mirror of https://github.com/lukechilds/node.git
Tree:
60a78aedb9
V8-icu-patch-4.x
archived-io.js-v0.10
archived-io.js-v0.12
canary-base
cpu-docs
master
process-exit-stdio-flushing
v0.10
v0.10-staging
v0.10.0-release
v0.10.1-release
v0.10.10-release
v0.10.11-release
v0.10.12-release
v0.10.13-release
v0.10.14-release
v0.10.15-release
v0.10.16-release
v0.10.17-release
v0.10.18-release
v0.10.19-release
v0.10.2-release
v0.10.20-release
v0.10.21-release
v0.10.22-release
v0.10.23-release
v0.10.24-release
v0.10.25-release
v0.10.26-release
v0.10.27-release
v0.10.28-release
v0.10.29-release
v0.10.3-release
v0.10.30-release
v0.10.31-release
v0.10.32-release
v0.10.33-release
v0.10.34-release
v0.10.35-release
v0.10.36-release
v0.10.37-release
v0.10.38-release
v0.10.39-release
v0.10.4-release
v0.10.5-release
v0.10.6-release
v0.10.7-release
v0.10.8-release
v0.10.9-release
v0.11.0-release
v0.11.1-release
v0.11.10-release
v0.11.11-release
v0.11.12-release
v0.11.13-release
v0.11.14-release
v0.11.15-release
v0.11.16-release
v0.11.2-release
v0.11.3-release
v0.11.4-release
v0.11.5-release
v0.11.6-release
v0.11.7-release
v0.11.8-release
v0.11.9-release
v0.12
v0.12-staging
v0.12.0-release
v0.12.1-release
v0.12.2-release
v0.12.3-release
v0.12.4-release
v0.12.5-release
v0.12.6-release
v0.7.4-release
v0.8.10-release
v0.8.11-release
v0.8.12-release
v0.8.13-release
v0.8.14-release
v0.8.15-release
v0.8.16-release
v0.8.17-release
v0.8.18-release
v0.8.19-release
v0.8.20-release
v0.8.21-release
v0.8.22-release
v0.8.23-release
v0.8.24-release
v0.8.25-release
v0.8.26-release
v0.8.27-release
v0.8.28-release
v0.8.7-release
v0.8.8-release
v0.8.9-release
v0.9.1-release
v0.9.10-release
v0.9.11-release
v0.9.12-release
v0.9.2-release
v0.9.3-release
v0.9.4-release
v0.9.5-release
v0.9.6-release
v0.9.7-release
v0.9.8-release
v0.9.9-release
v1.8.0-commit
v1.x
v2.0.2
v2.3.1-release
v3.x
v4.0.0-rc
v4.8.5-proposal
v4.x
v4.x-staging
v5.x
v6
v6.12.0-proposal
v6.x
v6.x-staging
v7.x
v7.x-staging
v8.x
v8.x-staging
v9.0.0-proposal
v9.x
v9.x-staging
heads/tags/v0.5.6
jenkins-accept-commit-temp2
jenkins-accept-pull-request-temp2
jenkins-test-pull-request-temp
v0.0.1
v0.0.2
v0.0.3
v0.0.4
v0.0.5
v0.0.6
v0.1.0
v0.1.1
v0.1.10
v0.1.100
v0.1.101
v0.1.102
v0.1.103
v0.1.104
v0.1.11
v0.1.12
v0.1.13
v0.1.14
v0.1.15
v0.1.16
v0.1.17
v0.1.18
v0.1.19
v0.1.2
v0.1.20
v0.1.21
v0.1.22
v0.1.23
v0.1.24
v0.1.25
v0.1.26
v0.1.27
v0.1.28
v0.1.29
v0.1.3
v0.1.30
v0.1.31
v0.1.32
v0.1.33
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.1.9
v0.1.90
v0.1.91
v0.1.92
v0.1.93
v0.1.94
v0.1.95
v0.1.96
v0.1.97
v0.1.98
v0.1.99
v0.10.0
v0.10.1
v0.10.10
v0.10.11
v0.10.12
v0.10.13
v0.10.14
v0.10.15
v0.10.16
v0.10.17
v0.10.18
v0.10.19
v0.10.2
v0.10.20
v0.10.21
v0.10.22
v0.10.23
v0.10.24
v0.10.25
v0.10.26
v0.10.27
v0.10.28
v0.10.29
v0.10.3
v0.10.30
v0.10.31
v0.10.32
v0.10.33
v0.10.34
v0.10.35
v0.10.36
v0.10.37
v0.10.38
v0.10.39
v0.10.4
v0.10.40
v0.10.41
v0.10.41-rc.1
v0.10.42
v0.10.43
v0.10.44
v0.10.45
v0.10.46
v0.10.47
v0.10.48
v0.10.5
v0.10.6
v0.10.7
v0.10.8
v0.10.9
v0.11.0
v0.11.1
v0.11.10
v0.11.11
v0.11.12
v0.11.13
v0.11.14
v0.11.15
v0.11.16
v0.11.2
v0.11.3
v0.11.4
v0.11.5
v0.11.6
v0.11.7
v0.11.8
v0.11.9
v0.12.0
v0.12.1
v0.12.10
v0.12.11
v0.12.12
v0.12.13
v0.12.14
v0.12.15
v0.12.16
v0.12.17
v0.12.18
v0.12.2
v0.12.3
v0.12.4
v0.12.5
v0.12.6
v0.12.7
v0.12.8
v0.12.8-rc.1
v0.12.9
v0.2.0
v0.2.1
v0.2.2
v0.2.3
v0.2.4
v0.2.5
v0.2.6
v0.3.0
v0.3.1
v0.3.2
v0.3.3
v0.3.4
v0.3.5
v0.3.6
v0.3.7
v0.3.8
v0.4.0
v0.4.1
v0.4.10
v0.4.11
v0.4.12
v0.4.2
v0.4.3
v0.4.4
v0.4.5
v0.4.6
v0.4.7
v0.4.8
v0.4.9
v0.5.0
v0.5.1
v0.5.10
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.5-rc1
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.6.1
v0.6.10
v0.6.11
v0.6.12
v0.6.13
v0.6.14
v0.6.15
v0.6.16
v0.6.17
v0.6.18
v0.6.19
v0.6.2
v0.6.20
v0.6.21
v0.6.3
v0.6.4
v0.6.5
v0.6.6
v0.6.7
v0.6.8
v0.6.9
v0.7.0
v0.7.1
v0.7.10
v0.7.10-fixed
v0.7.11
v0.7.12
v0.7.2
v0.7.3
v0.7.4
v0.7.5
v0.7.6
v0.7.7
v0.7.8
v0.7.9
v0.8.0
v0.8.1
v0.8.10
v0.8.11
v0.8.12
v0.8.13
v0.8.14
v0.8.15
v0.8.16
v0.8.17
v0.8.18
v0.8.19
v0.8.2
v0.8.20
v0.8.21
v0.8.22
v0.8.23
v0.8.24
v0.8.25
v0.8.26
v0.8.27
v0.8.28
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.8.7
v0.8.8
v0.8.9
v0.9.0
v0.9.1
v0.9.10
v0.9.11
v0.9.12
v0.9.2
v0.9.3
v0.9.4
v0.9.5
v0.9.6
v0.9.7
v0.9.8
v0.9.9
v1.0.0
v1.0.0-release
v1.0.1
v1.0.1-release
v1.0.2
v1.0.2-release
v1.0.3
v1.0.4
v1.1.0
v1.2.0
v1.3.0
v1.4.1
v1.4.2
v1.4.3
v1.5.0
v1.5.1
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.7.0
v1.7.1
v1.8.1
v1.8.2
v1.8.3
v1.8.4
v2.0.0
v2.0.1
v2.0.2
v2.1.0
v2.2.0
v2.2.1
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v2.4.0
v2.5.0
v3.0.0
v3.0.0-rc.3
v3.0.0-rc.4
v3.0.0-rc.5
v3.0.0-rc.6
v3.0.0-rc.7
v3.0.0-rc1
v3.0.0-rc2
v3.1.0
v3.2.0
v3.3.0
v3.3.1
v4.0.0
v4.0.0-rc.1
v4.0.0-rc.2
v4.0.0-rc.3
v4.0.0-rc.4
v4.0.0-rc.5
v4.1.0
v4.1.1
v4.1.2
v4.2.0
v4.2.1
v4.2.2
v4.2.2-rc.1
v4.2.2-rc.2
v4.2.3
v4.2.4
v4.2.4-rc.1
v4.2.5
v4.2.6
v4.3.0
v4.3.1
v4.3.1-rc.1
v4.3.1-rc.2
v4.3.2
v4.4.0
v4.4.0-rc.1
v4.4.0-rc.2
v4.4.0-rc.3
v4.4.0-rc.4
v4.4.1
v4.4.2
v4.4.3
v4.4.4
v4.4.5
v4.4.6
v4.4.7
v4.5.0
v4.6.0
v4.6.1
v4.6.2
v4.7.0
v4.7.1
v4.7.2
v4.7.3
v4.8.0
v4.8.1
v4.8.2
v4.8.3
v4.8.4
v5.0.0
v5.0.0-rc.1
v5.0.0-rc.2
v5.1.0
v5.1.1
v5.10.0
v5.10.1
v5.11.0
v5.11.1
v5.12.0
v5.2.0
v5.3.0
v5.4.0
v5.4.1
v5.5.0
v5.6.0
v5.7.0
v5.7.1
v5.8.0
v5.8.1-rc.1
v5.9.0
v5.9.1
v6.0.0
v6.1.0
v6.10.0
v6.10.1
v6.10.2
v6.10.3
v6.11.0
v6.11.1
v6.11.2
v6.11.3
v6.11.4
v6.2.0
v6.2.1
v6.2.2
v6.3.0
v6.3.1
v6.4.0
v6.5.0
v6.6.0
v6.7.0
v6.8.0
v6.8.1
v6.9.0
v6.9.1
v6.9.2
v6.9.3
v6.9.4
v6.9.5
v7.0.0
v7.1.0
v7.10.0
v7.10.1
v7.2.0
v7.2.1
v7.3.0
v7.4.0
v7.5.0
v7.6.0
v7.7.0
v7.7.1
v7.7.2
v7.7.3
v7.7.4
v7.8.0
v7.9.0
v8.0.0
v8.1.0
v8.1.1
v8.1.2
v8.1.3
v8.1.4
v8.2.0
v8.2.1
v8.3.0
v8.4.0
v8.5.0
v8.6.0
v8.7.0
${ noResults }
171 Commits (60a78aedb9860f0f2ed26ecec5cc3c41e13fcd1c)
Author | SHA1 | Message | Date |
---|---|---|---|
Myles Borins | 2c672891e1 |
2016-03-22, Version v4.4.1 'Argon' (LTS)
This LTS release comes with 113 commits, 56 of which are doc related, 18 of which are build / tooling related, 16 of which are test related and 7 which are benchmark related. Notable Changes: * build: - Updated Logos for the OSX + Windows installers - (Rod Vagg) https://github.com/nodejs/node/pull/5401 - (Robert Jefe Lindstaedt) https://github.com/nodejs/node/pull/5531 - New option to select your VS Version in the Windows installer - (julien.waechter) https://github.com/nodejs/node/pull/4645 - Support Visual C++ Build Tools 2015 - (João Reis) https://github.com/nodejs/node/pull/5627 * tools: - Gyp now works on OSX without XCode - (Shigeki Ohtsu) https://github.com/nodejs/node/pull/1325 PR-URL: https://github.com/nodejs/node/pull/5835 |
9 years ago |
Evan Lucas | e7039dbd94 |
2016-03-16, Version 5.9.0 (Stable)
Notable changes: * **contextify**: Fixed a memory consumption issue related to heavy use of `vm.createContext` and `vm.runInNewContext`. (Ali Ijaz Sheikh) https://github.com/nodejs/node/pull/5392 * **governance**: The following members have been added as collaborators: - Andreas Madsen (@AndreasMadsen) - Benjamin Gruenbaum (@benjamingr) - Claudio Rodriguez (@claudiorodriguez) - Glen Keane (@thekemkid) - Jeremy Whitlock (@whitlockjc) - Matt Loring (@matthewloring) - Phillip Johnsen (@phillipj) * **lib**: copy arguments object instead of leaking it (Nathan Woltman) https://github.com/nodejs/node/pull/4361 * **src**: allow combination of -i and -e cli flags (Rich Trott) https://github.com/nodejs/node/pull/5655 * **v8**: backport fb4ccae from v8 upstream (Vladimir Krivosheev) #4231 - breakout events from v8 to offer better support for external debuggers * **zlib**: add support for concatenated members (Kári Tristan Helgason) https://github.com/nodejs/node/pull/5120 PR-URL: https://github.com/nodejs/node/pull/5702 |
9 years ago |
Jeremiah Senkpiel | 3c8475241d |
2016-03-08, Version 5.8.0 (Stable)
Notable changes: * child_process: “send()” now accepts an options parameter (cjihrig) https://github.com/nodejs/node/pull/5283 - Currently the only option is “keepOpen”, which keeps the underlying socket open after the message is sent. * constants: “ENGINE_METHOD_RSA” is now correctly exposed (Sam Roberts) https://github.com/nodejs/node/pull/5463 * Fixed two regressions which originated in v5.7.0: - http: Errors inside of http client callbacks now propagate correctly (Trevor Norris) https://github.com/nodejs/node/pull/5591 - path: Fixed normalization of absolute paths (Evan Lucas) https://github.com/nodejs/node/pull/5589 * repl: “start()” no longer requires an options parameter (cjihrig) https://github.com/nodejs/node/pull/5388 * util: Improved “format()” performance 50-300% (Evan Lucas) https://github.com/nodejs/node/pull/5360 PR-URL: https://github.com/nodejs/node/pull/5559 |
9 years ago |
Myles Borins | 9277aed48a |
2016-03-08, Version 4.4.0 'Argon' (LTS)
In December we announced that we would be doing a minor release in order to get a number of voted on SEMVER-MINOR changes into LTS. Our ability to release this was delayed due to the unforeseen security release v4.3. We are quickly bumping to v4.4 in order to bring you the features that we had committed to releasing. This release also includes over 70 fixes to our docs and over 50 fixes to tests. The SEMVER-MINOR changes include: * deps: - An update to v8 that introduces a new flag --perf_basic_prof_only_functions (Ali Ijaz Sheikh) https://github.com/nodejs/node/pull/3609 * http: - A new feature in http(s) agent that catches errors on *keep alived* connections (José F. Romaniello) https://github.com/nodejs/node/pull/4482 * src: - Better support for Big-Endian systems (Bryon Leung) https://github.com/nodejs/node/pull/3410 * tls: - A new feature that allows you to pass common SSL options to `tls.createSecurePair` (Коренберг Марк) https://github.com/nodejs/node/pull/2441 * tools - a new flag `--prof-process` which will execute the tick processor on the provided isolate files (Matt Loring) https://github.com/nodejs/node/pull/4021 Notable semver patch changes include: * buld: - Support python path that includes spaces. This should be of particular interest to our Windows users who may have python living in `c:/Program Files` (Felix Becker) https://github.com/nodejs/node/pull/4841 * https: - A potential fix for https://github.com/nodejs/node/issues/3692 HTTP/HTTPS client requests throwing EPROTO (Fedor Indutny) https://github.com/nodejs/node/pull/4982 * installer: - More readable profiling information from isolate tick logs (Matt Loring) https://github.com/nodejs/node/pull/3032 * *npm: - upgrade to npm 2.14.20 (Kat Marchán) https://github.com/nodejs/node/pull/5510 * process: - Add support for symbols in event emitters. Symbols didn't exist when it was written ¯\_(ツ)_/¯ (cjihrig) https://github.com/nodejs/node/pull/4798 * querystring: - querystring.parse() is now 13-22% faster! (Brian White) https://github.com/nodejs/node/pull/4675 * streams: - performance improvements for moving small buffers that shows a 5% throughput gain. IoT projects have been seen to be as much as 10% faster with this change! (Matteo Collina) https://github.com/nodejs/node/pull/4354 * tools: - eslint has been updated to version 2.1.0 (Rich Trott) https://github.com/nodejs/node/pull/5214 PR-URL: https://github.com/nodejs/node/pull/5301 |
9 years ago |
Rod Vagg | 46170bca24 |
2016-03-08 Version 0.12.12 (LTS) Release
Notable changes: * openssl: Fully remove SSLv2 support, the `--enable-ssl2` command line argument will now produce an error. The DROWN Attack (https://drownattack.com/) creates a vulnerability where SSLv2 is enabled by a server, even if a client connection is not using SSLv2. The SSLv2 protocol is widely considered unacceptably broken and should not be supported. More information is available at https://www.openssl.org/news/vulnerabilities.html#2016-0800 Note that the upgrade to OpenSSL 1.0.1s in Node.js v0.12.11 removed internal SSLv2 support. The change in this release was originally intended for v0.12.11. The `--enable-ssl2` command line argument now produces an error rather than being a no-op. PR-URL: https://github.com/nodejs/nodejs.org/pull/562 |
9 years ago |
Rod Vagg | 8938355398 |
2016-03-04 Version 0.10.43 (Maintenance) Release
Notable changes: * http_parser: Update to http-parser 1.2 to fix an unintentionally strict limitation of allowable header characters. (James M Snell) https://github.com/nodejs/node/pull/5242 * domains: - Prevent an exit due to an exception being thrown rather than emitting an 'uncaughtException' event on the `process` object when no error handler is set on the domain within which an error is thrown and an 'uncaughtException' event listener is set on `process`. (Julien Gilli) https://github.com/nodejs/node/pull/3887 - Fix an issue where the process would not abort in the proper function call if an error is thrown within a domain with no error handler and `--abort-on-uncaught-exception` is used. (Julien Gilli) https://github.com/nodejs/node/pull/3887 * openssl: Upgrade from 1.0.1r to 1.0.1s (Ben Noordhuis) https://github.com/nodejs/node/pull/5508 - Fix a double-free defect in parsing malformed DSA keys that may potentially be used for DoS or memory corruption attacks. It is likely to be very difficult to use this defect for a practical attack and is therefore considered low severity for Node.js users. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0705 - Fix a defect that can cause memory corruption in certain very rare cases relating to the internal `BN_hex2bn()` and `BN_dec2bn()` functions. It is believed that Node.js is not invoking the code paths that use these functions so practical attacks via Node.js using this defect are _unlikely_ to be possible. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0797 - Fix a defect that makes the CacheBleed Attack (https://ssrg.nicta.com.au/projects/TS/cachebleed/) possible. This defect enables attackers to execute side-channel attacks leading to the potential recovery of entire RSA private keys. It only affects the Intel Sandy Bridge (and possibly older) microarchitecture when using hyper-threading. Newer microarchitectures, including Haswell, are unaffected. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0702 - Remove SSLv2 support, the `--enable-ssl2` command line argument will now produce an error. The DROWN Attack (https://drownattack.com/) creates a vulnerability where SSLv2 is enabled by a server, even if a client connection is not using SSLv2. The SSLv2 protocol is widely considered unacceptably broken and should not be supported. More information is available at https://www.openssl.org/news/vulnerabilities.html#2016-0800 PR-URL: https://github.com/nodejs/node/pull/5404 |
9 years ago |
Rod Vagg | 4f08540b73 |
2016-03-03 Version 0.12.11 (LTS) Release
Notable changes: * http_parser: Update to http-parser 2.3.2 to fix an unintentionally strict limitation of allowable header characters. (James M Snell) https://github.com/nodejs/node/pull/5241 * domains: - Prevent an exit due to an exception being thrown rather than emitting an 'uncaughtException' event on the `process` object when no error handler is set on the domain within which an error is thrown and an 'uncaughtException' event listener is set on `process`. (Julien Gilli) https://github.com/nodejs/node/pull/3885 - Fix an issue where the process would not abort in the proper function call if an error is thrown within a domain with no error handler and `--abort-on-uncaught-exception` is used. (Julien Gilli) https://github.com/nodejs/node/pull/3885 * openssl: Upgrade from 1.0.2f to 1.0.2g (Ben Noordhuis) https://github.com/nodejs/node/pull/5509 - Fix a double-free defect in parsing malformed DSA keys that may potentially be used for DoS or memory corruption attacks. It is likely to be very difficult to use this defect for a practical attack and is therefore considered low severity for Node.js users. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0705 - Fix a defect that can cause memory corruption in certain very rare cases relating to the internal `BN_hex2bn()` and `BN_dec2bn()` functions. It is believed that Node.js is not invoking the code paths that use these functions so practical attacks via Node.js using this defect are _unlikely_ to be possible. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0797 - Fix a defect that makes the CacheBleed Attack (https://ssrg.nicta.com.au/projects/TS/cachebleed/) possible. This defect enables attackers to execute side-channel attacks leading to the potential recovery of entire RSA private keys. It only affects the Intel Sandy Bridge (and possibly older) microarchitecture when using hyper-threading. Newer microarchitectures, including Haswell, are unaffected. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0702 PR-URL: https://github.com/nodejs/node/pull/5403 |
9 years ago |
Jeremiah Senkpiel | 9091ccdc2d |
2016-03-02, Version 5.7.1 (Stable)
Notable changes: * governance: The Core Technical Committee (CTC) added four new members to help guide Node.js core development: Evan Lucas, Rich Trott, Ali Ijaz Sheikh and Сковорода Никита Андреевич (Nikita Skovoroda). * openssl: Upgrade from 1.0.2f to 1.0.2g (Ben Noordhuis) https://github.com/nodejs/node/pull/5507 - Fix a double-free defect in parsing malformed DSA keys that may potentially be used for DoS or memory corruption attacks. It is likely to be very difficult to use this defect for a practical attack and is therefore considered low severity for Node.js users. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0705 - Fix a defect that can cause memory corruption in certain very rare cases relating to the internal `BN_hex2bn()` and `BN_dec2bn()` functions. It is believed that Node.js is not invoking the code paths that use these functions so practical attacks via Node.js using this defect are _unlikely_ to be possible. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0797 - Fix a defect that makes the CacheBleed Attack (https://ssrg.nicta.com.au/projects/TS/cachebleed/) possible. This defect enables attackers to execute side-channel attacks leading to the potential recovery of entire RSA private keys. It only affects the Intel Sandy Bridge (and possibly older) microarchitecture when using hyper-threading. Newer microarchitectures, including Haswell, are unaffected. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0702 * Fixed several regressions that appeared in v5.7.0: - path.relative(): - Output is no longer unnecessarily verbose (Brian White) https://github.com/nodejs/node/pull/5389 - Resolving UNC paths on Windows now works correctly (Owen Smith) https://github.com/nodejs/node/pull/5456 - Resolving paths with prefixes now works correctly from the root directory (Owen Smith) https://github.com/nodejs/node/pull/5490 - url: Fixed an off-by-one error with `parse()` (Brian White) https://github.com/nodejs/node/pull/5394 - dgram: Now correctly handles a default address case when offset and length are specified (Matteo Collina) https://github.com/nodejs/node/pull/5407 PR-URL: https://github.com/nodejs/node/pull/5464 |
9 years ago |
Myles Borins | d6608ed47a |
2016-03-02, Version 4.3.2 'Argon' (LTS)
This is a security release with only a single commit, an update to openssl due to a recent security advisory. You can read more about the security advisory on the Node.js website https://nodejs.org/en/blog/vulnerability/openssl-march-2016/ * openssl: Upgrade from 1.0.2f to 1.0.2g (Ben Noordhuis) https://github.com/nodejs/node/pull/5507 - Fix a double-free defect in parsing malformed DSA keys that may potentially be used for DoS or memory corruption attacks. It is likely to be very difficult to use this defect for a practical attack and is therefore considered low severity for Node.js users. More info is available at CVE-2016-0705 https://www.openssl.org/news/vulnerabilities.html#2016-0705. - Fix a defect that can cause memory corruption in certain very rare cases relating to the internal `BN_hex2bn()` and `BN_dec2bn()` functions. It is believed that Node.js is not invoking the code paths that use these functions so practical attacks via Node.js using this defect are _unlikely_ to be possible. More info is available at CVE-2016-0797 https://www.openssl.org/news/vulnerabilities.html#2016-0797. - Fix a defect that makes the _CacheBleed Atta https://ssrg.nicta.com.au/projects/TS/cachebleed/ _ possible. This defect enables attackers to execute side-channel attacks leading to the potential recovery of entire RSA private keys. It only affects the Intel Sandy Bridge (and possibly older) microarchitecture when using hyper-threading. Newer microarchitectures, including Haswell, are unaffected. More info is available at CVE-2016-0702 https://www.openssl.org/news/vulnerabilities.html#2016-0702. PR-URL: https://github.com/nodejs/node/pull/5526 |
9 years ago |
Rod Vagg | 7b0a83d2b0 |
2016-02-23, Version 5.7.0 (Stable)
* buffer: - You can now supply an encoding argument when filling a Buffer Buffer#fill(string[, start[, end]][, encoding]), supplying an existing Buffer will also work with Buffer#fill(buffer[, start[, end]]). See the API documentation for details on how this works. (Trevor Norris) #4935 - Buffer#indexOf() no longer requires a byteOffset argument if you also wish to specify an encoding: Buffer#indexOf(val[, byteOffset][, encoding]). (Trevor Norris) #4803 * child_process: spawn() and spawnSync() now support a 'shell' option to allow for optional execution of the given command inside a shell. If set to true, cmd.exe will be used on Windows and /bin/sh elsewhere. A path to a custom shell can also be passed to override these defaults. On Windows, this option allows .bat. and .cmd files to be executed with spawn() and spawnSync(). (Colin Ihrig) #4598 * http_parser: Update to http-parser 2.6.2 to fix an unintentionally strict limitation of allowable header characters. (James M Snell) #5237 * dgram: socket.send() now supports accepts an array of Buffers or Strings as the first argument. See the API docs for details on how this works. (Matteo Collina) #4374 * http: Fix a bug where handling headers will mistakenly trigger an 'upgrade' event where the server is just advertising its protocols. This bug can prevent HTTP clients from communicating with HTTP/2 enabled servers. (Fedor Indutny) #4337 * net: Added a listening Boolean property to net and http servers to indicate whether the server is listening for connections. (José Moreira) #4743 * node: The C++ node::MakeCallback() API is now reentrant and calling it from inside another MakeCallback() call no longer causes the nextTick queue or Promises microtask queue to be processed out of order. (Trevor Norris) #4507 * tls: Add a new tlsSocket.getProtocol() method to get the negotiated TLS protocol version of the current connection. (Brian White) #4995 * vm: Introduce new 'produceCachedData' and 'cachedData' options to new vm.Script() to interact with V8's code cache. When a new vm.Script object is created with the 'produceCachedData' set to true a Buffer with V8's code cache data will be produced and stored in cachedData property of the returned object. This data in turn may be supplied back to another vm.Script() object with a 'cachedData' option if the supplied source is the same. Successfully executing a script from cached data can speed up instantiation time. See the API docs for details. (Fedor Indutny) #4777 * performance: Improvements in: - process.nextTick() (Ruben Bridgewater) #5092 - path module (Brian White) #5123 - querystring module (Brian White) #5012 - streams module when processing small chunks (Matteo Collina) #4354 PR-URL: https://github.com/nodejs/node/pull/5295 |
9 years ago |
Myles Borins | c1b3d78a39 |
2016-02-16, Version 4.3.1 'Argon' (LTS)
Notable changes: * buffer: make byteLength work with Buffer correctly (Jackson Tian) - https://github.com/nodejs/node/pull/4738 * debugger: guard against call from non-node context (Ben Noordhuis) - https://github.com/nodejs/node/pull/4328 * node_contextify: do not incept debug context (Myles Borins) - https://github.com/nodejs/node/pull/4819 * deps: update to http-parser 2.5.2 (James Snell) - https://github.com/nodejs/node/pull/5238 PR-URL: https://github.com/nodejs/node/pull/5200#issuecomment-184897483 |
9 years ago |
James M Snell | de91e9a8a7 |
doc: fix v4.3.0 changelog commit entries
The wrong commit SHA's were used PR-URL: https://github.com/nodejs/node/pull/5164 Reviewed-By: Myles Borins <myles.borins@gmail.com> |
9 years ago |
James M Snell | 1a68f85c4e |
2016-02-09, Version 5.6.0 (Stable)
This is an important security release. All Node.js users should consult the security release summary at nodejs.org for details on patched vulnerabilities. Notable changes * http: fix defects in HTTP header parsing for requests and responses that can allow request smuggling (CVE-2016-2086) or response splitting (CVE-2016-2216). HTTP header parsing now aligns more closely with the HTTP spec including restricting the acceptable characters. * http-parser: upgrade from 2.6.0 to 2.6.1 * npm: upgrade npm from 3.3.12 to 3.6.0 (Rebecca Turner) https://github.com/nodejs/node/pull/4958 * openssl: upgrade from 1.0.2e to 1.0.2f. To mitigate against the Logjam attack, TLS clients now reject Diffie-Hellman handshakes with parameters shorter than 1024-bits, up from the previous limit of 768-bits. |
9 years ago |
James M Snell | 7daded4ff0 |
2016-02-09, Version 4.3.0 'Argon' (LTS)
This is an important security release. All Node.js users should consult the security release summary at nodejs.org for details on patched vulnerabilities. Note that this release includes a non-backward compatible change to address a security issue. This change increases the version of the LTS v4.x line to v4.3.0. There will be *no further updates* to v4.2.x. * http: fix defects in HTTP header parsing for requests and responses that can allow request smuggling (CVE-2016-2086) or response splitting (CVE-2016-2216). HTTP header parsing now aligns more closely with the HTTP spec including restricting the acceptable characters. * http-parser: upgrade from 2.5.0 to 2.5.1 * openssl: upgrade from 1.0.2e to 1.0.2f. To mitigate against the Logjam attack, TLS clients now reject Diffie-Hellman handshakes with parameters shorter than 1024-bits, up from the previous limit of 768-bits. * src: - introduce new `--security-revert={cvenum}` command line flag for selective reversion of specific CVE fixes - allow the fix for CVE-2016-2216 to be selectively reverted using `--security-revert=CVE-2016-2216` PR-URL: https://github.com/nodejs/node-private/pull/20 |
9 years ago |
James M Snell | 2dc89da504 |
2016-02-09, Version 0.12.10 (LTS)
This is an important security release. All Node.js users should consult the security release summary at nodejs.org for details on patched vulnerabilities. Notable changes: * http: fix defects in HTTP header parsing for requests and responses that can allow request smuggling (CVE-2016-2086) or response splitting (CVE-2016-2216). HTTP header parsing now aligns more closely with the HTTP spec including restricting the acceptable characters. * http-parser: upgrade from 2.3.0 to 2.3.1 * openssl: upgrade from 1.0.1q to 1.0.1r. To mitigate against the Logjam attack, TLS clients now reject Diffie-Hellman handshakes with parameters shorter than 1024-bits, up from the previous limit of 768-bits. * src: - introduce new `--security-revert={cvenum}` command line flag for selective reversion of specific CVE fixes - allow the fix for CVE-2016-2216 to be selectively reverted using `--security-revert=CVE-2016-2216` * build: - xz compressed tar files will be made available from nodejs.org for v0.12 builds from v0.12.10 onward - A headers.tar.gz file will be made available from nodejs.org for v0.12 builds from v0.12.10 onward, a future change to node-gyp will be required to make use of these PR-URL: https://github.com/nodejs/node-private/pull/24 |
9 years ago |
James M Snell | bc86c5675b |
2016-02-09, Version 0.10.42 (Maintenance)
This is an important security release. All Node.js users should consult the security release summary at nodejs.org for details on patched vulnerabilities. Notable changes: * http: fix defects in HTTP header parsing for requests and responses that can allow request smuggling (CVE-2016-2086) or response splitting (CVE-2016-2216). HTTP header parsing now aligns more closely with the HTTP spec including restricting the acceptable characters. * http-parser: upgrade from 1.0 to 1.1 * openssl: upgrade from 1.0.1q to 1.0.1r. To mitigate against the Logjam attack, TLS clients now reject Diffie-Hellman handshakes with parameters shorter than 1024-bits, up from the previous limit of 768-bits. * src: - introduce new `--security-revert={cvenum}` command line flag for selective reversion of specific CVE fixes - allow the fix for CVE-2016-2216 to be selectively reverted using `--security-revert=CVE-2016-2216` * build: - xz compressed tar files will be made available from nodejs.org for v0.10 builds from v0.10.42 onward - A headers.tar.gz file will be made available from nodejs.org for v0.10 builds from v0.10.42 onward, a future change to node-gyp will be required to make use of these PR-URL: https://github.com/nodejs/node-private/pull/25 |
9 years ago |
James M Snell | b5b5bb1e3c |
src: avoid compiler warning in node_revert.cc
PR-URL: https://github.com/nodejs/node-private/pull/26 Reviewed-By: Rod Vagg <r@va.gg> Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> |
9 years ago |
Myles Borins | 8221917e85 |
2016-01-21, Version 4.2.6 "Argon" (LTS) Release
Notable changes: * Fix regression in debugger and profiler functionality PR-URL: https://github.com/nodejs/node/pull/4788 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com> |
9 years ago |
Evan Lucas | 318ded2c4d |
2016-01-20, Version 5.5.0 (Stable)
Notable changes: * events: make sure console functions exist (Dave) https://github.com/nodejs/node/pull/4479 * fs: add autoClose option to fs.createWriteStream (Saquib) https://github.com/nodejs/node/pull/3679 * http: improves expect header handling (Daniel Sellers) https://github.com/nodejs/node/pull/4501 * node: allow preload modules with -i (Evan Lucas) https://github.com/nodejs/node/pull/4696 * v8,src: expose statistics about heap spaces (`v8.getHeapSpaceStatistics()`) (Ben Ripkens) https://github.com/nodejs/node/pull/4463 * Minor performance improvements: - lib: Use arrow functions instead of bind where possible (Minwoo Jung) https://github.com/nodejs/node/pull/3622 - module: cache stat() results more aggressively (Ben Noordhuis) https://github.com/nodejs/node/pull/4575 - querystring: improve parse() performance (Brian White) https://github.com/nodejs/node/pull/4675 PR-URL: https://github.com/nodejs/node/pull/4742 |
9 years ago |
Myles Borins | d50a8a9848 |
2016-01-20, Version 4.2.5 "Argon" (LTS) Release
Notable changes: * assert - accommodate ES6 classes that extend Error (Rich Trott) https://github.com/nodejs/node/pull/4166 * build - add "--partly-static" build options (Super Zheng) https://github.com/nodejs/node/pull/4152 * deps - backport 066747e from upstream V8 (Ali Ijaz Sheikh) https://github.com/nodejs/node/pull/4655 - backport 200315c from V8 upstream (Vladimir Kurchatkin) https://github.com/nodejs/node/pull/4128 - upgrade libuv to 1.8.0 (Saúl Ibarra Corretgé) * docs - various updates landed in 70 different commits! * repl - attach location info to syntax errors (cjihrig) https://github.com/nodejs/node/pull/4013 - display error message when loading directory (Prince J Wesley) https://github.com/nodejs/node/pull/4170 * tests - various updates landed in over 50 commits * util - allow lookup of hidden values (cjihrig) https://github.com/nodejs/node/pull/3988 PR-URL: https://github.com/nodejs/node/pull/4768 |
9 years ago |
Myles Borins | a254507dfa |
2016-01-12, Version 5.4.1 (Stable)
Notable Changes: * Minor performance improvements: - module: move unnecessary work for early return (Andres Suarez) https://github.com/nodejs/node/pull/3579 * Various bug fixes * Various doc fixes * Various test improvements PR-URL: https://github.com/nodejs/node/pull/4626 Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com> |
9 years ago |
Jeremiah Senkpiel | 5f0abd6472 |
2016-01-06, Version 5.4.0 (Stable)
* http: - A new status code was added: 451 - "Unavailable For Legal Reasons" (Max Barinov) https://github.com/nodejs/node/pull/4377 - Idle sockets that have been kept alive now handle errors (José F. Romaniello) https://github.com/nodejs/node/pull/4482 * This release also includes several minor performance improvements: - assert: deepEqual is now speedier when comparing TypedArrays (Claudio Rodriguez) https://github.com/nodejs/node/pull/4330 - lib: Use arrow functions instead of bind where possible (Minwoo Jung) https://github.com/nodejs/node/pull/3622 - node: Improved accessor perf of process.env (Trevor Norris) https://github.com/nodejs/node/pull/3780 - node: Improved performance of process.hrtime() (Trevor Norris) https://github.com/nodejs/node/pull/3780, (Evan Lucas) https://github.com/nodejs/node/pull/4484 - node: Improved GetActiveHandles performance (Trevor Norris) https://github.com/nodejs/node/pull/3780 - util: Use faster iteration in util.format() (Jackson Tian) https://github.com/nodejs/node/pull/3964 Refs: https://github.com/nodejs/node/pull/4547 PR-URL: https://github.com/nodejs/node/pull/4623 Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> |
9 years ago |
James M Snell | 7fac47c94a |
2015-12-23, Version 4.2.4 "Argon" (LTS) Release
Maintenance Update Notable changes * Roughly 78% of the commits are documentation and test improvements * domains: - Fix handling of uncaught exceptions (Julien Gilli) [#3884](https://github.com/nodejs/node/pull/3884) * deps: - Upgrade to npm 2.14.12 (Kat Marchán) [#4110](https://github.com/nodejs/node/pull/4110) - Backport 819b40a from V8 upstream (Michaël Zasso) [#3938](https://github.com/nodejs/node/pull/3938) - Updated node LICENSE file with new npm license (Kat Marchán) [#4110](https://github.com/nodejs/node/pull/4110) |
9 years ago |
Jeremiah Senkpiel | 14f81a022d |
2015-07-09 io.js v1.8.4 Release
Notable changes * openssl: Upgrade to 1.0.2d, fixes CVE-2015-1793 (Alternate Chains Certificate Forgery) https://github.com/nodejs/io.js/pull/2141. |
10 years ago |
Rod Vagg | 8e724e6677 |
2015-07-04 io.js v1.8.3 Release
Maintenance release Notable Changes: * v8: Fixed an out-of-band write in utf8 decoder. This is an important security update as it can be used to cause a denial of service attack. * openssl: - Upgrade to 1.0.2b and 1.0.2c, introduces DHE man-in-the-middle protection (Logjam) and fixes malformed ECParameters causing infinite loop (CVE-2015-1788). See the security advisory for full details. (Shigeki Ohtsu) #1950 #1958 * build: - Added support for compiling with Microsoft Visual C++ 2015 - Started building and distributing headers-only tarballs along with binaries |
10 years ago |
Rod Vagg | 361db7e191 |
2015-05-17 io.js v1.8.2 Release
Maintenance release Notable Changes: * crypto: significantly reduced memory usage for TLS (Fedor Indutny & Сковорода Никита Андреевич) #1529 * npm: Upgrade npm to 2.9.0. See the v2.8.4 and v2.9.0 release notes for details. |
10 years ago |
cjihrig | e5774c9df0 |
2015-12-16, Version 5.3.0 (Stable)
Notable changes: * buffer: - Buffer.prototype.includes() has been added to keep parity with TypedArrays. (Alexander Martin) #3567. * domains: - Fix handling of uncaught exceptions. (Julien Gilli) #3654. * https: - Added support for disabling session caching. (Fedor Indutny) #4252. * repl: - Allow third party modules to be imported using require(). This corrects a regression from 5.2.0. (Ben Noordhuis) #4215. * deps: - Upgrade libuv to 1.8.0. (Saúl Ibarra Corretgé) #4276. PR-URL: https://github.com/nodejs/node/pull/4281 Conflicts: src/node_version.h |
9 years ago |
Rod Vagg | 6ca5ea3860 |
2015-12-09, Version 5.2.0 (Stable)
Notable changes: * build: - Add support for Intel's VTune JIT profiling when compiled with --enable-vtune-profiling. For more information about VTune, see https://software.intel.com/en-us/node/544211. (Chunyang Dai) #3785. - Properly enable V8 snapshots by default. Due to a configuration error, snapshots have been kept off by default when the intention is for the feature to be enabled. (Fedor Indutny) #3962. * crypto: - Simplify use of ECDH (Elliptic Curve Diffie-Hellman) objects (created via crypto.createECDH(curve_name)) with private keys that are not dynamically generated via generateKeys(). The public key is now computed when explicitly setting a private key. Added validity checks to reduce the possibility of computing weak or invalid shared secrets. Also, deprecated the setPublicKey() method for ECDH objects as its usage is unnecessary and can lead to inconsistent state. (Michael Ruddy) #3511. - Update root certificates from the current list stored maintained by Mozilla NSS. (Ben Noordhuis) #3951. - Multiple CA certificates can now be passed with the ca option to TLS methods as an array of strings or in a single new-line separated string. (Ben Noordhuis) #4099 * tools: Include a tick processor in core, exposed via the --prof-process command-line argument which can be used to process V8 profiling output files generated when using the --prof command-line argument. (Matt Loring) #4021. PR-URL: https://github.com/nodejs/node/pull/4181 |
9 years ago |
Rod Vagg | ab009a0955 |
2015-12-04, Version 5.1.1 (Stable)
Security Update Notable items: * **http**: Fix a bug where an HTTP socket may no longer have a socket but a pipelined request triggers a pause or resume, a potential denial-of-service vector. (Fedor Indutny) * **openssl**: Upgrade to 1.0.2e, containing fixes for: - CVE-2015-3193 "BN_mod_exp may produce incorrect results on x86_64", an attack is considered feasible against DH, an attack against RSA and DSA is considered possible but unlikely, EC algorithms are not affected. Details are available at <http://openssl.org/news/secadv/20151203.txt>. - CVE-2015-3194 "Certificate verify crash with missing PSS parameter", a potential denial-of-service vector for Node.js TLS servers; TLS clients are also impacted. Details are available at <http://openssl.org/news/secadv/20151203.txt>. (Shigeki Ohtsu) #4134 * v8: Backport fixes for a bug in `JSON.stringify()` that can result in out-of-bounds reads for arrays. (Ben Noordhuis) PR-URL: https://github.com/nodejs/node-private/pull/11 |
9 years ago |
Rod Vagg | e935a5214c |
2015-12-04, Version 4.2.3 "Argon" (LTS) Release
Security Update Notable items: * http: Fix a bug where an HTTP socket may no longer have a socket but a pipelined request triggers a pause or resume, a potential denial-of-service vector. (Fedor Indutny) * openssl: Upgrade to 1.0.2e, containing fixes for: - CVE-2015-3193 "BN_mod_exp may produce incorrect results on x86_64", an attack is considered feasible against a Node.js TLS server using DHE key exchange. Details are available at <http://openssl.org/news/secadv/20151203.txt>. - CVE-2015-3194 "Certificate verify crash with missing PSS parameter", a potential denial-of-service vector for Node.js TLS servers; TLS clients are also impacted. Details are available at <http://openssl.org/news/secadv/20151203.txt>. (Shigeki Ohtsu) #4134 * v8: Backport fixes for a bug in `JSON.stringify()` that can result in out-of-bounds reads for arrays. (Ben Noordhuis) PR-URL: https://github.com/nodejs/node-private/pull/12 |
9 years ago |
Rod Vagg | 07d8741ddf |
2015-12-04, Version 0.12.9 (Stable)
Security Update Notable items: * http: Fix a bug where an HTTP socket may no longer have a socket but a pipelined request triggers a pause or resume, a potential denial-of-service vector. (Fedor Indutny) * openssl: Upgrade to 1.0.1q, fixes CVE-2015-3194 "Certificate verify crash with missing PSS parameter", a potential denial-of-service vector for Node.js TLS servers; TLS clients are also impacted. Details are available at <http://openssl.org/news/secadv/20151203.txt>. (Ben Noordhuis) #4133 PR-URL: https://github.com/nodejs/node-private/pull/13 |
9 years ago |
Rod Vagg | 2c61b84772 |
2015-12-04, Version 0.10.41 (Maintenance)
Security Update Notable items: * build: Add support for Microsoft Visual Studio 2015 * npm: Upgrade to v1.4.29 from v1.4.28. A special one-off release as part of the strategy to get a version of npm into Node.js v0.10.x that works with the current registry (https://github.com/nodejs/LTS/issues/37). This version of npm prints out a banner each time it is run. The banner warns that the next standard release of Node.js v0.10.x will ship with a version of npm v2. * openssl: Upgrade to 1.0.1q, containing fixes CVE-2015-3194 "Certificate verify crash with missing PSS parameter", a potential denial-of-service vector for Node.js TLS servers; TLS clients are also impacted. Details are available at <http://openssl.org/news/secadv/20151203.txt>. (Ben Noordhuis) #4133 PR-URL: https://github.com/nodejs/node-private/pull/15 |
9 years ago |
Rod Vagg | 483016ffd9 |
2015-11-25 Version 0.12.8 (LTS) Release
PR-URL: https://github.com/nodejs/node/pull/2806 |
9 years ago |
Jeremiah Senkpiel | 29cd1195ec |
2015-11-17, Version 5.1.0 (Stable)
PR-URL: https://github.com/nodejs/node/pull/3736 |
9 years ago |
James M Snell | 3268383c2b |
doc: fix wrong date and known issue in changelog.md
* A known issue was resolved but not removed from the list * The wrong date was documented in the changelog for v4.2.2 PR-URL: https://github.com/nodejs/node/pull/3650 Reviewed-By: Michaël Zasso <mic.besace@gmail.com> |
9 years ago |
James M Snell | 3be3fb6538 |
2015-11-03, Version 4.2.2 "Argon" (LTS) Release
|
9 years ago |
Rod Vagg | 837b17408a |
2015-10-29, Version 5.0.0 (Stable)
Notable changes: * buffer: (Breaking) Removed both 'raw' and 'raws' encoding types from Buffer, these have been deprecated for a long time (Sakthipriyan Vairamani) #2859. * console: (Breaking) Values reported by console.time() now have 3 decimals of accuracy added (Michaël Zasso) #3166. * fs: - fs.readFile*(), fs.writeFile*(), and fs.appendFile*() now also accept a file descriptor as their first argument (Johannes Wüller) #3163. - (Breaking) In fs.readFile(), if an encoding is specified and the internal toString() fails the error is no longer thrown but is passed to the callback (Evan Lucas) #3485. - (Breaking) In fs.read() (using the fs.read(fd, length, position, encoding, callback) form), if the internal toString() fails the error is no longer thrown but is passed to the callback (Evan Lucas) #3503. * http: - Fixed a bug where pipelined http requests would stall (Fedor Indutny) #3342. - (Breaking) When parsing HTTP, don't add duplicates of the following headers: Retry-After, ETag, Last-Modified, Server, Age, Expires. This is in addition to the following headers which already block duplicates: Content-Type, Content-Length, User-Agent, Referer, Host, Authorization, Proxy-Authorization, If-Modified-Since, If-Unmodified-Since, From, Location, Max-Forwards (James M Snell) #3090. - (Breaking) The callback argument to OutgoingMessage#setTimeout() must be a function or a TypeError is thrown (James M Snell) #3090. - (Breaking) HTTP methods and header names must now conform to the RFC 2616 "token" rule, a list of allowed characters that excludes control characters and a number of separator characters. Specifically, methods and header names must now match /^[a-zA-Z0-9_!#$%&'*+.^`|~-]+$/ or a TypeError will be thrown (James M Snell) #2526. * node: - (Breaking) Deprecated the _linklist module (Rich Trott) #3078. - (Breaking) Removed require.paths and require.registerExtension(), both had been previously set to throw Error when accessed (Sakthipriyan Vairamani) #2922. * npm: Upgraded to version 3.3.6 from 2.14.7, see https://github.com/npm/npm/releases/tag/v3.3.6 for more details. This is a major version bump for npm and it has seen a significant amount of change. Please see the original npm v3.0.0 release notes for a list of major changes (Rebecca Turner) #3310. * src: (Breaking) Bumped NODE_MODULE_VERSION to 47 from 46, this is necessary due to the V8 upgrade. Native add-ons will need to be recompiled (Rod Vagg) #3400. * timers: Attempt to reuse the timer handle for setTimeout().unref(). This fixes a long-standing known issue where unrefed timers would perviously hold beforeExit open (Fedor Indutny) #3407. * tls: - Added ALPN Support (Shigeki Ohtsu) #2564. - TLS options can now be passed in an object to createSecurePair() (Коренберг Марк) #2441. - (Breaking) The default minimum DH key size for tls.connect() is now 1024 bits and a warning is shown when DH key size is less than 2048 bits. This a security consideration to prevent "logjam" attacks. A new minDHSize TLS option can be used to override the default. (Shigeki Ohtsu) #1831. * util: - (Breaking) util.p() was deprecated for years, and has now been removed (Wyatt Preul) #3432. - (Breaking) util.inherits() can now work with ES6 classes. This is considered a breaking change because of potential subtle side-effects caused by a change from directly reassigning the prototype of the constructor using `ctor.prototype = Object.create(superCtor.prototype, { constructor: { ... } })` to using `Object.setPrototypeOf(ctor.prototype, superCtor.prototype)` (Michaël Zasso) #3455. * v8: (Breaking) Upgraded to 4.6.85.25 from 4.5.103.35 (Ali Ijaz Sheikh) #3351. - Implements the spread operator, see https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Spread_operator for further information. - Implements new.target, see https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/new.target for further information. * zlib: Decompression now throws on truncated input (e.g. unexpected end of file) (Yuval Brik) #2595. PR-URL: https://github.com/nodejs/node/pull/3466 |
9 years ago |
Phillip Johnsen | dae9fae0fe |
doc: label v4.2.1 as LTS in changelog heading
PR-URL: https://github.com/nodejs/node/pull/3360 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Roman Reiss <me@silverwind.io> |
9 years ago |
Timothy Gu | 81503e597b |
doc: fix typo in changelog
PR-URL: https://github.com/nodejs/node/pull/3353 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org> |
9 years ago |
James M Snell | 0a7076b0f1 |
2015-10-13, Version 4.2.1 'Argon' (LTS) Release
* Includes fixes for two regressions - Assertion error in WeakCallback - see [#3329](https://github.com/nodejs/node/pull/3329) - Undefined timeout regression - see [#3331](https://github.com/nodejs/node/pull/3331) * Document an additional known issue with pipelined requests - See: https://github.com/nodejs/node/issues/3332 and https://github.com/nodejs/node/pull/3342 |
9 years ago |
Rod Vagg | 4bc9d97c5f |
doc: label v4.2.0 as LTS in changelog heading
Update the label for v4.2.0 to (LTS) from (Stable) Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> PR-URL: https://github.com/nodejs/node/pull/3343 |
9 years ago |
James M Snell | 47db2472e5 |
2015-10-12, Version 4.2.0 'Argon' (LTS) Release
The first Node.js LTS release! See https://github.com/nodejs/LTS/ for details of the LTS process. * **icu**: Updated to version 56 with significant performance improvements (Steven R. Loomis) https://github.com/nodejs/node/pull/3281 * **node**: - Added new `-c` (or `--check`) command line argument for checking script syntax without executing the code (Dave Eddy) https://github.com/nodejs/node/pull/2411 - Added `process.versions.icu` to hold the current ICU library version (Evan Lucas) https://github.com/nodejs/node/pull/3102 - Added `process.release.lts` to hold the current LTS codename when the binary is from an active LTS release line (Rod Vagg) https://github.com/nodejs/node/pull/3212 * **npm**: Upgraded to npm 2.14.7 from 2.14.4, see release notes: https://github.com/npm/npm/releases/tag/v2.14.7 for full details (Kat Marchán) https://github.com/nodejs/node/pull/3299 PR-URL: https://github.com/nodejs/node/pull/3258 |
9 years ago |
reggi | 3ef2e4acf3 |
doc: fix typos in changelog
PR-URL: https://github.com/nodejs/node/pull/3291 Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Michaël Zasso <mic.besace@gmail.com> |
9 years ago |
Martial | f5a3f44f5c |
doc: standardize references to userland
Change occurrences of "user-land" to "userland". PR-URL: https://github.com/nodejs/node/pull/3192 Fixes: https://github.com/nodejs/node/issues/3189 Reviewed-By: Rich Trott <rtrott@gmail.com> |
9 years ago |
Rod Vagg | 820735d967 |
2015-10-05, Version 4.1.2 (Stable) Release
Notable changes * http: - Fix out-of-order 'finish' event bug in pipelining that can abort execution, fixes DoS vulnerability CVE-2015-7384 (Fedor Indutny) #3128 - Account for pending response data instead of just the data on the current request to decide whether pause the socket or not (Fedor Indutny) #3128 * libuv: Upgraded from v1.7.4 to v1.7.5, see release notes for details (Saúl Ibarra Corretgé) #3010 - A better rwlock implementation for all Windows versions - Improved AIX support * v8: - Upgraded from v4.5.103.33 to v4.5.103.35 (Ali Ijaz Sheikh) #3117 - Backported f782159 from v8's upstream to help speed up Promise introspection (Ben Noordhuis) #3130 - Backported c281c15 from v8's upstream to add JSTypedArray length in post-mortem metadata (Julien Gilli) #3031 PR-URL: https://github.com/nodejs/node/pull/3128 |
9 years ago |
Rod Vagg | 4a6f1feecb |
2015-09-22, Version 4.1.1 (Stable) Release
Notable changes * buffer: Fixed a bug introduced in v4.1.0 where allocating a new zero-length buffer can result in the next allocation of a TypedArray in JavaScript not being zero-filled. In certain circumstances this could result in data leakage via reuse of memory space in TypedArrays, breaking the normally safe assumption that TypedArrays should be always zero-filled. (Trevor Norris) #2931. * http: Guard against response-splitting of HTTP trailing headers added via response.addTrailers() by removing new-line ([\r\n]) characters from values. Note that standard header values are already stripped of new-line characters. The expected security impact is low because trailing headers are rarely used. (Ben Noordhuis) #2945. * npm: Upgrade to npm 2.14.4 from 2.14.3, see release notes for full details (Kat Marchán) #2958 - Upgrades graceful-fs on multiple dependencies to no longer rely on monkey-patching fs - Fix npm link for pre-release / RC builds of Node * v8: Update post-mortem metadata to allow post-mortem debugging tools to find and inspect: - JavaScript objects that use dictionary properties (Julien Gilli) #2959 - ScopeInfo and thus closures (Julien Gilli) #2974 PR-URL: https://github.com/nodejs/node/pull/2995 |
9 years ago |
Jeremiah Senkpiel | e4f2952341 |
2015-09-17, Version 4.1.0 (Stable) Release
Notable changes: * buffer: - Buffers are now created in JavaScript, rather than C++. This increases the speed of buffer creation (Trevor Norris) https://github.com/nodejs/node/pull/2866. - `Buffer#slice()` now uses `Uint8Array#subarray()` internally, increasing `slice()` performance (Karl Skomski) https://github.com/nodejs/node/pull/2777. * fs: - `fs.utimes()` now properly converts numeric strings, `NaN`, and `Infinity` (Yazhong Liu) https://github.com/nodejs/node/pull/2387. - `fs.WriteStream` now implements `_writev`, allowing for super-fast bulk writes (Ron Korving) https://github.com/nodejs/node/pull/2167. * http: Fixed an issue with certain `write()` sizes causing errors when using `http.request()` (Fedor Indutny) https://github.com/nodejs/node/pull/2824. * npm: Upgrade to version 2.14.3, see https://github.com/npm/npm/releases/tag/v2.14.3 for more details (Kat Marchán) https://github.com/nodejs/node/pull/2822. * src: V8 cpu profiling no longer erroneously shows idle time (Oleksandr Chekhovskyi) https://github.com/nodejs/node/pull/2324. * v8: Lateral upgrade to 4.5.103.33 from 4.5.103.30, contains minor fixes (Ali Ijaz Sheikh) https://github.com/nodejs/node/pull/2870. - This fixes a previously known bug where some computed object shorthand properties did not work correctly (https://github.com/nodejs/node/issues/2507). Refs: https://github.com/nodejs/node/issues/2844 PR-URL: https://github.com/nodejs/node/pull/2889 |
9 years ago |
Rod Vagg | b9813641dc |
2015-09-15 io.js v3.3.1 Release
* buffer: Fixed a minor errors that was causing crashes (Michaël Zasso) #2635, * child_process: Fix error that was causing crashes (Evan Lucas) #2727 * crypto: Replace use of rwlocks, unsafe on Windows XP / 2003 (Ben Noordhuis) #2723 * libuv: Upgrade from 1.7.3 to 1.7.4 (Saúl Ibarra Corretgé) #2817 * node: Fix faulty process.release.libUrl on Windows (Rod Vagg) #2699 * node-gyp: Float v3.0.3 which has improved support for Node.js and io.js v0.10 to v4+ (Rod Vagg) #2700 * npm: Upgrade to version 2.14.3 from 2.13.3, includes a security update, see https://github.com/npm/npm/releases/tag/v2.14.2 for more details, (Kat Marchán) #2696. * timers: Improved timer performance from porting the 0.12 implementation, plus minor fixes (Jeremiah Senkpiel) #2540, (Julien Gilli) nodejs/node-v0.x-archive#8751 nodejs/node-v0.x-archive#8905 PR-URL: https://github.com/nodejs/node/pull/2698 |
9 years ago |
Rod Vagg | 380a3d89c3 |
2015-09-08, Version 4.0.0 (Stable) Release
This list of changes is relative to the last io.js v3.x branch release, v3.3.0. Please see the list of notable changes in the v3.x, v2.x and v1.x releases for a more complete list of changes from 0.12.x. Note, that some changes in the v3.x series as well as major breaking changes in this release constitute changes required for full convergence of the Node.js and io.js projects. * child_process: ChildProcess.prototype.send() and process.send() operate asynchronously across all platforms so an optional callback parameter has been introduced that will be invoked once the message has been sent, i.e. .send(message[, sendHandle][, callback]) (Ben Noordhuis) #2620. * node: Rename "io.js" code to "Node.js" (cjihrig) #2367. * node-gyp: This release bundles an updated version of node-gyp that works with all versions of Node.js and io.js including nightly and release candidate builds. From io.js v3 and Node.js v4 onward, it will only download a headers tarball when building addons rather than the entire source. (Rod Vagg) #2700. * npm: Upgrade to version 2.14.2 from 2.13.3, includes a security update, see https://github.com/npm/npm/releases/tag/v2.14.2 for more details, (Kat Marchán) #2696. * timers: Improved timer performance from porting the 0.12 implementation, plus minor fixes (Jeremiah Senkpiel) #2540, (Julien Gilli) nodejs/node-v0.x-archive#8751 nodejs/node-v0.x-archive#8905 * util: The util.is*() functions have been deprecated, beginning with deprecation warnings in the documentation for this release, users are encouraged to seek more robust alternatives in the npm registry, (Sakthipriyan Vairamani) #2447. * v8: Upgrade to version 4.5.103.30 from 4.4.63.30 (Ali Ijaz Sheikh) #2632. - Implement new TypedArray prototype methods: copyWithin(), every(), fill(), filter(), find(), findIndex(), forEach(), indexOf(), join(), lastIndexOf(), map(), reduce(), reduceRight(), reverse(), slice(), some(), sort(). See https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray for further information. - Implement new TypedArray.from() and TypedArray.of() functions. See https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray for further information. - Implement arrow functions. See https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Functions/Arrow_functions for further information. - Full ChangeLog available at https://github.com/v8/v8-git-mirror/blob/4.5.103/ChangeLog PR-URL: https://github.com/nodejs/node/pull/2742 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com> Reviewed-By: Brian White <mscdex@mscdex.net> Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com> |
9 years ago |
Rod Vagg | a06e11d9d3 |
doc: update changelog for io.js v3.3.0
Notable changes:
* build: Add a --link-module option to configure that can be used to
bundle additional JavaScript modules into a built binary
(Bradley Meck) #2497
* docs: Merge outstanding doc updates from joyent/node
(James M Snell) #2378
* http_parser: Significant performance improvement by having
http.Server consume all initial data from its net.Socket and parsing
directly without having to enter JavaScript. Any 'data' listeners on
the net.Socket will result in the data being "unconsumed" into
JavaScript, thereby undoing any performance gains.
(Fedor Indutny) #2355
* libuv: Upgrade to 1.7.3 (from 1.6.1), see
https://github.com/libuv/libuv/blob/v1.x/ChangeLog for details
(Saúl Ibarra Corretgé) #2310
* V8: Upgrade to 4.4.63.30 (from 4.4.63.26) (Michaël Zasso) #2482
cherry-picked from v3.x @
|
9 years ago |