Skip to content
This repository was archived by the owner on Mar 22, 2023. It is now read-only.

Translate "Node v16.11.1 (Current)" #1184

Merged
marocchino merged 1 commit into from
Jan 2, 2022
Merged

Translate "Node v16.11.1 (Current)" #1184

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
106 changes: 106 additions & 0 deletions source/_posts/2021-10-12-release-v16.11.1.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
---
category: articles
title: Node v16.11.1(현재 버전)
author: Danielle Adams
ref: Node v16.11.1 (Current)
refurl: https://nodejs.org/en/blog/release/v16.11.1
translator: outsideris
---

<!--
### Notable changes

* **CVE-2021-22959**: HTTP Request Smuggling due to spaced in headers (Medium)
* The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at [CVE-2021-22959](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959) after publication.
* **CVE-2021-22960**: HTTP Request Smuggling when parsing the body (Medium)
* The parse ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. More details will be available at [CVE-2021-22960](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960) after publication.
-->

### 주요 변경사항

* **CVE-2021-22959**: 헤더에 있는 공백으로 인해 발생하는 HTTP Request Smuggling 취약점 (중간)
* HTTP 파서는 헤더 이름과 콜론 사이에 공백이 있는 요청도 허용합니다. 이로 인해 HTTP Request Smuggling(HRS) 취약점이 발생할 수 있습니다. 자세한 내용은 [CVE-2021-22959](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959)가 공개되고 나면 확인할 수 있습니다.
* **CVE-2021-22960**: 요청 본문(body)을 해석할 때의 HTTP Request Smuggling 취약점 (중간)
* 몇 개로 분할된 요청의 본문을 파싱할 때 chunk 확장은 무시합니다. 이로 인해 특정 상황에서 HTTP Request Smuggling(HRS) 취약점이 발생할 수 있습니다. 자세한 내용은 [CVE-2021-22960](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960)이 공개되고 나면 확인할 수 있습니다.

### Commits

* [[`af488f8dc8`](https://github.com/nodejs/node/commit/af488f8dc8)] - **deps**: update llhttp to 6.0.4 (Matteo Collina) [nodejs-private/node-private#284](https://github.com/nodejs-private/node-private/pull/284)
* [[`2d1eefad98`](https://github.com/nodejs/node/commit/2d1eefad98)] - **http**: add regression test for smuggling content length (Matteo Collina) [nodejs-private/node-private#284](https://github.com/nodejs-private/node-private/pull/284)
* [[`45d419ab1c`](https://github.com/nodejs/node/commit/45d419ab1c)] - **http**: add regression test for chunked smuggling (Matteo Collina) [nodejs-private/node-private#284](https://github.com/nodejs-private/node-private/pull/284)

Windows 32-bit Installer: https://nodejs.org/dist/v16.11.1/node-v16.11.1-x86.msi<br>
Windows 64-bit Installer: https://nodejs.org/dist/v16.11.1/node-v16.11.1-x64.msi<br>
Windows 32-bit Binary: https://nodejs.org/dist/v16.11.1/win-x86/node.exe<br>
Windows 64-bit Binary: https://nodejs.org/dist/v16.11.1/win-x64/node.exe<br>
macOS 64-bit Installer: https://nodejs.org/dist/v16.11.1/node-v16.11.1.pkg<br>
macOS Apple Silicon 64-bit Binary: https://nodejs.org/dist/v16.11.1/node-v16.11.1-darwin-arm64.tar.gz<br>
macOS Intel 64-bit Binary: https://nodejs.org/dist/v16.11.1/node-v16.11.1-darwin-x64.tar.gz<br>
Linux 64-bit Binary: https://nodejs.org/dist/v16.11.1/node-v16.11.1-linux-x64.tar.xz<br>
Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v16.11.1/node-v16.11.1-linux-ppc64le.tar.xz<br>
Linux s390x 64-bit Binary: https://nodejs.org/dist/v16.11.1/node-v16.11.1-linux-s390x.tar.xz<br>
AIX 64-bit Binary: https://nodejs.org/dist/v16.11.1/node-v16.11.1-aix-ppc64.tar.gz<br>
ARMv7 32-bit Binary: https://nodejs.org/dist/v16.11.1/node-v16.11.1-linux-armv7l.tar.xz<br>
ARMv8 64-bit Binary: https://nodejs.org/dist/v16.11.1/node-v16.11.1-linux-arm64.tar.xz<br>
Source Code: https://nodejs.org/dist/v16.11.1/node-v16.11.1.tar.gz<br>
Other release files: https://nodejs.org/dist/v16.11.1/<br>
Documentation: https://nodejs.org/docs/v16.11.1/api/

### SHASUMS

```
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

f386076358c470150cd8ad5cc18f008ec51d146ad2e66345fcd063f7228a5d95 node-v16.11.1-aix-ppc64.tar.gz
5e772e478390fab3001b7148a923e4f22fca50170000f18b28475337d3a97248 node-v16.11.1-darwin-arm64.tar.gz
aebaf4eed1c2c522800f6c0fab3ae08ffcaf298d05a38ac738aa0047308e8ad7 node-v16.11.1-darwin-arm64.tar.xz
ba54b8ed504bd934d03eb860fefe991419b4209824280d4274f6a911588b5e45 node-v16.11.1-darwin-x64.tar.gz
ca25f6ebb10713cd545998bbc9d3715511e321d304b376574f3dd4ce9b70f75e node-v16.11.1-darwin-x64.tar.xz
c365177ca0ff05dc59c4e9200186fb1a37ca5e37262dc15b3d9bb2df7b6d0079 node-v16.11.1-headers.tar.gz
33407d35fb23b2f467de27c12442ed50f07b9e9756107b8f6a8686897bd2f5d9 node-v16.11.1-headers.tar.xz
d51b372477287ee41e5bf2d90972868ed28b5c5465bc2df14e86c398926916c1 node-v16.11.1-linux-arm64.tar.gz
083fc51f0ea26de9041aaf9821874651a9fd3b20d1cf57071ce6b523a0436f17 node-v16.11.1-linux-arm64.tar.xz
73f424921efe9f5fe8ce05b047f0553ea794596396e01d68e5468a83b6d99b66 node-v16.11.1-linux-armv7l.tar.gz
1763c8858c0b5151427076db51cbb614dc30c249b09ec4eb80642d67e4cab85c node-v16.11.1-linux-armv7l.tar.xz
3f6d4f35cb48cce8a88385b6790526f087ca9dbedf092b08ae521fd36e873610 node-v16.11.1-linux-ppc64le.tar.gz
707140addd8be88eb8a3180d68ecda6d443e0a1d19add98008bdc5c6292e475c node-v16.11.1-linux-ppc64le.tar.xz
07879bca5401e9e9f9979731b10041f3626e4e1d9c1c6313ec132aa85c275d47 node-v16.11.1-linux-s390x.tar.gz
855b5c83c2ccb05273d50bb04376335c68d47df57f3187cdebe1f22b972d2825 node-v16.11.1-linux-s390x.tar.xz
48fba5e9d60e12e777994dafba7b04449c3d0cd004340970fd674220e572a39e node-v16.11.1-linux-x64.tar.gz
493bcc9b660eff983a6de65a0f032eb2717f57207edf74c745bcb86e360310b3 node-v16.11.1-linux-x64.tar.xz
a23014fcf74c3647b0f80d81399389909e6ec1630909d03a133107370f806320 node-v16.11.1.pkg
8b5a54b284e524984772d34dc2efc68a10fc2f91db11390c6035ef2a9509ef2c node-v16.11.1.tar.gz
67587f4de25e30a9cc0b51a6033eca3bc82d7b4e0d79bb84a265e88f76ab6278 node-v16.11.1.tar.xz
a5d2683c8a478ed7bf9d6f77449ef03d984345efe75b00130f6f793ed621b6ed node-v16.11.1-win-x64.7z
4d3c179b82d42e66e321c3948a4e332ed78592917a69d38b86e3a242d7e62fb7 node-v16.11.1-win-x64.zip
388f54bb3a278002735273b4e023462502ce1dcf907736942f9f0bc9a665933d node-v16.11.1-win-x86.7z
57c1f78814b6cd581b4eadccd41bf88d0787559084d95dd9b504a0fef2aaabfe node-v16.11.1-win-x86.zip
f712bd1995c2f6b81450433554ae726c0ffa14b5dbbcef8c3462a0b58ac52fe8 node-v16.11.1-x64.msi
f4c40c7b235feefc59d3feda691035a2f62bd9d6989185abb8aacb6e23d955bb node-v16.11.1-x86.msi
974c1c0dda7a169a9d0b69fae1df16ed3b047dead2bffd9b55ce64743c5f842c win-x64/node.exe
7c94657df6918a77dc8edefaf3b5415dbfb9eb83a88c17d216a48c8c36fcc58d win-x64/node.lib
f95025f32ebb5f96a5b24800a99ab6cf09958711e22a56ce1e1c30d8f045bef4 win-x64/node_pdb.7z
fa09b1ccce293b63dfc65cf37d55ff4e43ccf31a068b16186f0a5e200fea96e2 win-x64/node_pdb.zip
758fd1300bfaa62c16d4f29663429255d6d0ff68fde4b6d0d0336b26f216127a win-x86/node.exe
8090f51a19ff2d5e765920262a4367203be2e69e64ac3725e4e14dd034c98443 win-x86/node.lib
e99cb2f53b864d8d3e98949b9989987a927c4c82cb6cb2a9ceb86ce13fb2a8fd win-x86/node_pdb.7z
1a7a58d93b3bf788cf34bdd6f8eff44b6dfadaa731d535ef3759da5ea64a42ed win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEdPEmArbxxOkT+qN606iWE2Q7YgEFAmFlqGkACgkQ06iWE2Q7
YgHZ4xAAuLEtlC+h00k3ZK5rJiQRXNBKv1s3TxDMj71n3wnaSID9zBDppu9KDTeb
ygOt1AbWkYvafPUdHngBtaaz64ah2DxRR9SU/fzkLVTVJDJ0g0th6d+S7eQfkvnH
mMY2E1c1XksCrbb9dvtvBXHAc/KE39vpkdNojiOv2kdedd3Mh1bOroqyUBJeJxLo
wK5Il2mI30DfNxM4D7JszNGbzSX3WP5SLt34S4feKWgM8gArqGuTZGp7pjH1lI3v
XXsuule3tDretGS3j0wuxqlc0Ose4OzSq+8jGpCMgquepJw5lZwN0i7EmB1Z/r1v
8b8iWfwWE+6j6QiNhu8bnyrulbwBUq0JitmbiHLlj5vDG1Wh/WE2bDVK6242ZLlJ
/PcN0gpY98ep2ib5MSRUWklm7+diO+BDAcRakDzYDmfSgXuyGjs9gYmuz7+n+2jF
vzWu0Hr5++mWw8DCoRYbH+/20Ki+vAGJRJxO0fHitwCKmpLCoJsVssMuJMklZdIl
n3atg4Fm7jPH7OfH7s41DGCvuf7YDNo5v3bci2XMwFiT7cg131Di5ajdKZi4KDY6
J+OfqwSmWQMSukIwfzVJxu7LCaU4MKHeUzLjMm+mBJow85eIBa0XG4gGsTbluHM2
EuckAiVSB4CwF6QAE+bReVCLYL1JfSKSIJfV6gX8VA+9uZDO7nw=
=9O8j
-----END PGP SIGNATURE-----

```
8 changes: 4 additions & 4 deletions source/_posts/2021-10-12-vulnerability-oct-2021-security-releases.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,9 +82,9 @@ llhttp v2.1.4와 v6.0.6에는 이 문제를 해결하는 수정이 포함되어
-->
## 다운로드와 릴리스 상세 내용

* [Node.js v12.22.7 (LTS)](https://nodejs.org/en/blog/release/v12.22.7/)
* [Node.js v14.18.1 (LTS)](https://nodejs.org/en/blog/release/v14.18.1/)
* [Node.js v16.11.1 (Current)](https://nodejs.org/en/blog/release/v16.11.1/)
* [Node.js v12.22.7(LTS)](/nodejs-ko/articles/2021/10/12/release-v12.22.7/)
* [Node.js v14.18.1(LTS)](/nodejs-ko/articles/2021/10/12/release-v14.18.1/)
* [Node.js v16.11.1(현재 버전)](/nodejs-ko/articles/2021/10/12/release-v16.11.1/)

---------------

Expand Down Expand Up @@ -144,4 +144,4 @@ Node.js의 취약점을 보고하고 싶다면

Node.js의 보안 취약점과 보안과 관련된 릴리스의 최신 정보를 얻으려면
<https://groups.google.com/forum/#!forum/nodejs-sec>에서 소수의 공지만 하는
nodejs-sec 메일링 리스트를 구독해 주세요. 이 프로젝트는 nodejs GitHub 조직에서 관리하고 있습니다.
nodejs-sec 메일링 리스트를 구독해 주세요. 이 프로젝트는 nodejs GitHub 조직에서 관리하고 있습니다.