/ for details on patched vulnerabilities. Notable Changes Semver Minor: * openssl: - Upgrade to 1.0.2i, fixes a number of defects impacting Node.js: CVE-2016-6304 ("OCSP Status Request extension unbounded memory growth", high severity), CVE-2016-2183, CVE-2016-2178, and CVE-2016-6306. (Shigeki Ohtsu) https://github.com/nodejs/node/pull/8714 - Upgrade to 1.0.2j, fixes a defect included in 1.0.2i resulting in a crash when using CRLs, CVE-2016-7052. (Shigeki Ohtsu) https://github.com/nodejs/node/pull/8786 - Remove support for loading dynamic third-party engine modules. An attacker may be able to hide malicious code to be inserted into Node.js at runtime by masquerading as one of the dynamic engine modules. Originally reported by Ahmed Zaki (Skype). (Ben Noordhuis) https://github.com/nodejs/node-private/pull/73 * http: CVE-2016-5325 - Properly validate for allowable characters in the `reason` argument in `ServerResponse#writeHead()`. Fixes a possible response splitting attack vector. This introduces a new case where `throw` may occur when configuring HTTP responses, users should already be adopting try/catch here. Originally reported independently by Evan Lucas and Romain Gaucher. (Evan Lucas) https://github.com/nodejs/node-private/pull/60 Semver Patch: * buffer: Zero-fill excess bytes in new `Buffer` objects created with `Buffer.concat()` while providing a `totalLength` parameter that exceeds the total length of the original `Buffer` objects being concatenated. (Сковорода Никита Андреевич) https://github.com/nodejs/node-private/pull/64 * src: Fix regression where passing an empty password and/or salt to crypto.pbkdf2() would cause a fatal error (Rich Trott) https://github.com/nodejs/node/pull/8572 * tls: CVE-2016-7099 - Fix invalid wildcard certificate validation check whereby a TLS server may be able to serve an invalid wildcard certificate for its hostname due to improper validation of `*.` in the wildcard string. Originally reported by Alexander Minozhenko and James Bunton (Atlassian). (Ben Noordhuis) https://github.com/nodejs/node-private/pull/75 * v8: Fix regression where a regex on a frozen object was broken (Myles Borins) https://github.com/nodejs/node/pull/8673 |
8 years ago |
Rod Vagg | eba39c4bc6 |
2016-09-27, Version 4.6.0 'Argon' (LTS)
This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/ for details on patched vulnerabilities. Notable Changes Semver Minor: * openssl: - Upgrade to 1.0.2i, fixes a number of defects impacting Node.js: CVE-2016-6304 ("OCSP Status Request extension unbounded memory growth", high severity), CVE-2016-2183, CVE-2016-6303, CVE-2016-2178 and CVE-2016-6306. (Shigeki Ohtsu) https://github.com/nodejs/node/pull/8714 - Upgrade to 1.0.2j, fixes a defect included in 1.0.2i resulting in a crash when using CRLs, CVE-2016-7052. (Shigeki Ohtsu) https://github.com/nodejs/node/pull/8786 - Remove support for loading dynamic third-party engine modules. An attacker may be able to hide malicious code to be inserted into Node.js at runtime by masquerading as one of the dynamic engine modules. Originally reported by Ahmed Zaki (Skype). (Ben Noordhuis) https://github.com/nodejs/node-private/pull/70 * http: CVE-2016-5325 - Properly validate for allowable characters in the `reason` argument in `ServerResponse#writeHead()`. Fixes a possible response splitting attack vector. This introduces a new case where `throw` may occur when configuring HTTP responses, users should already be adopting try/catch here. Originally reported independently by Evan Lucas and Romain Gaucher. (Evan Lucas) https://github.com/nodejs/node-private/pull/46 Semver Patch: * buffer: Zero-fill excess bytes in new `Buffer` objects created with `Buffer.concat()` while providing a `totalLength` parameter that exceeds the total length of the original `Buffer` objects being concatenated. (Сковорода Никита Андреевич) https://github.com/nodejs/node-private/pull/65 * tls: CVE-2016-7099 - Fix invalid wildcard certificate validation check whereby a TLS server may be able to serve an invalid wildcard certificate for its hostname due to improper validation of `*.` in the wildcard string. Originally reported by Alexander Minozhenko and James Bunton (Atlassian). (Ben Noordhuis) https://github.com/nodejs/node-private/pull/63 PR-URL: https://github.com/nodejs/node-private/pull/74 |
8 years ago |
Rod Vagg | e686be90bb |
2016-09-27 Version 0.12.16 (Maintenance) Release
This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/ for details on patched vulnerabilities. Notable changes: * buffer: Zero-fill excess bytes in new `Buffer` objects created with `Buffer.concat()` while providing a `totalLength` parameter that exceeds the total length of the original `Buffer` objects being concatenated. (Сковорода Никита Андреевич) * http: - CVE-2016-5325 - Properly validate for allowable characters in the `reason` argument in `ServerResponse#writeHead()`. Fixes a possible response splitting attack vector. This introduces a new case where `throw` may occur when configuring HTTP responses, users should already be adopting try/catch here. Originally reported independently by Evan Lucas and Romain Gaucher. (Evan Lucas) - Invalid status codes can no longer be sent. Limited to 3 digit numbers between 100 - 999. Lack of proper validation may also serve as a potential response splitting attack vector. Backported from v4.x. (Brian White) * openssl: - Upgrade to 1.0.1u, fixes a number of defects impacting Node.js: CVE-2016-6304 ("OCSP Status Request extension unbounded memory growth", high severity), CVE-2016-2183, CVE-2016-6303, CVE-2016-2178 and CVE-2016-6306. - Remove support for loading dynamic third-party engine modules. An attacker may be able to hide malicious code to be inserted into Node.js at runtime by masquerading as one of the dynamic engine modules. Originally reported by Ahmed Zaki (Skype). (Ben Noordhuis, Rod Vagg) * tls: CVE-2016-7099 - Fix invalid wildcard certificate validation check whereby a TLS server may be able to serve an invalid wildcard certificate for its hostname due to improper validation of `*.` in the wildcard string. Originally reported by Alexander Minozhenko and James Bunton (Atlassian). (Ben Noordhuis) PR-URL: https://github.com/nodejs/node-private/pull/72 |
8 years ago |
Rod Vagg | f5ee3fe10e |
2016-09-27 Version 0.10.47 (Maintenance) Release
This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/ for details on patched vulnerabilities. Notable changes: * buffer: Zero-fill excess bytes in new `Buffer` objects created with `Buffer.concat()` while providing a `totalLength` parameter that exceeds the total length of the original `Buffer` objects being concatenated. (Сковорода Никита Андреевич) * http: - CVE-2016-5325 - Properly validate for allowable characters in the `reason` argument in `ServerResponse#writeHead()`. Fixes a possible response splitting attack vector. This introduces a new case where `throw` may occur when configuring HTTP responses, users should already be adopting try/catch here. Originally reported independently by Evan Lucas and Romain Gaucher. (Evan Lucas) - Invalid status codes can no longer be sent. Limited to 3 digit numbers between 100 - 999. Lack of proper validation may also serve as a potential response splitting attack vector. Backported from v4.x. (Brian White) * openssl: Upgrade to 1.0.1u, fixes a number of defects impacting Node.js: CVE-2016-6304 ("OCSP Status Request extension unbounded memory growth", high severity), CVE-2016-2183, CVE-2016-6303, CVE-2016-2178 and CVE-2016-6306. * tls: CVE-2016-7099 - Fix invalid wildcard certificate validation check whereby a TLS server may be able to serve an invalid wildcard certificate for its hostname due to improper validation of `*.` in the wildcard string. Originally reported by Alexander Minozhenko and James Bunton (Atlassian). (Ben Noordhuis) PR-URL: https://github.com/nodejs/node-private/pull/71 |
8 years ago |
Jeremiah Senkpiel | ea2a309e3b |
2016-09-14, Version 6.6.0 (Current)
Notable changes: * crypto: Added `crypto.timingSafeEqual()`. (not-an-aardvark) https://github.com/nodejs/node/pull/8304 * events: Made the "max event listeners" memory leak warning more accessible. (Anna Henningsen) https://github.com/nodejs/node/pull/8298 * promises: Unhandled rejections now emit a process warning after the first tick. (Benjamin Gruenbaum) https://github.com/nodejs/node/pull/8223 * repl: Added auto alignment for `.editor` mode. (Prince J Wesley) https://github.com/nodejs/node/pull/8241 * util: Some functionality has been added to `util.inspect()`: - Returning `this` from a custom inspect function now works. (Anna Henningsen) https://github.com/nodejs/node/pull/8174 - Added support for Symbol-based custom inspection methods. (Anna Henningsen) https://github.com/nodejs/node/pull/8174 Refs: https://github.com/nodejs/node/issues/8428 Refs: https://github.com/nodejs/node/pull/8457 PR-URL: https://github.com/nodejs/node/pull/8466 |
8 years ago |
Evan Lucas | 0482d6d592 |
2016-08-26, Version 6.5.0 (Current)
Notable changes: * **buffer**: Fix regression introduced in v6.4.0 that prevented .write() at buffer end (Anna Henningsen) https://github.com/nodejs/node/pull/8154 * **deps**: update V8 to 5.1.281.75 (Ali Ijaz Sheikh) https://github.com/nodejs/node/pull/8054 * **inspector**: * fix inspector hang while disconnecting (Aleksei Koziatinskii) https://github.com/nodejs/node/pull/8021 * add support for uncaught exception (Aleksei Koziatinskii) https://github.com/nodejs/node/pull/8043 * **repl**: Fix saving editor mode text in `.save` (Prince J Wesley) https://github.com/nodejs/node/pull/8145 * ***Revert*** "**repl,util**: insert carriage returns in output" (Evan Lucas) https://github.com/nodejs/node/pull/8143 PR-URL: https://github.com/nodejs/node/pull/8253 |
8 years ago |
Myles Borins | e7bd4d2597 |
2016-08-15, Version 4.5.0 'Argon' (LTS)
Notable Changes: Semver Minor: * buffer: * backport new buffer constructor APIs to v4.x (Сковорода Никита Андреевич) https://github.com/nodejs/node/pull/7562 * backport --zero-fill-buffers cli option (James M Snell) https://github.com/nodejs/node/pull/5745 * build: * add Intel Vtune profiling support (Chunyang Dai) https://github.com/nodejs/node/pull/5527 * repl: * copying tabs shouldn't trigger completion (Eugene Obrezkov) https://github.com/nodejs/node/pull/5958 * src: * add node::FreeEnvironment public API (Cheng Zhao) https://github.com/nodejs/node/pull/3098 * test: * run v8 tests from node tree (Bryon Leung) https://github.com/nodejs/node/pull/4704 * V8: * Add post mortem data to improve object inspection and function's context variables inspection (Fedor Indutny) https://github.com/nodejs/node/pull/3779 Semver Patch: * **buffer**: * ignore negative allocation lengths (Anna Henningsen) https://github.com/nodejs/node/pull/7562 * **crypto**: * update root certificates (Ben Noordhuis) https://github.com/nodejs/node/pull/7363 * **libuv**: * upgrade libuv to 1.9.1 (Saúl Ibarra Corretgé) https://github.com/nodejs/node/pull/6796 * upgrade libuv to 1.9.0 (Saúl Ibarra Corretgé) https://github.com/nodejs/node/pull/5994 * **npm**: * upgrade to 2.15.9 (Kat Marchán) https://github.com/nodejs/node/pull/7692 |
9 years ago |
cjihrig | d83373d800 |
2016-08-15, Version 6.4.0 (Current)
Notable changes: * build: zlib symbols and additional OpenSSL symbols are now exposed on Windows platforms. (Alex Hultman) https://github.com/nodejs/node/pull/7983 and https://github.com/nodejs/node/pull/7576 * child_process, cluster: Forked child processes and cluster workers now support stdio configuration. (Colin Ihrig) https://github.com/nodejs/node/pull/7811 and https://github.com/nodejs/node/pull/7838 * child_process: argv[0] can now be set to arbitrary values in spawned processes. (Pat Pannuto) https://github.com/nodejs/node/pull/7696 * fs: fs.ReadStream now exposes the number of bytes it has read so far. (Linus Unnebäck) https://github.com/nodejs/node/pull/7942 * repl: The REPL now supports editor mode. (Prince J Wesley) https://github.com/nodejs/node/pull/7275 * util: inspect() can now be configured globally using util.inspect.defaultOptions. (Roman Reiss) https://github.com/nodejs/node/pull/8013 Refs: https://github.com/nodejs/node/issues/8020 PR-URL: https://github.com/nodejs/node/pull/8070 |
8 years ago |
Evan Lucas | c21a212bdc |
2016-07-21, Version 6.3.1 (Current)
Notable changes: * **buffer**: * Improve performance of Buffer.from(str, 'hex') and Buffer#write(str, 'hex'). (Christopher Jeffrey) https://github.com/nodejs/node/pull/7602 * Fix creating from zero-length ArrayBuffer. (Ingvar Stepanyan) https://github.com/nodejs/node/pull/7176 * **deps**: * Upgrade to V8 5.0.71.xx. (Ben Noordhuis) https://github.com/nodejs/node/pull/7531 * Backport V8 instanceof bugfix (Franziska Hinkelmann) https://github.com/nodejs/node/pull/7638 * **repl**: Fix issue with function redeclaration. (Prince J Wesley) https://github.com/nodejs/node/pull/7794 * **util**: Fix inspecting of boxed symbols. (Anna Henningsen) https://github.com/nodejs/node/pull/7641 PR-URL: https://github.com/nodejs/node/pull/7782 |
9 years ago |
Jeremiah Senkpiel | 7628031847 |
2016-07-06, Version 6.3.0 (Current)
Notable changes: * buffer: Added `buffer.swap64()` to compliment `swap16()` & `swap32()`. (Zach Bjornson) https://github.com/nodejs/node/pull/7157 * build: New `configure` options have been added for building Node.js as a shared library. (Stefan Budeanu) https://github.com/nodejs/node/pull/6994 - The options are: `--shared`, `--without-v8-platform` & `--without-bundled-v8`. * crypto: Root certificates have been updated. (Ben Noordhuis) https://github.com/nodejs/node/pull/7363 * debugger: The server address is now configurable via `--debug=<address>:<port>`. (Ben Noordhuis) https://github.com/nodejs/node/pull/3316 * npm: Upgraded npm to v3.10.3 (Kat Marchán) https://github.com/nodejs/node/pull/7515 & (Rebecca Turner) https://github.com/nodejs/node/pull/7410 * readline: Added the `prompt` option to the readline constructor. (Evan Lucas) https://github.com/nodejs/node/pull/7125 * repl / vm: `sigint`/`ctrl+c` will now break out of infinite loops without stopping the Node.js instance. (Anna Henningsen) https://github.com/nodejs/node/pull/6635 * src: - Added a `node::FreeEnvironment` public C++ API. (Cheng Zhao) https://github.com/nodejs/node/pull/3098 - Refactored `require('constants')`, constants are now available directly from their respective modules. (James M Snell) https://github.com/nodejs/node/pull/6534 * stream: Improved `readable.read()` performance by up to 70%. (Brian White) https://github.com/nodejs/node/pull/7077 * timers: `setImmediate()` is now up to 150% faster in some situations. (Andras) https://github.com/nodejs/node/pull/6436 * util: Added a `breakLength` option to `util.inspect()` to control how objects are formatted across lines. (cjihrig) https://github.com/nodejs/node/pull/7499 * v8-inspector: Experimental support has been added for debugging Node.js over the inspector protocol. (Ali Ijaz Sheikh) https://github.com/nodejs/node/pull/6792 - *Note: This feature is experimental, and it could be altered or removed.* - You can try this feature by running Node.js with the `--inspect` flag. Refs: https://github.com/nodejs/node/pull/7441 PR-URL: https://github.com/nodejs/node/pull/7550 |
9 years ago |
Myles Borins | 21535e851c |
2016-06-28, Version 4.4.7 'Argon' (LTS)
This LTS release comes with 89 commits. This includes 46 commits that are docs related, 11 commits that are test related, 8 commits that are build related, and 4 commits that are benchmark related. Notable Changes: - debugger: - All properties of an array (aside from length) can now be printed in the repl (cjihrig) https://github.com/nodejs/node/pull/6448 - npm: - Upgrade npm to 2.15.8 (Rebecca Turner) https://github.com/nodejs/node/pull/7412 - stream: - Fix for a bug that became more prevalent with the stream changes that landed in v4.4.5. (Anna Henningsen) https://github.com/nodejs/node/pull/7160 - V8: - Fix for a bug in crankshaft that was causing crashes on arm64 (Myles Borins) https://github.com/nodejs/node/pull/7442 - Add missing classes to postmortem info such as JSMap and JSSet (evan.lucas) https://github.com/nodejs/node/pull/3792 |
9 years ago |
Myles Borins | 9744928cf5 |
doc: fix layout problem in v4 changelog
The current layout is breaking the release post tool. This commit also removed erroneous entires in the main CHANGELOG for v4.4.6 and v5.12.0. PR-URL: https://github.com/nodejs/node/pull/7394 Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> |
9 years ago |
Evan Lucas | 6a9438343b |
2016-06-23, Version 5.12.0 (Stable)
Notable changes: This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases for details on patched vulnerabilities. * **buffer** * backport allocUnsafeSlow (Сковорода Никита Андреевич) [#7169](https://github.com/nodejs/node/pull/7169) * ignore negative allocation lengths (Anna Henningsen) [#7221](https://github.com/nodejs/node/pull/7221) * **deps**: backport 3a9bfec from v8 upstream (Ben Noordhuis) [nodejs/node-private#40](https://github.com/nodejs/node-private/pull/40) * Fixes a Buffer overflow vulnerability discovered in v8. More details can be found in the CVE (CVE-2016-1699). PR-URL: https://github.com/nodejs/node-private/pull/51 |
9 years ago |
Rod Vagg | fb146cecc3 |
2016-06-23 Version 0.12.15 (Maintenance) Release
This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/ for details on patched vulnerabilities. Notable changes: * libuv: (CVE-2014-9748) Fixes a bug in the read/write locks implementation for Windows XP and Windows 2003 that can lead to undefined and potentially unsafe behaviour. More information can be found at https://github.com/libuv/libuv/issues/515 or at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/. * V8: (CVE-2016-1669) Fixes a potential Buffer overflow vulnerability discovered in V8, more details can be found in the CVE at https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669 or at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/. PR-URL: https://github.com/nodejs/node-private/pull/53 |
9 years ago |
Rod Vagg | 71b29bb8a9 |
2016-06-23 Version 0.10.46 (Maintenance) Release
This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/ for details on patched vulnerabilities. Notable changes: * libuv: (CVE-2014-9748) Fixes a bug in the read/write locks implementation for Windows XP and Windows 2003 that can lead to undefined and potentially unsafe behaviour. More information can be found at https://github.com/libuv/libuv/issues/515 or at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/. * V8: (CVE-2016-1669) Fixes a potential Buffer overflow vulnerability discovered in V8, more details can be found in the CVE CVE-2016-1669 at https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669 or at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/. Commits: * [ |
9 years ago |
Myles Borins | a9c34aeae7 |
2016-06-23, Version 4.4.6 'Argon' (LTS)
This is an important security release. All Node.js users should consult the security release summary at nodejs.org for details on patched vulnerabilities. This release is specifically related to a Buffer overflow vulnerability discovered in v8, more details can be found in the CVE https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669 PR-URL: https://github.com/nodejs/node-private/pull/41 |
9 years ago |
Evan Lucas | e427150e75 |
2016-06-17, Version 6.2.2 (Current) Release
Notable changes: * **http**: - req.read(0) could cause incoming connections to stall and time out under certain conditions. (Fedor Indutny) [#7211](https://github.com/nodejs/node/pull/7211) - When freeing the socket to be reused in keep-alive Agent wait for both prefinish and end events. Otherwise the next request may be written before the previous one has finished sending the body, leading to a parser errors. (Fedor Indutny) [#7149](https://github.com/nodejs/node/pull/7149) * **npm**: upgrade npm to 3.9.5 (Kat Marchán) [#7139](https://github.com/nodejs/node/pull/7139) PR-URL: https://github.com/nodejs/node/pull/7323 |
9 years ago |
Rod Vagg | daafe2c65e |
2016-06-02, Version 6.2.1 (Current)
* buffer: Ignore negative lengths in calls to Buffer() and Buffer.allocUnsafe(). This fixes a possible security concern (reported by Feross Aboukhadijeh) where user input is passed unchecked to the Buffer constructor or allocUnsafe() as it can expose parts of the memory slab used by other Buffers in the application. Note that negative lengths are not supported by the Buffer API and user input to the constructor should always be sanitised and type-checked. (Anna Henningsen) https://github.com/nodejs/node/pull/7030 * npm: Upgrade npm to 3.9.3 (Kat Marchán) https://github.com/nodejs/node/pull/7030 * tty: Default to blocking mode for stdio on OS X. A bug fix in libuv 1.9.0, introduced in Node.js v6.0.0, exposed problems with Node's use of non-blocking stdio, particularly on OS X which has a small output buffer. This change should fix CLI applications that have been having problems with output since Node.js v6.0.0 on OS X. The core team is continuing to address stdio concerns that exist across supported platforms and progress can be tracked at https://github.com/nodejs/node/pull/6980. (Jeremiah Senkpiel) https://github.com/nodejs/node/pull/6895 * V8: Upgrade to V8 5.0.71.52. This includes a fix that addresses problems experienced by users of node-inspector since Node.js v6.0.0, see https://github.com/nodejs/node/issues/6980 for details. (Michaël Zasso) https://github.com/nodejs/node/pull/6928 |
9 years ago |
Anna Henningsen |
b5f76dbd3e
|
doc: fix broken references in changelogs
Some references to a few versions were broken, likely in part due to the transition to a split changelog format. PR-URL: https://github.com/nodejs/node/pull/6942 Reviewed-By: Myles Borins <myles.borins@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Roman Reiss <me@silverwind.io> |
9 years ago |
Myles Borins | e03c32696e |
2016-05-24, Version 4.4.5 'Argon' (LTS)
Notable changes: * **buffer**: * Buffer no longer errors if you call lastIndexOf with a search term longer than the buffer (Anna Henningsen) https://github.com/nodejs/node/pull/6511 * contextify: * Context objects are now properly garbage collected, this solves a problem some individuals were experiencing with extreme memory growth (Ali Ijaz Sheikh) https://github.com/nodejs/node/pull/6871 * deps: * update npm to 2.15.5 (Rebecca Turner) https://github.com/nodejs/node/pull/6663 * http: * Invalid status codes can no longer be sent. Limited to 3 digit numbers between 100 - 999 (Brian White) https://github.com/nodejs/node/pull/6291 |
9 years ago |
Evan Lucas | 26120e2eb0 |
2016-05-17, Version 6.2.0 (Stable)
- **buffer**: fix lastIndexOf and indexOf in various edge cases (Anna Henningsen) [#6511](https://github.com/nodejs/node/pull/6511) - **child_process**: use /system/bin/sh on android (Ben Noordhuis) [#6745](https://github.com/nodejs/node/pull/6745) - **deps**: - upgrade npm to 3.8.9 (Rebecca Turner) [#6664](https://github.com/nodejs/node/pull/6664) - upgrade to V8 5.0.71.47 (Ali Ijaz Sheikh) [#6572](https://github.com/nodejs/node/pull/6572) - upgrade libuv to 1.9.1 (Saúl Ibarra Corretgé) [#6796](https://github.com/nodejs/node/pull/6796) - Intl: ICU 57 bump (Steven R. Loomis) [#6088](https://github.com/nodejs/node/pull/6088) - **repl**: - copying tabs shouldn't trigger completion (Eugene Obrezkov) [#5958](https://github.com/nodejs/node/pull/5958) - exports `Recoverable` (Blake Embrey) [#3488](https://github.com/nodejs/node/pull/3488) - **src**: add O_NOATIME constant (Rich Trott) [#6492](https://github.com/nodejs/node/pull/6492) - **src,module**: add --preserve-symlinks command line flag (James M Snell) [#6537](https://github.com/nodejs/node/pull/6537) - **util**: adhere to `noDeprecation` set at runtime (Anna Henningsen) [#6683](https://github.com/nodejs/node/pull/6683) As of this release the 6.X line now includes 64-bit binaries for Linux on Power Systems running in big endian mode in addition to the existing 64-bit binaries for running in little endian mode. PR-URL: https://github.com/nodejs/node/pull/6810 |
9 years ago |
James M Snell | c663a6db05 |
doc: refactor the changelog by version
The changelog was getting rather huge and difficult to manage. It also wasn't very useful in terms of being able to quickly find specific Node.js versions, or tracking the history for a single major release stream. This reorganizes the changelog by versions separated out over multiple files. An index of the most recent versions is provided in the main log. PR-URL: https://github.com/nodejs/node/pull/6503 Reviewed-By: Myles Borins <myles.borins@gmail.com> Reviewed-By: Robert Lindstaedt <robert.lindstaedt@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org> Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com> |
9 years ago |
Rod Vagg | 98b534ff5a |
2016-05-06 Version 0.12.14 (Maintenance) Release
Notable changes: * npm: Correct erroneous version number in v2.15.1 code (Forrest L Norvell) https://github.com/nodejs/node/pull/5988 * openssl: Upgrade to v1.0.1t, addressing security vulnerabilities (Shigeki Ohtsu) https://github.com/nodejs/node/pull/6553 - Fixes CVE-2016-2107 "Padding oracle in AES-NI CBC MAC check" - Fixes CVE-2016-2105 "EVP_EncodeUpdate overflow" - See https://nodejs.org/en/blog/vulnerability/openssl-may-2016/ for full details |
9 years ago |
Rod Vagg | 1ec421e122 |
2016-05-06 Version 0.10.45 (Maintenance) Release
Notable changes: * npm: Correct erroneous version number in v2.15.1 code (Forrest L Norvell) https://github.com/nodejs/node/pull/5987 * openssl: Upgrade to v1.0.1t, addressing security vulnerabilities (Shigeki Ohtsu) https://github.com/nodejs/node/pull/6553 - Fixes CVE-2016-2107 "Padding oracle in AES-NI CBC MAC check" - Fixes CVE-2016-2105 "EVP_EncodeUpdate overflow" - See https://nodejs.org/en/blog/vulnerability/openssl-may-2016/ for full details |
9 years ago |
Myles Borins | 2bceda6493 |
doc: get rid of sneaky hard tabs in CHANGELOG
My editor did something strange. Sorry about that PR-URL: https://github.com/nodejs/node/pull/6608 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> |
9 years ago |
Myles Borins | 7c7e50f813 |
2016-05-05, Version 4.4.4 'Argon' (LTS)
Notable changes * deps: * update openssl to 1.0.2h. (Shigeki Ohtsu) [#6551](https://github.com/nodejs/node/pull/6551) - Please see our blog postfor more info on the security contents of this release. https://nodejs.org/en/blog/vulnerability/openssl-may-2016/ PR-URL: https://github.com/nodejs/node/pull/6583 Reviewed-By: James M Snell <jasnell@gmail.com> |
9 years ago |
Jeremiah Senkpiel | b9ceb42ae2 |
2016-05-05, Version 6.1.0 (Current)
* assert: `deep{Strict}Equal()` now works correctly with circular references. (Rich Trott) https://github.com/nodejs/node/pull/6432 * debugger: Arrays are now formatted correctly in the debugger repl. (cjihrig) https://github.com/nodejs/node/pull/6448 * deps: Upgrade OpenSSL sources to 1.0.2h (Shigeki Ohtsu) https://github.com/nodejs/node/pull/6550 - Please see our blog post for more info on the security contents of this release: - https://nodejs.org/en/blog/vulnerability/openssl-may-2016/ * net: Introduced a `Socket#connecting` property. (Fedor Indutny) https://github.com/nodejs/node/pull/6404 - Previously this information was only available as the undocumented, internal `_connecting` property. * process: Introduced `process.cpuUsage()`. (Patrick Mueller) https://github.com/nodejs/node/pull/6157 * stream: `Writable#setDefaultEncoding()` now returns `this`. (Alexander Makarenko) https://github.com/nodejs/node/pull/5040 * util: Two new additions to `util.inspect()`: - Added a `maxArrayLength` option to truncate the formatting of Arrays. (James M Snell) https://github.com/nodejs/node/pull/6334 - This is set to `100` by default. - Added a `showProxy` option for formatting proxy intercepting handlers. (James M Snell) https://github.com/nodejs/node/pull/6465 - Inspecting proxies is non-trivial and as such this is off by default. PR-URL: https://github.com/nodejs/node/pull/6557 |
9 years ago |
Evan Lucas | a465627210 |
2016-05-05, Version 5.11.1 (Stable)
Notable changes * buffer: safeguard against accidental kNoZeroFill (Сковорода Никита Андреевич) [nodejs/node-private#35](https://github.com/nodejs/node-private/pull/35) * deps: upgrade openssl sources to 1.0.2h (Shigeki Ohtsu) [#6552](https://github.com/nodejs/node/pull/6552) |
9 years ago |
James M Snell | b8f035b07c |
doc: fix v6 changelog
Not quite sure how, but quite a few of the commits were missing from the original changelog generated for v6 relative to v5.11.0. This updates the change log. PR-URL: https://github.com/nodejs/node/pull/6435 Reviewed-By: Myles Borins <myles.borins@gmail.com> Reviewed-By: Evan Lucas <evanlucas@me.com> |
9 years ago |
Myles Borins | cc5d9767af |
meta: split CHANGELOG into two files
The unfortunate has happened, our CHANGELOG is now over 1 MB and cannot be viewed on github. This commit breaks the CHANGELOG into two files so that we can continue to show our changes rendered in the github UI. Closes: https://github.com/nodejs/node/issues/5533 PR-URL: https://github.com/nodejs/node/pull/6337 Reviewed-By: Claudio Rodriguez <cjrodr@yahoo.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Roman Reiss <me@silverwind.io> |
9 years ago |