Releases: apigee/trireme
Trireme 0.9.1
This release is based on Rhino 1.7.8.
The main feature of that release is a new object model that is resistant to "hash flooding" attacks. This makes it especially important as it makes Trireme applications more resilient when they are accepting untrusted HTTP requests.
Trireme 0.9.0
(This release was pushed on September 28, 2017 -- the GitHub release page was not updated properly at the time.)
Issue 143 Properly return undefined when accessing
a negative Buffer index.
Issue 161 Support a larger number of hashes
in crypto.createHash and crypto.createVerify, so that Trireme is more compatible with regular
Node, which uses a cipher list of OpenSSL which is much more lenient.
In addition:
- Upgrade to Rhino 1.7.7.2.
See the release notes there for details of what was fixed. - Pull code from a newer Node branch so that http.get() with numeric authorization does not
create an unitialized buffer. - Fix the HTTP adapter (used in Apigee Edge) so that uncaught exceptions are properly bubbled up
to the top level of the script rather than crashing. - Fix PBKDF2 support to work with Buffers as well as strings. crypto.pbkdf2 is now compatible
with "regular" Node.
Trireme 0.8.9
This release fixes a few small bugs, especially in TLS. It also upgrades to Rhino 1.7.7.1, which fixes a few other small bugs and vulnerabilities.
Issue 137 Properly follow symlinks in fs.readdir().
Issue 139 Support PKCS#8 keys for the crypto "createSign" method.
Issue 144 Properly handle intermediate TLS certs.
Issue 145 Create a launcher that emulates the setup of Apigee Edge.
Trireme 0.8.8
In addition to the fixes below, this release makes progress on support for Node.js 0.12. Both versions
0.10 and 0.12 are included in the "trireme" NPM package and in the default JAR. Users may now select
either version when starting the script.
Support for 0.12 is still experimental. Most modules work well, however the child_process module in general
is not complete and that hinders testing for some of the other modules.
Issue 87 Fix flow control for HTTP requests and responses that
use the HTTP adapter. This prevents OOMs when large messages are streamed using HTTP using the Netty
adapter, the servlet adapter, and on Apigee Edge.
Issue 96 Change the Buffer class to use much more code
from regular Node.js so that it is is more compatible.
Issue 126 Change the way that the class loader is set up
in the "trireme-support" module so that a custom class loader may be set up for the JAR files that
this module loads.
Issue 128 Fix the way that TLS/SSL ciphersuites are translated
from OpenSSL format to Java SSLEngine cipher suites. The new method is much more compatible with
OpenSSL and many more applications should work that depend on particular ciphers.
Also, some of the callbacks in the HTTP module were fixed in the HTTP adapter so that they work the same
way as they do without the adapter, such as the "close" and "finish" callbacks.
Sadly, Node.js 4.0 is out and much of the source code won't compile with the current version of Rhino
due to dependence on ES6 features. The Rhino project is making progress on ES6 support but it will take
some time. The Nashorn script engine in Java 8 cannot compile this code either due to a different
set of ES6 incompatibilities.
Trireme 0.8.7
A few critical issues which were breaking Apigee customers' apps.
Issue 124 Add the "_implicitHeader" to the HTTP adapter,
because this undocumented function is used in some very common Compress middleware.
Issue 125 Fix command-line processing, which was swallowing
arguments that start with "--" even if they appear after the name of the script. This broke NPM.
Trireme 0.8.6
In addition to a Rhino upgrade and the fixes below, this release is the first two support multiple versions
of Node. The default version is based on Node 0.10.32, but there is an alternate version based on
Node 0.11.15. Scripts based on both implementations may run at the same time in the same JVM,
using the same instance of NodeEnvironment, or using different instances.
To try the new version in embedded code, call "setNodeVersion" on NodeScript using the value "0.11.x",
or call "setDefaultNodeVersion" on NodeEnvironment.
We expect that the next version of Trireme will include support for 0.12, and it will be the default.
Issue 115 Add mappings for new TLS ciphers introduced in Java 8.
Issue 116 Change process.memoryUsage() so that it correctly reports a "heapUsed" number based on the amount of data that is actually free in the heap so that scripts can use it to take action when memory is growing short.
Issue 118 Fix TLS verification so that it works properly with ECDH-derived cipher suites. This was causing TLS connections to "www.facebook.com" to fail.
Issue 119 Handle thread pool exhaustion by blocking the main thread rather than by exiting the script. This slows things down but makes the whole system much more robust.
Issue 114 Fix TriremeServlet so that it properly reads large bodies coming from the client without corruption.
Issue 120 Speed up Trireme startup.
Also, upgrade to Rhino 1.7.7. This fixes a bug with calling "toJSON" on certain Error objects, and
introduces support for native arrays, among many other things. (Native arrays like Int32Array are
used in an increasing number of Node projects since V8 supports them even without the --harmony flag.
Trireme 0.8.5
Issue 98 Add support for the "trireme-support" module, which initially has support only for the "loadJars" method, which loads JAR files into the current script and scans them for "native" modules implemented in Java using the "NodeModule" and "NodeScriptModule" interfaces.
Trireme 0.8.4
This is a bug fix for a few important bugs. The next release may include some more refactoring.
- Issue 90 Make "attachments" to the HTTP adapter's request
object non-enumerable so that they don't blow up util.inspect. - Issue 91 Support case-insensitive retrieval of environment
variables, like Windows. This makes variables like "Path" work on Windows. - Issue 92 Fix the string encoding and decoding mechanisms so
that characters that are not valid for the current character set are converted into a "replacement" character
rather than causing string encoding to stop. - Issue 94 Repeated HTTP requests sometimes fail because
of problems with resetting the state of the HTTP parser that the "http" module tries to cache. (Said caching
may be important with regular Node, but in Trireme is has no performance benefit.)
Trireme 0.8.2
- Take JavaScript code patches from Node.js 10.32.
- Issue 59 Add an internal module to support the trireme-jdbc module. This lets apps built on Trireme access databases using JDBC drivers.
- Issue 79 Re-factor the TLS implementation to be based on the "Context" and "Connection" interfaces that standard Node.js supports. This makes the TLS code much more compatible with Node.js modules that depend on internal details of TLS.
- Issue 86: Support the internal "natives" module so that modules that do horrible things like monkey-patch internal Node.js source code can work on Trireme. This affects NPM 2.0.
- Add "setDisplayName()" to the NodeScript interface, making it possible to give each Trireme script thread a unique name.
- Add "setDefaultTimeout()" to the HttpServerStub interface. This lets code that embeds Trireme using the HTTP adapter can have HTTP requests time out even if the user does not specify an explicit timeout.
Trireme 0.8.1
- Issue 66 Use NIO to implement the datagram (aka UDP)
module for better performance. - Issue 81 Remove Trireme's Java implementation of
"iconv-lite," which was not compatible with the version on NPM. The standard "iconv-lite" module now
works, although it is very slow for unusual character sets like "big5" because those are now implemented
in JavaScript rather than using native Java character sets. (ASCII, UTF8, and other standards still
use the Java platform and are as fast or faster than native Node.) This also fixes a bug with
recent versions of the Express / connect "body parser" middleware. - Issue 82 Add fields to the HTTP adapter to prevent a race
condition when recent versions of Connect "send-static" middleware try to use undocumented internal
fields. (This only affects the "HTTP adapter" which is not used by all users of Trireme.)
Other issues:
- Upgrade to version 1.50 of Bouncy Castle.
- Fix path translation for filesystems mounted outside root (t-beckmann)
- Fix SSL support to always emit Error objects on error (t-beckmann)
- Fix /?/ UNC path prefix (t-beckmann)
- Unwrap Rhino "Wrapper" objects (t-beckmann)
- Fix "binary" character set to handle unsigned values properly (t-beckmann)
- A number of other small but important fixes from Thomas Beckmann. Thanks!