Myles Borins
f04524e0c9
2017-03-28, Version 7.8.0 (Current)
Notable changes:
* buffer:
- do not segfault on out-of-range index (Timothy Gu)
https://github.com/nodejs/node/pull/11927
* crypto:
- Fix memory leak if certificate is revoked (Tom Atkinson)
https://github.com/nodejs/node/pull/12089
* deps:
* upgrade npm to 4.2.0 (Kat Marchán)
https://github.com/nodejs/node/pull/11389
* fix async await desugaring in V8 (Michaël Zasso)
https://github.com/nodejs/node/pull/12004
* readline:
- add option to stop duplicates in history (Danny Nemer)
https://github.com/nodejs/node/pull/2982
* src:
- add native URL class (James M Snell)
https://github.com/nodejs/node/pull/11801
PR-URL: https://github.com/nodejs/node/pull/12104
8 years ago
cjihrig
44b4c0b088
2017-03-21, Version 7.7.4 (Current)
Notable changes:
* deps: Add node-inspect 1.10.6 (Jan Krems) https://github.com/nodejs/node/pull/11869
* inspector: proper WS URLs when bound to 0.0.0.0 (Eugene Ostroukhov) https://github.com/nodejs/node/pull/11850
* tls: fix segfault on destroy after partial read. (Ben Noordhuis) https://github.com/nodejs/node/pull/11898
PR-URL: https://github.com/nodejs/node/pull/11941
8 years ago
Italo A. Casas
9c68a69802
2017-03-14, Version 7.7.3 (Current)
Notable changes:
* module: The [module loading global fallback]
(https://nodejs.org/dist/latest-v6.x/docs/api/modules.html#modules_loading_from_the_global_folders )
to the Node executable's directory now works correctly on Windows.
(Richard Lau) [#9283 ](https://github.com/nodejs/node/pull/9283 )
* net: `Socket.prototype.connect` now once again functions without
a callback. (Juwan Yoo) [#11762 ](https://github.com/nodejs/node/pull/11762 )
* url: `URL.prototype.origin` now properly specified an opaque return of
`'null'` for `file://` URLs. (Brian White)
[#11691 ](https://github.com/nodejs/node/pull/11691 )
PR-URL: https://github.com/nodejs/node/pull/11831
8 years ago
Evan Lucas
a7d37984eb
2017-03-08, Version 7.7.2 (Current)
Notable changes:
* doc: add `Daijiro Wachi` to collaborators (Daijiro Wachi) https://github.com/nodejs/node/pull/11676
* tty: add ref() so process.stdin.ref() etc. work (Ben Schmidt) https://github.com/nodejs/node/pull/7360
* util: fix inspecting symbol key in string (Ali BARIN) https://github.com/nodejs/node/pull/11672
PR-URL: https://github.com/nodejs/node/pull/11745
8 years ago
Italo A. Casas
5c2e415ab4
2017-03-01, Version 7.7.1 (Current)
Notable changes:
Node.js 7.7.0 contains a bug that will prevent all native modules
from building, this patch should fix the issue. Apologies to
everyone who was affected by 7.7.0.
PR-URL: https://github.com/nodejs/node/pull/11638
8 years ago
Italo A. Casas
a7ffa8d3fd
2017-02-28, Version 7.7.0 (Current)
Notables changes:
* child_process: spawnSync() exit code now is null when the child is killed via signal (cjihrig)
[#11288 ](https://github.com/nodejs/node/pull/11288 )
* http: new functions to access the headers for an outgoing HTTP message (Brian White)
[#11562 ](https://github.com/nodejs/node/pull/11562 )
* lib: deprecate node --debug at runtime (Josh Gavant)
[#11275 ](https://github.com/nodejs/node/pull/11275 )
* tls: new tls.TLSSocket() supports sec ctx options (Sam Roberts)
[#11005 ](https://github.com/nodejs/node/pull/11005 )
* url: adding URL.prototype.toJSON support (Michaël Zasso)
[#11236 ](https://github.com/nodejs/node/pull/11236 )
* doc: items in the API documentation may now have changelogs (Anna Henningsen)
[#11489 ](https://github.com/nodejs/node/pull/11489 )
* crypto: adding support for OPENSSL_CONF again (Sam Roberts)
[#11006 ](https://github.com/nodejs/node/pull/11006 )
* src: adding support for trace-event tracing (misterpoe)
[#11106 ](https://github.com/nodejs/node/pull/11106 )
PR-URL: https://github.com/nodejs/node/pull/11553
8 years ago
Italo A. Casas
bebda6df68
2017-02-21, Version 7.6.0 (Current)
Notable changes:
* deps:
* update V8 to 5.5 (Michaël Zasso) [#11029 ](https://github.com/nodejs/node/pull/11029 )
* upgrade libuv to 1.11.0 (cjihrig) [#11094 ](https://github.com/nodejs/node/pull/11094 )
* add node-inspect 1.10.4 (Jan Krems) [#10187 ](https://github.com/nodejs/node/pull/10187 )
* upgrade zlib to 1.2.11 (Sam Roberts) [#10980 ](https://github.com/nodejs/node/pull/10980 )
* lib: build `node inspect` into `node` (Anna Henningsen) [#10187 ](https://github.com/nodejs/node/pull/10187 )
* crypto: Remove expired certs from CNNIC whitelist (Shigeki Ohtsu) [#9469 ](https://github.com/nodejs/node/pull/9469 )
* inspector: add --inspect-brk (Josh Gavant) [#11149 ](https://github.com/nodejs/node/pull/11149 )
* fs: allow WHATWG URL objects as paths (James M Snell) [#10739 ](https://github.com/nodejs/node/pull/10739 )
* src: support UTF-8 in compiled-in JS source files (Ben Noordhuis) [#11129 ](https://github.com/nodejs/node/pull/11129 )
* url: extend url.format to support WHATWG URL (James M Snell) [#10857 ](https://github.com/nodejs/node/pull/10857 )
PR-URL: https://github.com/nodejs/node/pull/11185
8 years ago
Evan Lucas
a34f1d6449
2017-01-31, Version 7.5.0 (Current)
Notable changes:
* crypto:
* ability to select cert store at runtime (Adam Majer) #8334
* Use system CAs instead of using bundled ones (Adam Majer) #8334
* deps:
* upgrade npm to 4.1.2 (Kat Marchán) #11020
* upgrade openssl sources to 1.0.2k (Shigeki Ohtsu) #11021
* doc: add basic documentation for WHATWG URL API (James M Snell) #10620
* process: add NODE_NO_WARNINGS environment variable (cjihrig) #10842
* url: allow use of URL with http.request and https.request (James M Snell) #10638
PR-URL: https://github.com/nodejs/node/pull/11062
8 years ago
Evan Lucas
4760abcdd9
2017-01-04, Version 7.4.0 (Current)
Notable changes:
* buffer:
- Improve performance of Buffer allocation by ~11% (Brian White) https://github.com/nodejs/node/pull/10443
- Improve performance of Buffer.from() by ~50% (Brian White) https://github.com/nodejs/node/pull/10443
* events: Improve performance of EventEmitter.once() by ~27% (Brian White) https://github.com/nodejs/node/pull/10445
* fs: Allow passing Uint8Array to fs methods where Buffers are supported. (Anna Henningsen) https://github.com/nodejs/node/pull/10382
* http: Improve performance of http server by ~7% (Brian White) https://github.com/nodejs/node/pull/6533
* npm: Upgrade to v4.0.5 (Kat Marchán) https://github.com/nodejs/node/pull/10330
PR-URL: https://github.com/nodejs/node/pull/10589
8 years ago
cjihrig
24a3d0e71b
2016-12-20, Version 7.3.0 (Current)
Notable changes:
* buffer:
- buffer.fill() now works properly for the UCS2 encoding on
Big-Endian machines.
(Anna Henningsen) https://github.com/nodejs/node/pull/9837
* cluster:
- disconnect() now returns a reference to the disconnected
worker. (Sean Villars)
https://github.com/nodejs/node/pull/10019
* crypto:
- The built-in list of Well-Known CAs (Certificate Authorities)
can now be extended via a NODE_EXTRA_CA_CERTS environment
variable. (Sam Roberts)
https://github.com/nodejs/node/pull/9139
* http:
- Remove stale timeout listeners in order to prevent a memory leak
when using keep alive. (Karl Böhlmark)
https://github.com/nodejs/node/pull/9440
* tls:
- Allow obvious key/passphrase combinations. (Sam Roberts)
https://github.com/nodejs/node/pull/10294
* url:
- Including base argument in URL.originFor() to meet specification
compliance. (joyeecheung)
https://github.com/nodejs/node/pull/10021
- Improve URLSearchParams to meet specification compliance.
(Timothy Gu) https://github.com/nodejs/node/pull/9484
PR-URL: https://github.com/nodejs/node/pull/10277
8 years ago
Jeremiah Senkpiel
35d284685e
2016-12-06, Version 7.2.1 (Current)
Notable changes:
* buffer:
- Reverted the runtime deprecation of calling `Buffer()` without
`new`. (Anna Henningsen) https://github.com/nodejs/node/pull/9529
- Fixed `buffer.transcode()` for single-byte character
encodings to `UCS2`. (Anna Henningsen)
https://github.com/nodejs/node/pull/9838
* promise: `--trace-warnings` now produces useful stacktraces for
Promise warnings. (Anna Henningsen)
https://github.com/nodejs/node/pull/9525
* repl: Fixed a bug preventing correct parsing of generator functions.
(Teddy Katz) https://github.com/nodejs/node/pull/9852
* V8: Fixed a significant `instanceof` performance regression.
(Franziska Hinkelmann) https://github.com/nodejs/node/pull/9730
8 years ago
Jeremiah Senkpiel
c1aa949064
2016-11-22, Version 7.2.0 (Current)
This is a security release impacting Windows 10 users.
Notable changes:
* crypto: The `Decipher` methods `setAuthTag()` and `setAAD` now return
`this`. (Kirill Fomichev) https://github.com/nodejs/node/pull/9398
* dns: Implemented `{ttl: true}` for `resolve4()` and `resolve6()`.
(Ben Noordhuis) https://github.com/nodejs/node/pull/9296 &
https://github.com/nodejs/node/pull/9296
* libuv: Upgrade to v1.10.1 (cjihrig)
https://github.com/nodejs/node/pull/9647
- Fixed a potential buffer overflow when writing data to console on
Windows 10. (CVE-2016-9551)
* process: Added a new `external` property to the data returned by
`memoryUsage()`. (Fedor Indutny)
https://github.com/nodejs/node/pull/9587
* tls: Fixed a memory leak when writes were queued on TLS connection
that was destroyed during handshake. (Fedor Indutny)
https://github.com/nodejs/node/pull/9626
* V8 (dep): Upgrade to v5.4.500.43 (Michaël Zasso)
https://github.com/nodejs/node/pull/9697
* v8: The data returned by `getHeapStatistics()` now includes three new
fields: `malloced_memory`, `peak_malloced_memory`, and
`does_zap_garbage`. (Gareth Ellis)
https://github.com/nodejs/node/pull/8610
PR-URL: https://github.com/nodejs/node/pull/9745
8 years ago
Jeremiah Senkpiel
bbd5853236
doc: v6 is now LTS rather than Current
PR-URL: https://github.com/nodejs/node/pull/9182
Reviewed-By: Claudio Rodriguez <cjrodr@yahoo.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Conflicts:
CHANGELOG.md
8 years ago
Jeremiah Senkpiel
8030994554
doc: fix some table problems in changelog.md
PR-URL: https://github.com/nodejs/node/pull/9183
Reviewed-By: Claudio Rodriguez <cjrodr@yahoo.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Conflicts:
CHANGELOG.md
8 years ago
Evan Lucas
0a3a967d54
2016-11-08, Version 7.1.0 (Current)
Notable changes:
* buffer: add buffer.transcode to transcode a buffer's content from one
encoding to another primarily using ICU (James M Snell)
* child_process: add public API for IPC channel (cjihrig)
* icu
* Upgraded to ICU 58 - small icu (Steven R. Loomis)
* Add `cldr`, `tz`, and `unicode` to `process.versions` (Steven R. Loomis)
* lib: make `String(global) === '[object global]'` (Anna Henningsen)
* libuv: Upgraded to 1.10.0 (cjihrig)
* readline: use icu based string width calculation (James M Snell)
* src:
* add NODE_PRESERVE_SYMLINKS environment variable that has the same
effect as the `--preserve-symlinks` flag (Marc Udoff)
* Fix `String#toLocaleUpperCase()` and `String#toLocaleLowerCase()`
(Steven R. Loomis)
PR-URL: https://github.com/nodejs/node/pull/9438
8 years ago
James M Snell
362fe010fe
2016-10-25, Version 7.0.0 (Current)
Notable Changes:
* Buffer
* Passing invalid input to Buffer.byteLength will now throw an error [#8946 ](https://github.com/nodejs/node/pull/8946 ).
* Calling Buffer without new is now deprecated and will emit a process warning [#8169 ](https://github.com/nodejs/node/pull/8169 ).
* Passing a negative number to allocUnsafe will now throw an error [#7079 ](https://github.com/nodejs/node/pull/7079 ).
* Child Process
* The fork and execFile methods now have stronger argument validation [#7399 ](https://github.com/nodejs/node/pull/7399 ).
* Cluster
* The worker.suicide method is deprecated and will emit a process warning [#3747 ](https://github.com/nodejs/node/pull/3747 ).
* Deps
* V8 has been updated to 5.4.500.36 [#8317 ](https://github.com/nodejs/node/pull/8317 ), [#8852 ](https://github.com/nodejs/node/pull/8852 ), [#9253 ](https://github.com/nodejs/node/pull/9253 ).
* NODE_MODULE_VERSION has been updated to 51 [#8808 ](https://github.com/nodejs/node/pull/8808 ).
* File System
* A process warning is emitted if a callback is not passed to async file system methods [#7897 ](https://github.com/nodejs/node/pull/7897 ).
* Intl
* Intl.v8BreakIterator constructor has been deprecated and will emit a process warning [#8908 ](https://github.com/nodejs/node/pull/8908 ).
* Promises
* Unhandled Promise rejections have been deprecated and will emit a process warning [#8217 ](https://github.com/nodejs/node/pull/8217 ).
* Punycode
* The `punycode` module has been deprecated [#7941 ](https://github.com/nodejs/node/pull/7941 ).
* URL
* An Experimental WHATWG URL Parser has been introduced [#7448 ](https://github.com/nodejs/node/pull/7448 ).
PR-URL: https://github.com/nodejs/node/pull/9099
8 years ago
Evan Lucas
cc2e7db734
2016-09-27, Version 6.7.0 (Current)
This is a security release. All Node.js users should consult the
security release summary at
https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
for details on patched vulnerabilities.
Notable Changes
Semver Minor:
* openssl:
- Upgrade to 1.0.2i, fixes a number of defects impacting Node.js:
CVE-2016-6304 ("OCSP Status Request extension unbounded memory
growth", high severity), CVE-2016-2183, CVE-2016-2178, and CVE-2016-6306.
(Shigeki Ohtsu) https://github.com/nodejs/node/pull/8714
- Upgrade to 1.0.2j, fixes a defect included in 1.0.2i resulting in
a crash when using CRLs, CVE-2016-7052.
(Shigeki Ohtsu) https://github.com/nodejs/node/pull/8786
- Remove support for loading dynamic third-party engine modules.
An attacker may be able to hide malicious code to be inserted
into Node.js at runtime by masquerading as one of the dynamic
engine modules. Originally reported by Ahmed Zaki (Skype).
(Ben Noordhuis) https://github.com/nodejs/node-private/pull/73
* http: CVE-2016-5325 - Properly validate for allowable characters in
the `reason` argument in `ServerResponse#writeHead()`. Fixes a
possible response splitting attack vector. This introduces a new
case where `throw` may occur when configuring HTTP responses, users
should already be adopting try/catch here. Originally reported
independently by Evan Lucas and Romain Gaucher.
(Evan Lucas) https://github.com/nodejs/node-private/pull/60
Semver Patch:
* buffer: Zero-fill excess bytes in new `Buffer` objects created with
`Buffer.concat()` while providing a `totalLength` parameter that
exceeds the total length of the original `Buffer` objects being
concatenated.
(Сковорода Никита Андреевич) https://github.com/nodejs/node-private/pull/64
* src: Fix regression where passing an empty password and/or salt to
crypto.pbkdf2() would cause a fatal error
(Rich Trott) https://github.com/nodejs/node/pull/8572
* tls: CVE-2016-7099 - Fix invalid wildcard certificate validation
check whereby a TLS server may be able to serve an invalid wildcard
certificate for its hostname due to improper validation of `*.` in the
wildcard string. Originally reported by Alexander Minozhenko and
James Bunton (Atlassian).
(Ben Noordhuis) https://github.com/nodejs/node-private/pull/75
* v8: Fix regression where a regex on a frozen object was broken
(Myles Borins) https://github.com/nodejs/node/pull/8673
8 years ago
Jeremiah Senkpiel
ea2a309e3b
2016-09-14, Version 6.6.0 (Current)
Notable changes:
* crypto: Added `crypto.timingSafeEqual()`. (not-an-aardvark)
https://github.com/nodejs/node/pull/8304
* events: Made the "max event listeners" memory leak warning more
accessible. (Anna Henningsen) https://github.com/nodejs/node/pull/8298
* promises: Unhandled rejections now emit a process warning after the
first tick. (Benjamin Gruenbaum)
https://github.com/nodejs/node/pull/8223
* repl: Added auto alignment for `.editor` mode. (Prince J Wesley)
https://github.com/nodejs/node/pull/8241
* util: Some functionality has been added to `util.inspect()`:
- Returning `this` from a custom inspect function now works. (Anna
Henningsen) https://github.com/nodejs/node/pull/8174
- Added support for Symbol-based custom inspection methods. (Anna
Henningsen) https://github.com/nodejs/node/pull/8174
Refs: https://github.com/nodejs/node/issues/8428
Refs: https://github.com/nodejs/node/pull/8457
PR-URL: https://github.com/nodejs/node/pull/8466
8 years ago
Evan Lucas
0482d6d592
2016-08-26, Version 6.5.0 (Current)
Notable changes:
* **buffer**: Fix regression introduced in v6.4.0 that prevented .write() at buffer end (Anna Henningsen) https://github.com/nodejs/node/pull/8154
* **deps**: update V8 to 5.1.281.75 (Ali Ijaz Sheikh) https://github.com/nodejs/node/pull/8054
* **inspector**:
* fix inspector hang while disconnecting (Aleksei Koziatinskii) https://github.com/nodejs/node/pull/8021
* add support for uncaught exception (Aleksei Koziatinskii) https://github.com/nodejs/node/pull/8043
* **repl**: Fix saving editor mode text in `.save` (Prince J Wesley) https://github.com/nodejs/node/pull/8145
* ***Revert*** "**repl,util**: insert carriage returns in output" (Evan Lucas) https://github.com/nodejs/node/pull/8143
PR-URL: https://github.com/nodejs/node/pull/8253
9 years ago
Myles Borins
e7bd4d2597
2016-08-15, Version 4.5.0 'Argon' (LTS)
Notable Changes:
Semver Minor:
* buffer:
* backport new buffer constructor APIs to v4.x
(Сковорода Никита Андреевич)
https://github.com/nodejs/node/pull/7562
* backport --zero-fill-buffers cli option (James M Snell)
https://github.com/nodejs/node/pull/5745
* build:
* add Intel Vtune profiling support (Chunyang Dai)
https://github.com/nodejs/node/pull/5527
* repl:
* copying tabs shouldn't trigger completion (Eugene Obrezkov)
https://github.com/nodejs/node/pull/5958
* src:
* add node::FreeEnvironment public API (Cheng Zhao)
https://github.com/nodejs/node/pull/3098
* test:
* run v8 tests from node tree (Bryon Leung)
https://github.com/nodejs/node/pull/4704
* V8:
* Add post mortem data to improve object inspection and function's
context variables inspection (Fedor Indutny)
https://github.com/nodejs/node/pull/3779
Semver Patch:
* **buffer**:
* ignore negative allocation lengths (Anna Henningsen)
https://github.com/nodejs/node/pull/7562
* **crypto**:
* update root certificates (Ben Noordhuis)
https://github.com/nodejs/node/pull/7363
* **libuv**:
* upgrade libuv to 1.9.1 (Saúl Ibarra Corretgé)
https://github.com/nodejs/node/pull/6796
* upgrade libuv to 1.9.0 (Saúl Ibarra Corretgé)
https://github.com/nodejs/node/pull/5994
* **npm**:
* upgrade to 2.15.9 (Kat Marchán)
https://github.com/nodejs/node/pull/7692
9 years ago
cjihrig
d83373d800
2016-08-15, Version 6.4.0 (Current)
Notable changes:
* build: zlib symbols and additional OpenSSL symbols are now exposed on Windows platforms. (Alex Hultman) https://github.com/nodejs/node/pull/7983 and https://github.com/nodejs/node/pull/7576
* child_process, cluster: Forked child processes and cluster workers now support stdio configuration. (Colin Ihrig) https://github.com/nodejs/node/pull/7811 and https://github.com/nodejs/node/pull/7838
* child_process: argv[0] can now be set to arbitrary values in spawned processes. (Pat Pannuto) https://github.com/nodejs/node/pull/7696
* fs: fs.ReadStream now exposes the number of bytes it has read so far. (Linus Unnebäck) https://github.com/nodejs/node/pull/7942
* repl: The REPL now supports editor mode. (Prince J Wesley) https://github.com/nodejs/node/pull/7275
* util: inspect() can now be configured globally using util.inspect.defaultOptions. (Roman Reiss) https://github.com/nodejs/node/pull/8013
Refs: https://github.com/nodejs/node/issues/8020
PR-URL: https://github.com/nodejs/node/pull/8070
9 years ago
Evan Lucas
c21a212bdc
2016-07-21, Version 6.3.1 (Current)
Notable changes:
* **buffer**:
* Improve performance of Buffer.from(str, 'hex') and Buffer#write(str, 'hex'). (Christopher Jeffrey) https://github.com/nodejs/node/pull/7602
* Fix creating from zero-length ArrayBuffer. (Ingvar Stepanyan) https://github.com/nodejs/node/pull/7176
* **deps**:
* Upgrade to V8 5.0.71.xx. (Ben Noordhuis) https://github.com/nodejs/node/pull/7531
* Backport V8 instanceof bugfix (Franziska Hinkelmann) https://github.com/nodejs/node/pull/7638
* **repl**: Fix issue with function redeclaration. (Prince J Wesley) https://github.com/nodejs/node/pull/7794
* **util**: Fix inspecting of boxed symbols. (Anna Henningsen) https://github.com/nodejs/node/pull/7641
PR-URL: https://github.com/nodejs/node/pull/7782
9 years ago
Jeremiah Senkpiel
7628031847
2016-07-06, Version 6.3.0 (Current)
Notable changes:
* buffer: Added `buffer.swap64()` to compliment `swap16()` &
`swap32()`. (Zach Bjornson) https://github.com/nodejs/node/pull/7157
* build: New `configure` options have been added for building Node.js
as a shared library. (Stefan Budeanu)
https://github.com/nodejs/node/pull/6994
- The options are: `--shared`, `--without-v8-platform` &
`--without-bundled-v8`.
* crypto: Root certificates have been updated. (Ben Noordhuis)
https://github.com/nodejs/node/pull/7363
* debugger: The server address is now configurable via
`--debug=<address>:<port>`. (Ben Noordhuis)
https://github.com/nodejs/node/pull/3316
* npm: Upgraded npm to v3.10.3 (Kat Marchán)
https://github.com/nodejs/node/pull/7515 & (Rebecca Turner)
https://github.com/nodejs/node/pull/7410
* readline: Added the `prompt` option to the readline constructor.
(Evan Lucas) https://github.com/nodejs/node/pull/7125
* repl / vm: `sigint`/`ctrl+c` will now break out of infinite loops
without stopping the Node.js instance. (Anna Henningsen)
https://github.com/nodejs/node/pull/6635
* src:
- Added a `node::FreeEnvironment` public C++ API. (Cheng Zhao)
https://github.com/nodejs/node/pull/3098
- Refactored `require('constants')`, constants are now available
directly from their respective modules. (James M Snell)
https://github.com/nodejs/node/pull/6534
* stream: Improved `readable.read()` performance by up to 70%. (Brian
White) https://github.com/nodejs/node/pull/7077
* timers: `setImmediate()` is now up to 150% faster in some situations.
(Andras) https://github.com/nodejs/node/pull/6436
* util: Added a `breakLength` option to `util.inspect()` to control how
objects are formatted across lines. (cjihrig)
https://github.com/nodejs/node/pull/7499
* v8-inspector: Experimental support has been added for debugging
Node.js over the inspector protocol. (Ali Ijaz Sheikh)
https://github.com/nodejs/node/pull/6792
- *Note: This feature is experimental, and it could be altered or
removed.*
- You can try this feature by running Node.js with the `--inspect`
flag.
Refs: https://github.com/nodejs/node/pull/7441
PR-URL: https://github.com/nodejs/node/pull/7550
9 years ago
Myles Borins
21535e851c
2016-06-28, Version 4.4.7 'Argon' (LTS)
This LTS release comes with 89 commits. This includes 46 commits that
are docs related, 11 commits that are test related, 8 commits that are
build related, and 4 commits that are benchmark related.
Notable Changes:
- debugger:
- All properties of an array (aside from length) can now be printed
in the repl (cjihrig)
https://github.com/nodejs/node/pull/6448
- npm:
- Upgrade npm to 2.15.8 (Rebecca Turner)
https://github.com/nodejs/node/pull/7412
- stream:
- Fix for a bug that became more prevalent with the stream changes
that landed in v4.4.5. (Anna Henningsen)
https://github.com/nodejs/node/pull/7160
- V8:
- Fix for a bug in crankshaft that was causing crashes on arm64
(Myles Borins)
https://github.com/nodejs/node/pull/7442
- Add missing classes to postmortem info such as JSMap and JSSet
(evan.lucas)
https://github.com/nodejs/node/pull/3792
9 years ago
Myles Borins
9744928cf5
doc: fix layout problem in v4 changelog
The current layout is breaking the release post tool.
This commit also removed erroneous entires in the main CHANGELOG for
v4.4.6 and v5.12.0.
PR-URL: https://github.com/nodejs/node/pull/7394
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
9 years ago
Evan Lucas
6a9438343b
2016-06-23, Version 5.12.0 (Stable)
Notable changes:
This is a security release. All Node.js users should consult the security
release summary at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases
for details on patched vulnerabilities.
* **buffer**
* backport allocUnsafeSlow (Сковорода Никита Андреевич) [#7169 ](https://github.com/nodejs/node/pull/7169 )
* ignore negative allocation lengths (Anna Henningsen) [#7221 ](https://github.com/nodejs/node/pull/7221 )
* **deps**: backport 3a9bfec from v8 upstream (Ben Noordhuis) [nodejs/node-private#40 ](https://github.com/nodejs/node-private/pull/40 )
* Fixes a Buffer overflow vulnerability discovered in v8. More details
can be found in the CVE (CVE-2016-1699).
PR-URL: https://github.com/nodejs/node-private/pull/51
9 years ago
Rod Vagg
fb146cecc3
2016-06-23 Version 0.12.15 (Maintenance) Release
This is a security release. All Node.js users should consult the security
release summary at
https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/ for
details on patched vulnerabilities.
Notable changes:
* libuv: (CVE-2014-9748) Fixes a bug in the read/write locks implementation for
Windows XP and Windows 2003 that can lead to undefined and potentially unsafe
behaviour. More information can be found at
https://github.com/libuv/libuv/issues/515 or at
https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/ .
* V8: (CVE-2016-1669) Fixes a potential Buffer overflow vulnerability
discovered in V8, more details can be found in the CVE at
https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669 or at
https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/ .
PR-URL: https://github.com/nodejs/node-private/pull/53
9 years ago
Rod Vagg
71b29bb8a9
2016-06-23 Version 0.10.46 (Maintenance) Release
This is a security release. All Node.js users should consult the security
release summary at
https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/ for
details on patched vulnerabilities.
Notable changes:
* libuv: (CVE-2014-9748) Fixes a bug in the read/write locks implementation for
Windows XP and Windows 2003 that can lead to undefined and potentially unsafe
behaviour. More information can be found at
https://github.com/libuv/libuv/issues/515 or at
https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/ .
* V8: (CVE-2016-1669) Fixes a potential Buffer overflow vulnerability discovered
in V8, more details can be found in the CVE CVE-2016-1669 at
https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669 or at
https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/ .
Commits:
* [3374f57973
] - deps: update libuv to 0.10.37 (Saúl Ibarra Corretgé) https://github.com/nodejs/node/pull/7293
* [fcb9145e29
] - deps: backport 3a9bfec from v8 upstream (Myles Borins) https://github.com/nodejs/node-private/pull/43
PR-URL: https://github.com/nodejs/node-private/pull/52
9 years ago
Myles Borins
a9c34aeae7
2016-06-23, Version 4.4.6 'Argon' (LTS)
This is an important security release. All Node.js users should consult
the security release summary at nodejs.org for details on patched
vulnerabilities.
This release is specifically related to a Buffer overflow vulnerability
discovered in v8, more details can be found in the CVE
https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669
PR-URL: https://github.com/nodejs/node-private/pull/41
9 years ago
Evan Lucas
e427150e75
2016-06-17, Version 6.2.2 (Current) Release
Notable changes:
* **http**:
- req.read(0) could cause incoming connections to stall and time out
under certain conditions. (Fedor Indutny) [#7211 ](https://github.com/nodejs/node/pull/7211 )
- When freeing the socket to be reused in keep-alive Agent wait for
both prefinish and end events. Otherwise the next request may be
written before the previous one has finished sending the body, leading
to a parser errors. (Fedor Indutny) [#7149 ](https://github.com/nodejs/node/pull/7149 )
* **npm**: upgrade npm to 3.9.5 (Kat Marchán) [#7139 ](https://github.com/nodejs/node/pull/7139 )
PR-URL: https://github.com/nodejs/node/pull/7323
9 years ago
Rod Vagg
daafe2c65e
2016-06-02, Version 6.2.1 (Current)
* buffer: Ignore negative lengths in calls to Buffer() and
Buffer.allocUnsafe(). This fixes a possible security concern
(reported by Feross Aboukhadijeh) where user input is passed
unchecked to the Buffer constructor or allocUnsafe() as it can
expose parts of the memory slab used by other Buffers in the
application. Note that negative lengths are not supported by the
Buffer API and user input to the constructor should always be
sanitised and type-checked.
(Anna Henningsen) https://github.com/nodejs/node/pull/7030
* npm: Upgrade npm to 3.9.3
(Kat Marchán) https://github.com/nodejs/node/pull/7030
* tty: Default to blocking mode for stdio on OS X. A bug fix
in libuv 1.9.0, introduced in Node.js v6.0.0, exposed problems with
Node's use of non-blocking stdio, particularly on OS X which has a
small output buffer. This change should fix CLI applications that
have been having problems with output since Node.js v6.0.0 on OS X.
The core team is continuing to address stdio concerns that exist
across supported platforms and progress can be tracked at
https://github.com/nodejs/node/pull/6980 .
(Jeremiah Senkpiel) https://github.com/nodejs/node/pull/6895
* V8: Upgrade to V8 5.0.71.52. This includes a fix that addresses
problems experienced by users of node-inspector since Node.js
v6.0.0, see https://github.com/nodejs/node/issues/6980 for details.
(Michaël Zasso) https://github.com/nodejs/node/pull/6928
9 years ago
Anna Henningsen
b5f76dbd3e
doc: fix broken references in changelogs
Some references to a few versions were broken, likely in part
due to the transition to a split changelog format.
PR-URL: https://github.com/nodejs/node/pull/6942
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Roman Reiss <me@silverwind.io>
9 years ago
Myles Borins
e03c32696e
2016-05-24, Version 4.4.5 'Argon' (LTS)
Notable changes:
* **buffer**:
* Buffer no longer errors if you call lastIndexOf with a search term
longer than the buffer (Anna Henningsen)
https://github.com/nodejs/node/pull/6511
* contextify:
* Context objects are now properly garbage collected, this solves a
problem some individuals were experiencing with extreme memory
growth (Ali Ijaz Sheikh)
https://github.com/nodejs/node/pull/6871
* deps:
* update npm to 2.15.5 (Rebecca Turner)
https://github.com/nodejs/node/pull/6663
* http:
* Invalid status codes can no longer be sent. Limited to 3 digit
numbers between 100 - 999 (Brian White)
https://github.com/nodejs/node/pull/6291
9 years ago
Evan Lucas
26120e2eb0
2016-05-17, Version 6.2.0 (Stable)
- **buffer**: fix lastIndexOf and indexOf in various edge cases (Anna
Henningsen) [#6511 ](https://github.com/nodejs/node/pull/6511 )
- **child_process**: use /system/bin/sh on android (Ben Noordhuis)
[#6745 ](https://github.com/nodejs/node/pull/6745 )
- **deps**:
- upgrade npm to 3.8.9 (Rebecca Turner)
[#6664 ](https://github.com/nodejs/node/pull/6664 )
- upgrade to V8 5.0.71.47 (Ali Ijaz Sheikh)
[#6572 ](https://github.com/nodejs/node/pull/6572 )
- upgrade libuv to 1.9.1 (Saúl Ibarra Corretgé)
[#6796 ](https://github.com/nodejs/node/pull/6796 )
- Intl: ICU 57 bump (Steven R. Loomis)
[#6088 ](https://github.com/nodejs/node/pull/6088 )
- **repl**:
- copying tabs shouldn't trigger completion (Eugene Obrezkov)
[#5958 ](https://github.com/nodejs/node/pull/5958 )
- exports `Recoverable` (Blake Embrey)
[#3488 ](https://github.com/nodejs/node/pull/3488 )
- **src**: add O_NOATIME constant (Rich Trott)
[#6492 ](https://github.com/nodejs/node/pull/6492 )
- **src,module**: add --preserve-symlinks command line flag (James M
Snell) [#6537 ](https://github.com/nodejs/node/pull/6537 )
- **util**: adhere to `noDeprecation` set at runtime (Anna Henningsen)
[#6683 ](https://github.com/nodejs/node/pull/6683 )
As of this release the 6.X line now includes 64-bit binaries for Linux
on Power Systems running in big endian mode in addition to the existing
64-bit binaries for running in little endian mode.
PR-URL: https://github.com/nodejs/node/pull/6810
9 years ago
James M Snell
c663a6db05
doc: refactor the changelog by version
The changelog was getting rather huge and difficult
to manage. It also wasn't very useful in terms of
being able to quickly find specific Node.js versions,
or tracking the history for a single major release
stream.
This reorganizes the changelog by versions separated
out over multiple files. An index of the most recent
versions is provided in the main log.
PR-URL: https://github.com/nodejs/node/pull/6503
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Robert Lindstaedt <robert.lindstaedt@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
9 years ago
Rod Vagg
98b534ff5a
2016-05-06 Version 0.12.14 (Maintenance) Release
Notable changes:
* npm: Correct erroneous version number in v2.15.1 code
(Forrest L Norvell) https://github.com/nodejs/node/pull/5988
* openssl: Upgrade to v1.0.1t, addressing security vulnerabilities
(Shigeki Ohtsu) https://github.com/nodejs/node/pull/6553
- Fixes CVE-2016-2107 "Padding oracle in AES-NI CBC MAC check"
- Fixes CVE-2016-2105 "EVP_EncodeUpdate overflow"
- See https://nodejs.org/en/blog/vulnerability/openssl-may-2016/
for full details
9 years ago
Rod Vagg
1ec421e122
2016-05-06 Version 0.10.45 (Maintenance) Release
Notable changes:
* npm: Correct erroneous version number in v2.15.1 code
(Forrest L Norvell) https://github.com/nodejs/node/pull/5987
* openssl: Upgrade to v1.0.1t, addressing security vulnerabilities
(Shigeki Ohtsu) https://github.com/nodejs/node/pull/6553
- Fixes CVE-2016-2107 "Padding oracle in AES-NI CBC MAC check"
- Fixes CVE-2016-2105 "EVP_EncodeUpdate overflow"
- See https://nodejs.org/en/blog/vulnerability/openssl-may-2016/ for
full details
9 years ago
Myles Borins
2bceda6493
doc: get rid of sneaky hard tabs in CHANGELOG
My editor did something strange. Sorry about that
PR-URL: https://github.com/nodejs/node/pull/6608
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
9 years ago
Myles Borins
7c7e50f813
2016-05-05, Version 4.4.4 'Argon' (LTS)
Notable changes
* deps:
* update openssl to 1.0.2h. (Shigeki Ohtsu)
[#6551 ](https://github.com/nodejs/node/pull/6551 )
- Please see our blog postfor more info on the security
contents of this release.
https://nodejs.org/en/blog/vulnerability/openssl-may-2016/
PR-URL: https://github.com/nodejs/node/pull/6583
Reviewed-By: James M Snell <jasnell@gmail.com>
9 years ago
Jeremiah Senkpiel
b9ceb42ae2
2016-05-05, Version 6.1.0 (Current)
* assert: `deep{Strict}Equal()` now works correctly with circular
references. (Rich Trott) https://github.com/nodejs/node/pull/6432
* debugger: Arrays are now formatted correctly in the debugger repl.
(cjihrig) https://github.com/nodejs/node/pull/6448
* deps: Upgrade OpenSSL sources to 1.0.2h (Shigeki Ohtsu)
https://github.com/nodejs/node/pull/6550
- Please see our blog post for more info on the security contents of
this release:
- https://nodejs.org/en/blog/vulnerability/openssl-may-2016/
* net: Introduced a `Socket#connecting` property. (Fedor Indutny)
https://github.com/nodejs/node/pull/6404
- Previously this information was only available as the undocumented,
internal `_connecting` property.
* process: Introduced `process.cpuUsage()`. (Patrick Mueller)
https://github.com/nodejs/node/pull/6157
* stream: `Writable#setDefaultEncoding()` now returns `this`.
(Alexander Makarenko) https://github.com/nodejs/node/pull/5040
* util: Two new additions to `util.inspect()`:
- Added a `maxArrayLength` option to truncate the formatting of
Arrays. (James M Snell) https://github.com/nodejs/node/pull/6334
- This is set to `100` by default.
- Added a `showProxy` option for formatting proxy intercepting
handlers. (James M Snell) https://github.com/nodejs/node/pull/6465
- Inspecting proxies is non-trivial and as such this is off by
default.
PR-URL: https://github.com/nodejs/node/pull/6557
9 years ago
Evan Lucas
a465627210
2016-05-05, Version 5.11.1 (Stable)
Notable changes
* buffer: safeguard against accidental kNoZeroFill (Сковорода Никита Андреевич) [nodejs/node-private#35 ](https://github.com/nodejs/node-private/pull/35 )
* deps: upgrade openssl sources to 1.0.2h (Shigeki Ohtsu) [#6552 ](https://github.com/nodejs/node/pull/6552 )
9 years ago
James M Snell
b8f035b07c
doc: fix v6 changelog
Not quite sure how, but quite a few of the commits were missing
from the original changelog generated for v6 relative to v5.11.0.
This updates the change log.
PR-URL: https://github.com/nodejs/node/pull/6435
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
9 years ago
Myles Borins
cc5d9767af
meta: split CHANGELOG into two files
The unfortunate has happened, our CHANGELOG is now over 1 MB and cannot
be viewed on github. This commit breaks the CHANGELOG into two files
so that we can continue to show our changes rendered in the github UI.
Closes: https://github.com/nodejs/node/issues/5533
PR-URL: https://github.com/nodejs/node/pull/6337
Reviewed-By: Claudio Rodriguez <cjrodr@yahoo.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Roman Reiss <me@silverwind.io>
9 years ago
James M Snell
1a29a5773a
2016-04-26, Version 6.0.0 (Current) Release
The following significant (semver-major) changes have been made since the
previous Node v5.0.0 release.
* Buffer
* New Buffer constructors have been added
[#4682 ](https://github.com/nodejs/node/pull/4682 )
* Previously deprecated Buffer APIs are removed
[#5048 ](https://github.com/nodejs/node/pull/5048 ),
[#4594 ](https://github.com/nodejs/node/pull/4594 )
* Improved error handling [#4514 ](https://github.com/nodejs/node/pull/4514 )
* Cluster
* Worker emitted as first argument in 'message' event
[#5361 ](https://github.com/nodejs/node/pull/5361 ).
* Crypto
* Improved error handling [#3100 ](https://github.com/nodejs/node/pull/3100 ),
[#5611 ](https://github.com/nodejs/node/pull/5611 )
* Simplified Certificate class bindings
[#5382 ](https://github.com/nodejs/node/pull/5382 )
* Improved control over FIPS mode
[#5181 ](https://github.com/nodejs/node/pull/5181 )
* pbkdf2 digest overloading is deprecated
[#4047 ](https://github.com/nodejs/node/pull/4047 )
* Dependencies
* Reintroduce shared c-ares build support
[#5775 ](https://github.com/nodejs/node/pull/5775 ).
* V8 updated to 5.0.71.31 [#6111 ](https://github.com/nodejs/node/pull/6111 ).
* DNS
* Add resolvePtr API to query plain DNS PTR records
[#4921 ](https://github.com/nodejs/node/pull/4921 ).
* Domains
* Clear stack when no error handler
[#4659 ](https://github.com/nodejs/node/pull/4659 ).
* File System
* The `fs.realpath()` and `fs.realpathSync()` methods have been updated
to use a more efficient libuv implementation. This change includes the
removal of the `cache` argument and the method can throw new errors
[#3594 ](https://github.com/nodejs/node/pull/3594 )
* FS apis can now accept and return paths as Buffers
[#5616 ](https://github.com/nodejs/node/pull/5616 ).
* Error handling and type checking improvements
[#5616 ](https://github.com/nodejs/node/pull/5616 ),
[#5590 ](https://github.com/nodejs/node/pull/5590 ),
[#4518 ](https://github.com/nodejs/node/pull/4518 ),
[#3917 ](https://github.com/nodejs/node/pull/3917 ).
* fs.read's string interface is deprecated
[#4525 ](https://github.com/nodejs/node/pull/4525 )
* HTTP
* 'clientError' can now be used to return custom errors from an
HTTP server [#4557 ](https://github.com/nodejs/node/pull/4557 ).
* Modules
* Current directory is now prioritized for local lookups
[#5689 ](https://github.com/nodejs/node/pull/5689 )
* Symbolic links are preserved when requiring modules
[#5950 ](https://github.com/nodejs/node/pull/5950 )
* Net
* DNS hints no longer implicitly set
[#6021 ](https://github.com/nodejs/node/pull/6021 ).
* Improved error handling and type checking
[#5981 ](https://github.com/nodejs/node/pull/5981 ),
[#5733 ](https://github.com/nodejs/node/pull/5733 ),
[#2904 ](https://github.com/nodejs/node/pull/2904 )
* OS X
* MACOSX_DEPLOYMENT_TARGET has been bumped up to 10.7
[#6402 ](https://github.com/nodejs/node/pull/6402 ).
* Path
* Improved type checking [#5348 ](https://github.com/nodejs/node/pull/5348 ).
* Process
* Introduce process warnings API
[#4782 ](https://github.com/nodejs/node/pull/4782 ).
* Throw exception when non-function passed to nextTick
[#3860 ](https://github.com/nodejs/node/pull/3860 ).
* Readline
* Emit key info unconditionally
[#6024 ](https://github.com/nodejs/node/pull/6024 )
* REPL
* Assignment to `_` will emit a warning.
[#5535 ](https://github.com/nodejs/node/pull/5535 )
* Timers
* Fail early when callback is not a function
[#4362 ](https://github.com/nodejs/node/pull/4362 )
* TLS
* Rename 'clientError' to 'tlsClientError'
[#4557 ](https://github.com/nodejs/node/pull/4557 )
* SHA1 used for sessionIdContext
[#3866 ](https://github.com/nodejs/node/pull/3866 )
* TTY
* Previously deprecated setRawMode wrapper is removed
[#2528 ](https://github.com/nodejs/node/pull/2528 ).
* Util
* Changes to Error object formatting
[#4582 ](https://github.com/nodejs/node/pull/4582 ).
* Windows
* Windows XP and Vista are no longer supported
[#5167 ](https://github.com/nodejs/node/pull/5167 ),
[#5167 ](https://github.com/nodejs/node/pull/5167 ).
9 years ago
Minqi Pan
879aeb5e49
doc: add Minqi Pan to collaborators
Also changed alias P.S.V.R to Minqi Pan.
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/6387
9 years ago
Myles Borins
1fa8fce210
2016-04-20, Version 5.11.0 (Stable) Release
Buffer:
* Buffer.prototype.compare can now compare sub-ranges of two Buffers
(James M Snell) https://github.com/nodejs/node/pull/5880
deps:
* update to http-parser 2.7.0
(Fedor Indutny) https://github.com/nodejs/node/pull/6279
* update ESLint to 2.7.0
(silverwind) https://github.com/nodejs/node/pull/6132
net:
* adds support for passing DNS lookup hints to createConnection()
(Colin Ihrig) https://github.com/nodejs/node/pull/6000
node:
* Make the builtin libraries available for the --eval and --print
CLI options
(Anna Henningsen) https://github.com/nodejs/node/pull/6207
npm:
* upgrade npm to 3.8.6
(Kat Marchán) https://github.com/nodejs/node/pull/6153
repl:
* Pressing enter in the repl will repeat the last command by default
if no input has been received. This behaviour was in node
previously and was not removed intentionally.
(Rich Trott) https://github.com/nodejs/node/pull/6090
src:
* add SIGINFO to supported signals
(James Reggio) https://github.com/nodejs/node/pull/6093
streams:
* Fix a regression that caused by net streams requesting multiple
chunks synchronously when combined with cork/uncork
(Matteo Collina) https://github.com/nodejs/node/pull/6164
zlib:
* The flushing flag is now configurable allowing for decompression
of partial data
(Anna Henningsen) https://github.com/nodejs/node/pull/6069
PR-URL: https://github.com/nodejs/node/pull/6322
9 years ago
Vladimir Varankin
31524d7310
doc: fix a typo in 5.10.1's changelog
PR-URL: https://github.com/nodejs/node/pull/6076
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Roman Klauke <romaaan.git@gmail.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
9 years ago
Myles Borins
82d57d39ae
2016-04-05, Version 5.10.1 (Stable) Release
Notable changes:
http:
* Enclose IPv6 Host header in square brackets. This will enable
proper seperation of the host adress from any port reference
(Mihai Potra) https://github.com/nodejs/node/pull/5314
path:
* Make win32.isAbsolute more consistent (Brian White)
https://github.com/nodejs/node/pull/6028
PR-URL: https://github.com/nodejs/node/pull/6060
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
9 years ago
Rod Vagg
5fc6938cff
2016-03-31 Version 0.10.44 (Maintenance) Release
Notable changes:
* npm: Upgrade to v2.15.1. IMPORTANT: This is a major upgrade to npm
v2 LTS from the previously deprecated npm v1. (Forrest L Norvell)
* npm: Upgrade to v2.15.1. Fixes a security flaw in the use of
authentication tokens in HTTP requests that would allow an attacker
to set up a server that could collect tokens from users of the
command-line interface. Authentication tokens have previously been
sent with every request made by the CLI for logged-in users,
regardless of the destination of the request. This update fixes this
by only including those tokens for requests made against the
registry or registries used for the current install. IMPORTANT:
This is a major upgrade to npm v2 LTS from the previously deprecated
npm v1. (Forrest L Norvell) https://github.com/nodejs/node/pull/5967
* openssl: OpenSSL v1.0.1s disables the EXPORT and LOW ciphers as they
are obsolete and not considered safe. This release of Node.js turns
on `OPENSSL_NO_WEAK_SSL_CIPHERS` to fully disable the 27 ciphers
included in these lists which can be used in SSLv3 and higher. Full
details can be found in our LTS discussion on the matter
(https://github.com/nodejs/LTS/issues/85 ).
(Shigeki Ohtsu) https://github.com/nodejs/node/pull/5712
PR-URL: https://github.com/nodejs/node/pull/5968
9 years ago
Rod Vagg
4882ec4e36
2016-03-31 Version 0.12.13 (LTS) Release
Notable changes:
* npm: Upgrade to v2.15.1. Fixes a security flaw in the use of
authentication tokens in HTTP requests that would allow an attacker
to set up a server that could collect tokens from users of the
command-line interface. Authentication tokens have previously been
sent with every request made by the CLI for logged-in users,
regardless of the destination of the request. This update fixes this
by only including those tokens for requests made against the
registry or registries used for the current install.
(Forrest L Norvell) https://github.com/nodejs/node/pull/5967
* openssl: OpenSSL v1.0.1s disables the EXPORT and LOW ciphers as they
are obsolete and not considered safe. This release of Node.js turns
on `OPENSSL_NO_WEAK_SSL_CIPHERS` to fully disable the 27 ciphers
included in these lists which can be used in SSLv3 and higher. Full
details can be found in our LTS discussion on the matter
(https://github.com/nodejs/LTS/issues/85 ).
(Shigeki Ohtsu) https://github.com/nodejs/node/pull/5712
PR-URL: https://github.com/nodejs/node/pull/5967
9 years ago