Releases: nodejs/node
2018-08-15, Version 10.9.0 (Current), @rvagg
This is a security release. All Node.js users should consult the security release summary at:
https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/
for details on patched vulnerabilities.
Fixes for the following CVEs are included in this release:
- CVE-2018-0732 (OpenSSL)
- CVE-2018-7166 (Node.js)
- CVE-2018-12115 (Node.js)
Notable Changes
- buffer:
- Fix out-of-bounds (OOB) write in
Buffer.write()
for UCS-2 encoding (CVE-2018-12115) - Fix unintentional exposure of uninitialized memory in
Buffer.alloc()
(CVE-2018-7166)
- Fix out-of-bounds (OOB) write in
- deps:
- Upgrade to OpenSSL 1.1.0i, fixing:
- Client DoS due to large DH parameter (CVE-2018-0732)
- ECDSA key extraction via local side-channel (CVE not assigned)
- Upgrade V8 from 6.7 to 6.8 (Michaël Zasso) #21079
- Memory reduction and performance improvements, details at: https://v8project.blogspot.com/2018/06/v8-release-68.html
- Upgrade to OpenSSL 1.1.0i, fixing:
- http:
http.get()
andhttp.request()
(andhttps
variants) can now accept three arguments to allow for aURL
and anoptions
object (Sam Ruby) #21616 - Added new collaborators
- Sam Ruby (https://github.com/rubys)
- George Adams (https://github.com/gdams)
Commits
- [
58a9ae118e
] - assert: fix loose assert with map and set (Ruben Bridgewater) #22145 - [
1c577016b8
] - benchmark: improve assert benchmarks (Ruben Bridgewater) #22211 - [
734323d9eb
] - buffer: stop alloc() uninitialized memory return (cjihrig) nodejs-private/node-private#137 - [
2c4c17b708
] - buffer: avoid overrun on UCS-2 string write (Rod Vagg) nodejs-private/node-private#138 - [
6622ac798d
] - buffer: use FastBuffer when fill is set to 0 (Сковорода Никита Андреевич) #21989 - [
f506a5f46e
] - build: make --shared-[...]-path work on Windows (Jeremy Apthorp) #21530 - [
1be6fb93c8
] - build: add CONFIG_FLAGS to with-code-cache target (Daniel Bevenius) [#22207](https
://github.com//pull/22207) - [
4520bb8a73
] - build: make tools/doc/node_modules non-phony (Daniel Bevenius) #22189 - [
c42ff4ebd8
] - build: add crypto check to build targets (Daniel Bevenius) #22148 - [
cdb8c1b44d
] - build: extract common parts from addon .buildstamp (Daniel Bevenius) #22171 - [
1e7a8c3016
] - build: reset embedder string to "-node.0" (Michaël Zasso) #21079 - [
86ab2c041e
] - crypto: remove unused SSLWrap handle methods (Jon Moss) #22216 - [
9212875406
] - crypto: simplify state failure handling (Tobias Nießen) #22131 - [
916a1d59f0
] - crypto: simplify Hmac::HmacUpdate (Tobias Nießen) #22132 - [
2dc7f17e8b
] - (SEMVER-MINOR) crypto: add better scrypt option aliases (Anna Henningsen) #21525 - [
fcf422e921
] - deps: backport c608122b from upstream (Ruben Bridgewater) #22210 - [
a07ccaeb19
] - deps: update archs files for OpenSSL-1.1.0i (Shigeki Ohtsu) #22318 - [
473996c90f
] - deps: add s390 asm rules for OpenSSL-1.1.0 (Shigeki Ohtsu) #19794 - [
05e48fd018
] - deps: upgrade openssl sources to 1.1.0i (Shigeki Ohtsu) #22318 - [
f8bc5d6320
] - deps: cherry-pick 09bca09 from upstream V8 (Matheus Marchini) #22068 - [
c69fdc9d5f
] - (SEMVER-MINOR) deps: remove thread_local to fix V8 compilation (Peter Marshall) #21668 - [
981fff714e
] - deps: refactor v8.gyp (Michaël Zasso) #22017 - [
5fa3ffad20
] - (SEMVER-MINOR) deps: patch the V8 API to be backwards compatible with 6.7 (Peter Marshall) #21668 - [
6eed40acbb
] - deps: cherry-pick 804a693 from upstream V8 (Matheus Marchini) #21855 - [
7eccaf86d6
] - deps: V8: Backport of 0dd3390 from upstream (James M Snell) #21899 - [
328c89925a
] - deps: cherry-pick 907d7bc from upstream V8 (Michaël Zasso) #21838 - [
afacfd2992
] - deps: cherry-pick 2075910 from upstream V8 (Michaël Zasso) #21838 - [
4f24256274
] - deps: cherry-pick 555c811 from upstream V8 (Anna Henningsen) #21741 - [
7b4272a14d
] - deps: cherry-pick 477df06 from upstream v8 (Gus Caplan) #21644 - [
a0bf7aa07c
] - deps: cherry-pick 70c4340 from upstream V8 (Matheus Marchini) #21126 - [
4994ac65b0
] - deps: cherry-pick acc336c from upstream V8 (Matheus Marchini) #21126 - [
be569f82f1
] - deps: cherry-pick b20faff from upstream V8 (Matheus Marchini) #21126 - [
6df5feb13f
] - deps: cherry-pick aa6ce3e from upstream V8 (Michaël Zasso) #21079 - [
8b9a956f9e
] - deps: cherry-pick 5dd3395 from upstream V8 (Matheus Marchini) #21386 - [
548008a6f6
] - deps: update v8.gyp and run Torque (Michaël Zasso) #21079 - [
9c74271a96
] - deps: update V8 to 6.8.275.24 (Michaël Zasso) #21079 - [
a3f3c40966
] - doc: simplify urlObject.hash text (Rich Trott) #22326 - [
d2848697dc
] - doc: simplify urlObject.hash description (Rich Trott) #22326 - [
6d29986f4d
] - doc: simplify format description of urlObject.auth (Rich Trott) #22324 - [
a658a4df34
] - doc: remove redundant explanation of format (Rich Trott) #22324 - [
3236697c0b
] - doc: use italics for words-as-words (Rich Trott) #22324 - [
da76b61f59
] - doc: bump ICU version to avoid confusion (Csaba Palfi) #22313 - [
e04b0532bf
] - doc: document 'inherit' option for stdio (non-shorthand) (James Bromwell) #22309 - [
882c2c017a
] - doc: clarify http2 docs around class exports (James M Snell) #22247 - [
dd96ba5b89
] - doc: add multiple issue templates for GitHub (Tobias Nießen) #22215 - [
d95a22c304
] - doc: declare al...
2018-08-15, Version 8.11.4 'Carbon' (LTS), @rvagg
This is a security release. All Node.js users should consult the security release summary at:
https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/
for details on patched vulnerabilities.
Fixes for the following CVEs are included in this release:
- CVE-2018-0732 (OpenSSL)
- CVE-2018-12115 (Node.js)
Notable Changes
- buffer: Fix out-of-bounds (OOB) write in
Buffer.write()
for UCS-2 encoding (CVE-2018-12115) - deps: Upgrade to OpenSSL 1.0.2p, fixing:
- Client DoS due to large DH parameter (CVE-2018-0732)
- ECDSA key extraction via local side-channel (CVE not assigned)
Commits
- [
fc14d812b7
] - buffer: avoid overrun on UCS-2 string write (Rod Vagg) nodejs-private/node-private#138 - [
8f59838ae7
] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) #1836 - [
97607f8622
] - deps: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) #1389 - [
46e4917d98
] - deps: fix openssl assembly error on ia32 win32 (Fedor Indutny) #1389 - [
1b93677a81
] - deps: copy all openssl header files to include dir (Shigeki Ohtsu) #22320 - [
ebf399473b
] - deps: upgrade openssl sources to 1.0.2p (Shigeki Ohtsu) #22320 - [
131c5ed438
] - openssl: fix keypress requirement in apps on win32 (Shigeki Ohtsu) #1389 - [
3139897ff5
] - test: fix error messages for OpenSSL-1.0.2p (Shigeki Ohtsu) #22320 - [
0c047c4d9a
] - test: update certificates and private keys (Fedor Indutny) #22184 - [
7c6d0f604b
] - test: update keys/Makefile to clean and build all (Daniel Bevenius) #19975
2018-08-15, Version 6.14.4 'Boron' (LTS), @rvagg
This is a security release. All Node.js users should consult the security release summary at:
https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/
for details on patched vulnerabilities.
Fixes for the following CVEs are included in this release:
- CVE-2018-0732 (OpenSSL)
- CVE-2018-12115 (Node.js)
Notable Changes
- buffer: Fix out-of-bounds (OOB) write in
Buffer.write()
for UCS-2 encoding (CVE-2018-12115) - deps: Upgrade to OpenSSL 1.0.2p, fixing:
- Client DoS due to large DH parameter (CVE-2018-0732)
- ECDSA key extraction via local side-channel (CVE not assigned)
Commits
- [
0052926476
] - buffer: avoid overrun on UCS-2 string write (Rod Vagg) nodejs-private/node-private#138 - [
dbe6551b89
] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) #1836 - [
7829bbcacb
] - deps: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) #1389 - [
cddca629b5
] - deps: fix openssl assembly error on ia32 win32 (Fedor Indutny) #1389 - [
e6014aed52
] - deps: copy all openssl header files to include dir (Shigeki Ohtsu) #22320 - [
37ddce514d
] - deps: upgrade openssl sources to 1.0.2p (Shigeki Ohtsu) #22320 - [
08a150fcca
] - inspector: don't bind to 0.0.0.0 by default (Ben Noordhuis) #21376 - [
19b9d7fd77
] - openssl: fix keypress requirement in apps on win32 (Shigeki Ohtsu) #1389 - [
7ccb0422fc
] - test: fix error messages for OpenSSL-1.0.2p (Shigeki Ohtsu) #22320 - [
58b9497ca8
] - test: update certificates and private keys (Fedor Indutny) #22184 - [
9863e11ea8
] - test: update keys/Makefile to clean and build all (Daniel Bevenius) #19975
2018-08-01, Version 10.8.0 (Current), @targos
Notable Changes
- deps:
- Upgrade npm to 6.2.0. #21592
- npm has moved. This release updates various URLs to point to the right
places for bugs, support, and PRs. - Fix the regular expression matching in
xcode_emulation
innode-gyp
to
also handle version numbers with multiple-digit major versions which would
otherwise break under use of XCode 10. - The npm tree has been significantly flattened. Tarball size for the npm
package has gone from 8MB to 4.8MB. - Changelogs:
6.2.0-next.0,
6.2.0-next.1,
6.2.0.
- npm has moved. This release updates various URLs to point to the right
- Upgrade npm to 6.2.0. #21592
Commits
- [
335575e49b
] - benchmark: remove arrays benchmark (Peter Marshall) #21831 - [
62024b651e
] - build: create V8 code cache after script is run (Joyee Cheung) #21567 - [
50ccda2a00
] - build: increase macOS minimum supported version (Michaël Zasso) #21883 - [
5e1ceaabaa
] - build: remove redundant Makefile target (Rich Trott) #21915 - [
4f00562ef0
] - build: add new benchmark targets (Kenny Yuan) #20905 - [
4c5fc5c7ce
] - build: move tonpm ci
where possible (Rich Trott) #21802 - [
e0f3d5703a
] - build,win,v8: allow precompiling objects-inl.h (João Reis) #21772 - [
87ed6e6351
] - (SEMVER-MINOR) deps: upgrade npm to 6.2.0 (Kat Marchán) #21592 - [
f868415cf6
] - deps: cherry-pick 804a693 from upstream V8 (Matheus Marchini) #21855 - [
b56c8ad879
] - deps: V8: Backport of 0dd3390 from upstream (James M Snell) #21899 - [
ec0ff7008a
] - deps: cherry-pick 907d7bc from upstream V8 (Michaël Zasso) #21838 - [
c23e8b51ea
] - deps: cherry-pick 2075910 from upstream V8 (Michaël Zasso) #21838 - [
40fedd3620
] - dgram: add getters/setters for private APIs (cjihrig) #21923 - [
98ef8cfb8e
] - dgram: make _createSocketHandle() internal only (cjihrig) #21923 - [
ae17d18013
] - dgram: hide underscored Socket properties (cjihrig) #21923 - [
b5b74382e0
] - dgram: hide _healthCheck() and _stopReceiving() (cjihrig) #21923 - [
b5ae33959b
] - doc: add pronouns to readme (Teddy Katz) #22036 - [
f4b6031e39
] - doc: clarify text about internal module changes (MaleDong) #22024 - [
1f9570bd10
] - doc: add missing worker error (Benjamin Gruenbaum) #21947 - [
67d7a15886
] - doc: fix typo in releases.md (Vitor Bruno de Oliveira Barth) #21990 - [
2a0fa4792e
] - doc: do not advise to cancel full CI on onboarding (Vse Mozhet Byt) #21977 - [
478dbee8fe
] - doc: replace deprecated CI job (Vse Mozhet Byt) #21938 - [
5b0c451e61
] - doc: add guide for updating N-API API surface (Hitesh Kanwathirtha) #21877 - [
96bb6052e9
] - doc: add node-test-commit-custom-suites to docs (Rich Trott) #21927 - [
c44df51249
] - doc: link n-api module init to multi-load addons (Gabriel Schulhof) #21891 - [
c3d9000111
] - doc: document http2 network error behaviour (Anna Henningsen) #21861 - [
e8d5787840
] - doc: document MODULE_NOT_FOUND error (Jacob Page) #21894 - [
5e562fd792
] - doc: fix sorting in thevm.Module
section (Vse Mozhet Byt) #21931 - [
eabe907e03
] - doc: fix descriptions of sync methods in fs.md (Tim Ruffles) #21747 - [
bd352f0298
] - doc: update and improve the release guide (Michaël Zasso) #21868 - [
fd5a0c7a1f
] - doc: fix incorrect method name (Anto Aravinth) #21908 - [
af1530e06d
] - doc: add cjihrig pronouns (cjihrig) #21901 - [
4d78a21d8c
] - doc: add missingrequire
to example in http2.md (Kevin Simper) #21858 - [
ab0da57150
] - doc: make minor improvements to collab guide (Rich Trott) #21862 - [
b510cdc756
] - doc: fix worker example to receive message (Sakthipriyan Vairamani (thefourtheye)) #21486 - [
d91742aa9a
] - fs: reduce memory retention when streaming small files (Anna Henningsen) #21968 - [
484140e223
] - fs: stop lazy loading stream constructors (Michaël Zasso) #21776 - [
8799f43fb0
] - http: revert "http: always emit close on req and res" (Michaël Zasso) #21809 - [
a5928712c9
] - http: name anonymous function in _http_common.js (Petras) #21755 - [
337b2df82f
] - http2: release request()'s "connect" event listener after it runs (James Ide) #21916 - [
1e15581823
] - http2: remove unused nghttp2 error list (Anna Henningsen) #21827 - [
baf3027c77
] - lib: remove usc-2 encoding (Brian White) #21964 - [
9817e405ee
] - (SEMVER-MINOR) lib,src: replace all C++ promises with JS promises (Ruben Bridgewater) #20830 - [
45816c50ac
] - n-api: guard against cond null dereference (Gabriel Schulhof) #21871 - [
2548f75a92
] - src: use UTF-8 for naming interfaces in unix (Ujjwal Sharma) #21926 - [
6b6a26bb8d
] - src: use kInternalized instead of kNormal (Ujjwal Sharma) #21926 - [
2c95b96e8e
] - src: remove calls to deprecated v8 functions (NewFromUtf8) (Ujjwal Sharma) #21926 - [
e0336b2891
] - src: fix may be uninitialized warning in n-api (Michael Dawson) #21898 - [
2f3a28dbf2
] - src: use available ReqWrap instance for libuv req (Jon Moss) [#21980](https://github...
2018-07-18, Version 10.7.0 (Current), @targos
Notable Changes
- console:
- The
console.timeLog()
method has been implemented. #21312
- The
- deps:
- http:
- Added support for passing both
timeout
andagent
options to
http.request
. #21204
- Added support for passing both
- inspector:
- Expose the original console API in
require('inspector').console
. #21659
- Expose the original console API in
- napi:
- Added experimental support for functions dealing with bigint numbers. #21226
- process:
- trace_events:
- Added process_name metadata. #21477
- Added new collaborators
- codebytere - Shelley Vohr
Commits
- [
8c97ffb2f5
] - assert: improve simple assert (Ruben Bridgewater) #21626 - [
9776f1cbef
] - benchmark: add n-api function args benchmark (Kenny Yuan) #21555 - [
576f1ea978
] - buffer: remove superfluous assignment (Tobias Nießen) #21844 - [
6bb2b5a51d
] - build: account for pure C sources inbuild-addons-napi
(Anna Henningsen) #21797 - [
c02fb88936
] - build: enabling lto at configure (Octavian Soldea) #21677 - [
2a0862cec9
] - console: fix timeEnd() not coercing the input (Ruben Bridgewater) #21779 - [
f3c397cd21
] - (SEMVER-MINOR) console: implement timeLog method (Michaël Zasso) #21312 - [
73cafd853c
] - console,util: avoid pair array generation in C++ (Anna Henningsen) #20831 - [
d9825c7a16
] - crypto: prevent Sign::SignFinal from crashing (Tobias Nießen) #21815 - [
07cce880bf
] - crypto: handle OpenSSL error queue in CipherBase (Tobias Nießen) #21288 - [
355c5e3c95
] - deps: cherry-pick 555c811 from upstream V8 (Anna Henningsen) #21741 - [
42d75392c5
] - deps: patch V8 to 6.7.288.49 (Myles Borins) #21727 - [
6920091488
] - deps: upgrade to libuv 1.22.0 (cjihrig) #21731 - [
122ae24f62
] - deps: icu 62.1 bump (Unicode 11, CLDR 33.1) (Steven R. Loomis) #21728 - [
a5233c7e17
] - deps: cherry-pick 477df06 from upstream v8 (Gus Caplan) #21644 - [
506631a9f9
] - doc: fix structure and formatting in inspector.md (Vse Mozhet Byt) #21709 - [
53b587a5af
] - doc: add documentation for buffer.byteOffset (Andreas Madsen) #21718 - [
51dfebf9ac
] - doc: fix vm.runInNewContext signature (Michaël Zasso) #21824 - [
10f9374ea3
] - doc: make markdown input compliant (Sam Ruby) #21780 - [
02982998db
] - doc: add my pronoun (Ruben Bridgewater) #21813 - [
ca8c96035a
] - doc: update readme with my pronouns (Lance Ball) #21818 - [
d33281b36f
] - doc: prevent some redirections (Vse Mozhet Byt) #21811 - [
0de0f89d0c
] - doc: add "Edit on GitHub" link (Rich Trott) #21703 - [
7ab6efdb94
] - doc: add policy for landing new npm releases (Myles Borins) #21594 - [
3d93273bf7
] - doc: add OS X to instead of only macOS (XadillaX) #21033 - [
577d24baa4
] - doc: fix module.children description (Travis Fischer) #21672 - [
cd6601b87a
] - doc: fix HTTP res 'finish' description (Sergey Zelenov) #21670 - [
51db88b0f1
] - doc: fix http2stream.pushStream error doc (Сковорода Никита Андреевич) #21487 - [
6e1917a596
] - doc: update changelog with 9.x EOL (Сковорода Никита Андреевич) #21612 - [
cd77d8782a
] - doc: improve documentation of fs sync methods (iwko) #21243 - [
1044bafec4
] - doc: remove _Node.js style callback_ (Rich Trott) #21701 - [
971679328e
] - doc: add codebytere as collaborator (Shelley Vohr) #21700 - [
034fe19862
] - doc: add links to inline HTML table (Rich Trott) #21678 - [
04eed2342d
] - doc: remove "note that" from fs doc (Rich Trott) #21646 - [
c8d5bab022
] - doc: fix doc for napi_create_function (Gabriel Schulhof) - [
f7aa22a0eb
] - doc: improve guide text for CI runs (Rich Trott) #21645 - [
6f8ebc08b9
] - doc: unify spelling of backpressure (Thomas Watson) #21630 - [
3fffc7e95f
] - errors: fix undefined HTTP2 and tls errors (Shailesh Shekhawat) #21564 - [
b758006c23
] - fs: fix fsPromises.lchmod error on non-Mac (Masashi Hirano) #21435 - [
4fa7150962
] - fs: support pseudofiles in promises.readFile (Timothy Gu) #21497 - [
bba500d0ea
] - (SEMVER-MINOR) http: fix request with option timeout and agent (killagu) #21204 - [
0b3c80ca31
] - http2: fix issues with abortedrespondWithFile()
s (Anna Henningsen) #21561 - [
238ef58841
] - http2: removewaitTrailers
listener after closing a stream (RidgeA) #21764 - [
07160cd2fd
] - http2: order declarations in core.js (Rich Trott) #21689 - [
c88af232c8
] - http2: pass incoming set-cookie header as array (Gerhard Stoebich) #21360 - [
2922028362
] - (SEMVER-MINOR) inspector: expose original console (Matteo Collina) #21659 - [
b2291296ef
] - inspector: split main thread interface from transport (Eugene Ostroukhov) #21182 - [[
4ed4bf3bdd
](https://github.com...
2018-07-04, Version 10.6.0 (Current), @targos
Notable Changes
- dns:
- An experimental promisified version of the dns module is now available. Give
it a try withrequire('dns').promises
. #21264
- An experimental promisified version of the dns module is now available. Give
- fs:
fs.lchown
has been undeprecated now that libuv supports it. #21498
- lib:
- n-api:
- Add API for asynchronous functions. #17887
- util:
util.inspect
is now able to return a result instead of throwing when the
maximum call stack size is exceeded during inspection. #20725
- vm:
- Add
script.createCachedData()
. This API replaces theproduceCachedData
option of theScript
constructor that is now deprecated. #20300
- Add
- worker:
- Support for relative paths has been added to the
Worker
constructor. Paths
are interpreted relative to the current working directory. #21407
- Support for relative paths has been added to the
Commits
- [
a526b4e2c7
] - atomis: add notify alias (Gus Caplan) #21413 - [
9030e933f4
] - benchmark: create napi benchmark directory (Rich Trott) #21046 - [
3d3dbae7d8
] - build: remove requirement to re-run ./configure (Anna Henningsen) #21371 - [
a7505c029a
] - build: speed up startup with V8 code cache (Joyee Cheung) #21405 - [
7d2fe5d770
] - build: improve Travis CI settings (Timothy Gu) #21459 - [
225063184d
] - build: fail on instrumentation errors (Benjamin Coe) #21071 - [
6f80e305d0
] - build: build addons in parallel on Windows (Bartosz Sosnowski) #21403 - [
42f5ff8346
] - build: add crypto check to markdown lint target (Daniel Bevenius) #21326 - [
c214403c1a
] - build: fix building with --build-v8-with-gn (Yang Guo) #21330 - [
76ef7acf6d
] - (SEMVER-MINOR) build, win: make LTCG optional (Bartosz Sosnowski) #21186 - [
45a83760ec
] - crypto: fix UB in computing max message size (Ben Noordhuis) #21462 - [
fefa57a7a4
] - crypto: remove outdated comment (Timothy Gu) #21511 - [
e7776c63da
] - crypto: refer to correct deprecation id in comment (Michaël Zasso) #21399 - [
b30840da5f
] - deps: fix gypi sysroot settings on V8 (Matheus Marchini) #21494 - [
a48d98ef04
] - deps: float fix on node-gyp in npm tree (Myles Borins) #21448 - [
fe6d707bc4
] - deps: float 0c27d793 from openssl (ECDSA blinding) (Rod Vagg) #21345 - [
f162939c32
] - deps: upgrade to libuv 1.21.0 (cjihrig) #21466 - [
62ca2cf21c
] - deps: cherry-pick 70c4340 from upstream V8 (Matheus Marchini) #21126 - [
ab27e0e785
] - deps: cherry-pick acc336c from upstream V8 (Matheus Marchini) #21126 - [
37a5c8c2ff
] - deps: cherry-pick b20faff from upstream V8 (Matheus Marchini) #21126 - [
4663d1c22e
] - deps: backport aa6ce3e from upstream V8 (Matheus Marchini) #21126 - [
5d7218965d
] - deps: cherry-pick 5dd3395 from upstream V8 (Matheus Marchini) #21386 - [
18179f8ae9
] - (SEMVER-MINOR) dns: remove Resolver#cancel() from promises API (cjihrig) #21264 - [
aa864ba4a9
] - (SEMVER-MINOR) dns: add promisified dns module (cjihrig) #21264 - [
1d73ba8322
] - doc: fix some links (Vse Mozhet Byt) #21619 - [
24bc6ab726
] - doc: fix some typos in N-API docs (Vse Mozhet Byt) #21614 - [
cadc74d92d
] - doc: fix heading level in errors.md (Vse Mozhet Byt) #21618 - [
eb6dcf2696
] - doc: fix typo in fs.md (Hugo Josefson) #21579 - [
e081866f64
] - doc: add DataView to appropriate crypto methods (Gerhard Stoebich) #21549 - [
51a434f711
] - doc: fix some typos in deprecations.md and vm.md (Vse Mozhet Byt) #21569 - [
0f1d73761d
] - doc: fix function name in process.md (Joonas Rouhiainen) #21523 - [
bc28398cbe
] - doc: separate unrelated info about child_process.exec() (Charmander) #21516 - [
504c0cdd01
] - doc: fix code example and formatting in crypto.md (Victor Belozyorov) #21500 - [
511d610dca
] - doc: updated docs to include --experimental-worker flag (Jo Colina) #21461 - [
c050279d23
] - doc: add bcoe as collaborator (Benjamin Coe) #21536 - [
f5fc412092
] - doc: clarify setServers() methods in dns.md (Shivang Saxena) #21469 - [
4647f61a94
] - doc: Improve doc for Http2 headers object (Gerhard Stoebich) #21296 - [
6cca5a8b0e
] - doc: update AUTHORS list (Michaël Zasso) #21468 - [
de195d50dd
] - doc: update LICENSE file (Rich Trott) #21472 - [
dad782165a
] - doc: fix sort in sections, lists, tables of dns.md (Vse Mozhet Byt) #21505 - [
dbd810e5d4
] - doc: show options arg to new Worker is optional (Thomas Watson) #21508 - [
23598239d1
] - doc: fix HTTP req/res 'close' description (Robert Nagy) #21047 - [
02bc99daa7
] - doc: correct parameters, return types in crypto.md (ZaneHannanAU) #21420 - [
5bb6e5c5df
] - doc: restore documentation for two error codes (Сковорода Никита Андреевич) #21484 - [
c324b85a15
] - doc: sort error codes in errors.md (Сковорода Никита Андреевич) #21485 - [
361e4f250c
] - doc: ...
2018-06-20, Version 10.5.0 (Current), @targos
Notable Changes
- crypto:
- Support for
crypto.scrypt()
has been added. #20816
- Support for
- fs:
- Worker Threads:
- Support for multi-threading has been added behind the
--experimental-worker
flag in theworker_threads
module. This feature
is experimental and may receive breaking changes at any time. #20876
- Support for multi-threading has been added behind the
Commits
- [
a6986fe8b6
] - async_hooks: remove deprecated example (Mathias Buus) #20998 - [
4b9817bf1e
] - benchmark: disable only the ESLint rule needing it (Rich Trott) #21133 - [
ecba1c57b1
] - (SEMVER-MINOR) benchmark: port cluster/echo to worker (Timothy Gu) #20876 - [
02adb2d62c
] - (SEMVER-MINOR) build: expose openssl scrypt functions to addons (Ben Noordhuis) #20816 - [
c3fbac432f
] - build: install markdown linter for travis (Richard Lau) #21215 - [
896017b134
] - build: build addon tests in parallel (Anna Henningsen) #21155 - [
76927fc734
] - build: stop distclean from deleting v8 files (Ujjwal Sharma) #21164 - [
b044256f2a
] - build: use LC_ALL of C for maximum compatibility (Rich Trott) #21222 - [
78c7d666fb
] - build: don't change locale on smartos (Refael Ackermann) #21220 - [
c688a00a6d
] - build: fix 'gas_version' check on localized environments (Evandro Oliveira) #20394 - [
79b3423fb5
] - build: initial .travis.yml implementation (Anna Henningsen) #21059 - [
ea4be72f22
] - child_process: swallow errors in internal communication (Anatoli Papirovski) #21108 - [
9981220e2a
] - crypto: fix behavior of createCipher in wrap mode (Tobias Nießen) #21287 - [
d0cb9cbb35
] - (SEMVER-MINOR) crypto: drop Math.pow(), use static exponentation (Ben Noordhuis) #20816 - [
2d9c3cc89d
] - (SEMVER-MINOR) crypto: refactor randomBytes() (Ben Noordhuis) #20816 - [
6262fa44d6
] - (SEMVER-MINOR) crypto: refactor pbkdf2() and pbkdf2Sync() methods (Ben Noordhuis) #20816 - [
c9b4592dbf
] - (SEMVER-MINOR) crypto: add scrypt() and scryptSync() methods (Ben Noordhuis) #20816 - [
495756264a
] - (SEMVER-MINOR) crypto: DRY type checking (Ben Noordhuis) #20816 - [
e4a7e0d28b
] - deps: float ea7abee from openssl / CVE-2018-0732 (Rod Vagg) #21282 - [
0b90b071c4
] - deps: Upgrade node-inspect to 1.11.5 (Jan Krems) #21055 - [
ffc29c12da
] - deps: patch V8 to 6.7.288.46 (Myles Borins) #21260 - [
14bb905d18
] - deps: V8: cherry-pick a440efb27f from upstream (Yang Guo) #21022 - [
65b9c427ac
] - dns: improve setServers() errors and performance (Jamie Davis) #20445 - [
bc20ec0c0f
] - doc: eliminate _you_ from N-API doc (Rich Trott) #21382 - [
318d6831bf
] - doc: use imperative in COLLABORATOR_GUIDE (Rich Trott) #21340 - [
177a7c06a8
] - doc: remove obsolete wiki references from BUILDING (Rich Trott) #21369 - [
15023df050
] - doc: add davisjam to collaborators (Jamie Davis) #21273 - [
17c21b67ac
] - doc: fix indentation in console.md (Vse Mozhet Byt) #21367 - [
ef74368416
] - doc: fix heading of optional console method args (Michaël Zasso) #21311 - [
4f17841c20
] - doc: use Class Method label consistently (Rich Trott) #21357 - [
4566ebacf4
] - doc: wrap style guide at 80 characters (Rich Trott) #21361 - [
6c41f33571
] - doc: wrap pull-requests.md at 80 characters (Rich Trott) #21361 - [
b8213f17cc
] - doc: remove linking of url text to url (Rich Trott) #21361 - [
3f78220c2b
] - doc: correct styling of _GitHub_ in onboarding doc (Rich Trott) #21361 - [
9e994cb119
] - doc: wrap releases.md at 80 chars (Rich Trott) #21361 - [
e00e5e6d5d
] - doc: switch the order of Writable and Readable (Joseph Gordon) #21333 - [
e1b571d6b7
] - doc: make Deprecation cycle explanation more brief (Rich Trott) #21303 - [
df0f7a3b4d
] - doc: clarify async execute callback usage (Michael Dawson) #21217 - [
c5a65594ef
] - doc: move 5 collaborators to emeritus status (Rich Trott) #21272 - [
c1d53f86f8
] - doc: update NODE_OPTIONS section in cli.md (Vse Mozhet Byt) #21229 - [
13fd09bfa7
] - doc: add build wg info to releases.md (Jon Moss) #21275 - [
0da910f9a5
] - doc: move Italo A. Casas to Release Emeritus (Myles Borins) #21315 - [
6f7de0b8d9
] - doc: trim deprecation level definition text (Rich Trott) #21241 - [
dd2fc90dcf
] - doc: fix reference to workerData in worker_threads (Jeremiah Senkpiel) #21180 - [
5e46c16371
] - doc: fix type in stream doc (Aliaksei Tuzik) #21178 - [
85dc9ac418
] - doc: add Michaël Zasso to Release team (Michaël Zasso) #21114 - [
5fa5ab6c48
] - doc: naming function as suggested in addon docs (Tommaso Allevi) #21067 - [
fe5d35123b
] - (SEMVER-MINOR) doc: document BigInt supp...
2018-06-12, Version 10.4.1 (Current), @evanlucas
Notable Changes
- Fixes memory exhaustion DoS (CVE-2018-7164): Fixes a bug introduced in 9.7.0 that increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream.
- http2
- (CVE-2018-7161): Fixes Denial of Service vulnerability by updating the http2 implementation to not crash under certain circumstances during cleanup
- (CVE-2018-1000168): Fixes Denial of Service vulnerability by upgrading nghttp2 to 1.32.0
- tls (CVE-2018-7162): Fixes Denial of Service vulnerability by updating the TLS implementation to not crash upon receiving
- n-api: Prevent use-after-free in napi_delete_async_work
Commits
- [
1bbfe9a72b
] - build: fix configure script for double-digits (Misty De Meo) #21183 - [
4c90ee8fc6
] - deps: update to nghttp2 1.32.0 (James M Snell) nodejs-private/node-private#117 - [
e5c2f575b1
] - deps: patch V8 to 6.7.288.45 (Michaël Zasso) #21192 - [
03ded94ffe
] - deps: patch V8 to 6.7.288.44 (Michaël Zasso) #21146 - [
4de7e0c96c
] - deps,npm: float node-gyp patch on npm (Rich Trott) #21239 - [
92d7b6c9a0
] - fs: fix promises reads with pos > 4GB (cjihrig) #21148 - [
8681402228
] - http2: fixup http2stream cleanup and other nits (James M Snell) nodejs-private/node-private#115 - [
53f8563353
] - n-api: back up env before async work finalize (Gabriel Schulhof) #21129 - [
9ba8ed1371
] - src: re-addRealloc()
shrink after reading stream data (Anna Henningsen) nodejs-private/node-private#128 - [
8e979482fa
] - Revert "src: restore stdio on program exit" (Evan Lucas) #21257 - [
cb5ec64956
] - src: reset TTY mode before cleaning up resources (Anna Henningsen) #21257 - [
ae5567eaea
] - test: add regression test for nghttp2 CVE-2018-1000168 (James M Snell) nodejs-private/node-private#117 - [
e87bf625dd
] - test: add tls write error regression test (Shigeki Ohtsu) nodejs-private/node-private#127 - [
eea2bce58d
] - tls: fix SSL write error handling (Anna Henningsen) nodejs-private/node-private#127 - [
1e49eadd68
] - tools,gyp: fix regex for version matching (Rich Trott) #21216
2018-06-12, Version 9.11.2 (Current), @evanlucas
Notable Changes
- Fixes memory exhaustion DoS (CVE-2018-7164): Fixes a bug introduced in 9.7.0 that increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream.
- buffer (CVE-2018-7167): Fixes Denial of Service vulnerability where calling Buffer.fill() could hang
- http2
- (CVE-2018-7161): Fixes Denial of Service vulnerability by updating the http2 implementation to not crash under certain circumstances during cleanup
- (CVE-2018-1000168): Fixes Denial of Service vulnerability by upgrading nghttp2 to 1.32.0
- tls (CVE-2018-7162): Fixes Denial of Service vulnerability by updating the TLS implementation to not crash upon receiving
Commits
- [
65ed3213ca
] - deps: update to nghttp2 1.32.0 (James M Snell) nodejs-private/node-private#124 - [
f0af3b09bd
] - doc: buffer.fill() can zero-fill on invalid input (Сковорода Никита Андреевич) nodejs-private/node-private#120 - [
828159fcd4
] - http2: fixup http2stream cleanup and other nits (James M Snell) nodejs-private/node-private#122 - [
be103eba41
] - src: re-addRealloc()
shrink after reading stream data (Anna Henningsen) nodejs-private/node-private#129 - [
555696df51
] - src: avoid hanging on Buffer#fill 0-length input (Сковорода Никита Андреевич) nodejs-private/node-private#120 - [
7684ba63c4
] - test: add tls write error regression test (Shigeki Ohtsu) nodejs-private/node-private#130 - [
0ab90acaf3
] - test: add regression test for nghttp2 CVE-2018-1000168 (James M Snell) nodejs-private/node-private#124 - [
84f23d2f12
] - tls: fix SSL write error handling (Anna Henningsen) nodejs-private/node-private#130
2018-06-12, Version 8.11.3 'Carbon' (LTS), @evanlucas
Notable Changes
- buffer (CVE-2018-7167): Fixes Denial of Service vulnerability where calling Buffer.fill() could hang
- http2
- (CVE-2018-7161): Fixes Denial of Service vulnerability by updating the http2 implementation to not crash under certain circumstances during cleanup
- (CVE-2018-1000168): Fixes Denial of Service vulnerability by upgrading nghttp2 to 1.32.0
Commits
- [
e1ff7c3cbc
] - deps: update to nghttp2 1.32.0 (James M Snell) nodejs-private/node-private#125 - [
c5a2748d8f
] - doc: buffer.fill() can zero-fill on invalid input (Сковорода Никита Андреевич) nodejs-private/node-private#119 - [
354f2d97ff
] - http2: fixup http2stream cleanup and other nits (James M Snell) nodejs-private/node-private#123 - [
25c5111ca4
] - src: avoid hanging on Buffer#fill 0-length input (Сковорода Никита Андреевич) nodejs-private/node-private#119 - [
10c5adf19b
] - test: addRealloc()
shrink after reading stream data test (Anna Henningsen) nodejs-private/node-private#132 - [
bc91220ca2
] - test: add tls write error regression test (Shigeki Ohtsu) nodejs-private/node-private#131 - [
acd11b01c4
] - test: add regression test for nghttp2 CVE-2018-1000168 (James M Snell) nodejs-private/node-private#125