0
0
mirror of https://github.com/nodejs/node.git synced 2024-12-01 16:10:02 +01:00
Commit Graph

290 Commits

Author SHA1 Message Date
Rod Vagg
1efdc5876d 2018-08-15, Version 8.11.4 'Carbon' (LTS)
This is a security release. All Node.js users should consult the
security release summary at:

  https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/

for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

  * CVE-2018-0732 (OpenSSL)
  * CVE-2018-12115 (Node.js)

Notable changes:

* buffer: Fix out-of-bounds (OOB) write in `Buffer.write()` for UCS-2 encoding
  (CVE-2018-12115)
* deps: Upgrade to OpenSSL 1.0.2p, fixing:
  * Client DoS due to large DH parameter (CVE-2018-0732)
  * ECDSA key extraction via local side-channel (CVE not assigned)
2018-08-16 11:52:38 +10:00
Rod Vagg
82ab9b336d 2018-08-15, Version 6.14.4 'Boron' (LTS)
This is a security release. All Node.js users should consult the
security release summary at:

  https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/

for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

  * CVE-2018-0732 (OpenSSL)
  * CVE-2018-12115 (Node.js)

Notable changes:

* buffer: Fix out-of-bounds (OOB) write in `Buffer.write()` for UCS-2 encoding
  (CVE-2018-12115)
* deps: Upgrade to OpenSSL 1.0.2p, fixing:
  * Client DoS due to large DH parameter (CVE-2018-0732)
  * ECDSA key extraction via local side-channel (CVE not assigned)
2018-08-16 11:52:38 +10:00
Michaël Zasso
27a5338c8a
2018-08-01, Version 10.8.0 (Current)
Notable changes:

* deps:
  * Upgrade npm to 6.2.0. (https://github.com/nodejs/node/pull/21592)
    * npm has moved. This release updates various URLs to point to the right
      places for bugs, support, and PRs.
    * Fix the regular expression matching in `xcode_emulation` in `node-gyp` to
      also handle version numbers with multiple-digit major versions which would
      otherwise break under use of XCode 10.
    * The npm tree has been *significantly* flattened. Tarball size for the npm
      package has gone from 8MB to 4.8MB.
    * Changelogs:
      https://github.com/npm/npm/releases/tag/v6.2.0-next.0
      https://github.com/npm/npm/releases/tag/v6.2.0-next.1
      https://github.com/npm/cli/releases/tag/v6.2.0)

PR-URL: https://github.com/nodejs/node/pull/22040
2018-08-01 20:54:26 +02:00
Michaël Zasso
bb87e41696
2018-07-18, Version 10.7.0 (Current)
Notable changes:

* console:
  * The `console.timeLog()` method has been implemented.
    (https://github.com/nodejs/node/pull/21312)
* deps:
  * Upgrade to libuv 1.22.0. (https://github.com/nodejs/node/pull/21731)
  * Upgrade to ICU 62.1 (Unicode 11, CLDR 33.1).
    (https://github.com/nodejs/node/pull/21728)
* http:
  * Added support for passing both `timeout` and `agent` options to
    `http.request`. (https://github.com/nodejs/node/pull/21204)
* inspector:
  * Expose the original console API in `require('inspector').console`.
    (https://github.com/nodejs/node/pull/21659)
* napi:
  * Added experimental support for functions dealing with bigint numbers.
    (https://github.com/nodejs/node/pull/21226)
* process:
  * The `process.hrtime.bigint()` method has been implemented.
    (https://github.com/nodejs/node/pull/21256)
  * Added the `--title` command line argument to set the process title on
    startup. (https://github.com/nodejs/node/pull/21477)
* trace_events:
  * Added process_name metadata.
    (https://github.com/nodejs/node/pull/21477)
* Added new collaborators
  * codebytere - Shelley Vohr

PR-URL: https://github.com/nodejs/node/pull/21851
2018-07-18 20:17:23 +02:00
Сковорода Никита Андреевич
195480a8bc doc: update changelog with 9.x EOL
This removes unsupported versions from the table, as those might confuse
people, execially given the
  > Release versions displayed in **bold** text represent the most
  > recent actively supported release.
remark below.

It was inconsistent to keep some of the EOL entries in the table while
removing others (v5.x, v7.x) -- this commit takes care of that.

Instead, release status is hinted in the branch list above, highlighting
two main branches -- Current and Active LTS.

Also update the link to the Release repo.

Refs: https://github.com/nodejs/Release/pull/351
PR-URL: https://github.com/nodejs/node/pull/21612
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Jon Moss <me@jonathanmoss.me>
2018-07-10 17:52:43 +03:00
Michaël Zasso
7951e6d26b
2018-07-04, Version 10.6.0 (Current)
Notable changes:

* dns:
  * An experimental promisified version of the dns module is now available. Give
    it a try with `require('dns').promises`. [#21264](https://github.com/nodejs/node/pull/21264)
* fs:
  * `fs.lchown` has been undeprecated now that libuv supports it. [#21498](https://github.com/nodejs/node/pull/21498)
* lib:
  * `Atomics.wake` is being renamed to `Atomics.notify` in the ECMAScript
    specification ([reference](https://github.com/tc39/ecma262/pull/1220)).
    Since Node.js now has experimental support for worker threads, we are being
    proactive and added a `notify` alias, while emitting a warning if
    `wake` is used. [#21413](https://github.com/nodejs/node/pull/21413) [#21518](https://github.com/nodejs/node/pull/21518)
* n-api:
  * Add API for asynchronous functions. [#17887](https://github.com/nodejs/node/pull/17887)
* util:
  * `util.inspect` is now able to return a result instead of throwing when the
    maximum call stack size is exceeded during inspection. [#20725](https://github.com/nodejs/node/pull/20725)
* vm:
  * Add `script.createCachedData()`. This API replaces the `produceCachedData`
    option of the `Script` constructor that is now deprecated. [#20300](https://github.com/nodejs/node/pull/20300)
* worker:
  * Support for relative paths has been added to the `Worker` constructor. Paths
    are interpreted relative to the current working directory. [#21407](https://github.com/nodejs/node/pull/21407)

PR-URL: https://github.com/nodejs/node/pull/21629
2018-07-04 20:06:26 +02:00
Michaël Zasso
680aeb3467
2018-16-20, Version 10.5.0 (Current)
Notable changes:

* **crypto**:
  * Support for `crypto.scrypt()` has been added.
    [#20816](https://github.com/nodejs/node/pull/20816)
* **fs**:
  * BigInt support has been added to `fs.stat` and `fs.watchFile`.
    [#20220](https://github.com/nodejs/node/pull/20220)
  * APIs that take `mode` as arguments no longer throw on values larger
    than `0o777`. [#20636](https://github.com/nodejs/node/pull/20636)
    [#20975](https://github.com/nodejs/node/pull/20975)
    (Fixes: [#20498](https://github.com/nodejs/node/issues/20498))
  * Fix crashes in closed event watchers.
    [#20985](https://github.com/nodejs/node/pull/20985)
    (Fixes: [#20297](https://github.com/nodejs/node/issues/20297))
* **Worker Threads**:
  * Support for multi-threading has been added behind the
    `--experimental-worker` flag in the `worker_threads` module.
    This feature is *experimental* and may receive breaking changes at
    any time. [#20876](https://github.com/nodejs/node/pull/20876)

PR-URL: https://github.com/nodejs/node/pull/21400
2018-06-20 20:39:16 +02:00
Evan Lucas
06cab45b2c 2018-06-12, Version 10.4.1 (Current)
Notable changes:

* **Fixes memory exhaustion DoS** (CVE-2018-7164): Fixes a bug introduced
    in 9.7.0 that increases the memory consumed when reading from the network
    into JavaScript using the net.Socket object directly as a stream.
* **http2**
  * (CVE-2018-7161): Fixes Denial of Service vulnerability by updating the
    http2 implementation to not crash under certain circumstances during cleanup
  * (CVE-2018-1000168): Fixes Denial of Service vulnerability by upgrading
    nghttp2 to 1.32.0
* **tls** (CVE-2018-7162): Fixes Denial of Service vulnerability by updating
    the TLS implementation to not crash upon receiving
* **n-api**: Prevent use-after-free in napi_delete_async_work

PR-URL: https://github.com/nodejs-private/node-private/pull/136
2018-06-12 18:54:17 -05:00
Evan Lucas
0fb290a347 2018-06-12, Version 9.11.2 (Maintenance)
Notable changes:

* **Fixes memory exhaustion DoS** (CVE-2018-7164): Fixes a bug introduced
    in 9.7.0 that increases the memory consumed when reading from the network
    into JavaScript using the net.Socket object directly as a stream.
* **buffer** (CVE-2018-7167): Fixes Denial of Service vulnerability where
    calling Buffer.fill() could hang
* **http2**
  * (CVE-2018-7161): Fixes Denial of Service vulnerability by updating the
    http2 implementation to not crash under certain circumstances during cleanup
  * (CVE-2018-1000168): Fixes Denial of Service vulnerability by upgrading
    nghttp2 to 1.32.0
* **tls** (CVE-2018-7162): Fixes Denial of Service vulnerability by updating
    the TLS implementation to not crash upon receiving

PR-URL: https://github.com/nodejs-private/node-private/pull/135
2018-06-12 18:54:17 -05:00
Evan Lucas
4913bd41f1 2018-06-12, Version 8.11.3 (LTS)
Notable changes:

* **buffer** (CVE-2018-7167): Fixes Denial of Service vulnerability
    where calling Buffer.fill() could hang
* **http2**
  * (CVE-2018-7161): Fixes Denial of Service vulnerability by
      updating the http2 implementation to not crash under
      certain circumstances during cleanup
  * (CVE-2018-1000168): Fixes Denial of Service vulnerability
      by upgrading nghttp2 to 1.32.0

PR-URL: https://github.com/nodejs-private/node-private/pull/126
2018-06-12 18:54:17 -05:00
Evan Lucas
fbc68a5cea 2018-06-12, Version 6.14.3 (LTS)
Notable changes:

* **buffer** (CVE-2018-7167): Fixes Denial of Service
    vulnerability where calling Buffer.fill() could hang

PR-URL: https://github.com/nodejs-private/node-private/pull/134
2018-06-12 18:31:11 -05:00
Myles Borins
e5d9198352
2018-06-06, Version 10.4.0 (Current)
Notable Changes:

* **deps**:
 - update V8 to 6.7.288.43 (Michaël Zasso)
   https://github.com/nodejs/node/pull/19989
* **stream**:
  - ensure Stream.pipeline re-throws errors without callback (Blaine Bublitz)
    https://github.com/nodejs/node/pull/20437

PR-URL: https://github.com/nodejs/node/pull/21167
2018-06-06 16:23:34 +02:00
Myles Borins
9ae658e362
2018-05-29, Version 10.3.0 (Current)
Notable Changes:

* **deps**:
  - upgrade npm to 6.1.0 (Rebecca Turner)
    https://github.com/nodejs/node/pull/20190
* **fs**:
  - fix reads with pos \> 4GB (Mathias Buus)
    https://github.com/nodejs/node/pull/21003
* **net**:
  - new option to allow IPC servers to be readable and writable
    by all users (Bartosz Sosnowski)
    https://github.com/nodejs/node/pull/19472
* **stream**:
  - fix removeAllListeners() for Stream.Readable to work as expected
    when no arguments are passed (Kael Zhang)
    https://github.com/nodejs/node/pull/20924
* **Added new collaborators**
  - John-David Dalton (https://github.com/jdalton)

PR-URL: https://github.com/nodejs/node/pull/21011
2018-05-29 19:44:55 +02:00
Teddy Katz
6d3940e558
doc: mark Node 4 as EOL in changelog
Node 4 has been unsupported since 2018-05-01, but the changelog was out
of date and said that Node 4 was still in LTS.

PR-URL: https://github.com/nodejs/node/pull/20926
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Weijia Wang <starkwang@126.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Khaidi Chu <i@2333.moe>
Reviewed-By: Yuta Hiroto <hello@hiroppy.me>
Reviewed-By: Matheus Marchini <matheus@sthima.com>
2018-05-26 12:51:22 -04:00
Myles Borins
6caecc614a
2018-05-24, Version 10.2.1 (Current)
This is a follow up release to fix two regressions that were introduced
in v10.2.0.

PR-URL: https://github.com/nodejs/node/pull/20943
2018-05-24 16:08:57 -04:00
Anna Henningsen
82f18118ff
2018-05-23, Version 10.2.0 (Current)
* addons:
  - Fixed a memory leak for users of `AsyncResource` and N-API.
    (Michael Dawson)
    https://github.com/nodejs/node/pull/20668
* assert:
  - The `error` parameter of `assert.throws()` can be an object containing
    regular expressions now. (Ruben Bridgewater)
    https://github.com/nodejs/node/pull/20485
* crypto:
  - The `authTagLength` option has been made more flexible (Tobias Nießen)
    https://github.com/nodejs/node/pull/20235)
    https://github.com/nodejs/node/pull/20039
* esm:
  - Builtin modules (e.g. `fs`) now provide named exports in ES6 modules.
    (Gus Caplan)
    https://github.com/nodejs/node/pull/20403
* http:
  - Handling of `close` and `aborted` events has been made more consistent.
    (Robert Nagy)
    https://github.com/nodejs/node/pull/20075
    https://github.com/nodejs/node/pull/20611
* module:
  - add --preserve-symlinks-main (David Goldstein)
    https://github.com/nodejs/node/pull/19911
* timers:
  - `timeout.refresh()` has been added to the public API.
    (Jeremiah Senkpiel)
    https://github.com/nodejs/node/pull/20298
* Embedder support:
  - Functions for creating V8 `Isolate` and `Context` objects with
    Node.js-specific behaviour have been added to the API.
    (Allen Yonghuang Wang)
    https://github.com/nodejs/node/pull/20639
  - Node.js `Environment`s clean up resources before exiting now.
    (Anna Henningsen)
    https://github.com/nodejs/node/pull/19377
  - Support for multi-threaded embedding has been improved.
    (Anna Henningsen)
    https://github.com/nodejs/node/pull/20542
    https://github.com/nodejs/node/pull/20539
    https://github.com/nodejs/node/pull/20541

PR-URL: https://github.com/nodejs/node/pull/20724
2018-05-23 19:08:39 -04:00
Myles Borins
2e7ea6e061
2018-05-15, Version 8.11.2 'Carbon' (LTS)
Notable Changes:

deps:
  - update node-inspect to 1.11.3 (Jan Krems)
    https://github.com/nodejs/node/pull/18354
  - update nghttp2 to 1.29.0 (James M Snell)
    https://github.com/nodejs/node/pull/17908
http2:
  - Sync with current release stream
n-api:
  - Sync with current release stream

PR-URL: https://github.com/nodejs/node/pull/20478
2018-05-15 17:29:03 -04:00
Myles Borins
2c0fc3bd89
2018-05-08, Version 10.1.0 (Current)
Notable Changes:

* console:
  - make console.table() use colored inspect (TSUYUSATO Kitsune)
    https://github.com/nodejs/node/pull/20510
* fs:
  - move fs/promises to fs.promises (cjihrig)
    https://github.com/nodejs/node/pull/20504
* http:
  - added aborted property to request (Robert Nagy)
    https://github.com/nodejs/node/pull/20094
* n-api:
  - initialize a module via a special symbol (Gabriel Schulhof)
    https://github.com/nodejs/node/pull/20161
* src:
  - add public API to expose the main V8 Platform (Allen Yonghuang Wang)
    https://github.com/nodejs/node/pull/20447

PR-URL: https://github.com/nodejs/node/pull/20606
2018-05-08 19:42:16 -07:00
Myles Borins
c6d3b37650
2018-04-30, Version 6.14.2 'Boron' (LTS)
Notable Change:

* n-api:
  - n-api has been backported to v6.x. It is being landed as an experimental interface,
    and as such is landing in a Semver-Patch release. (Gabriel Schulhof)
    https://github.com/nodejs/node/pull/19447

PR-URL: https://github.com/nodejs/node/pull/19996
2018-04-30 13:42:22 -04:00
James M Snell
0cca27b3ff 2018-04-24, Version 10.0.0 (Current)
* Assert
  * Calling `assert.fail()` with more than one argument is deprecated. #70dcacd710
  * Calling `assert.ok()` with no arguments will now throw. #3cd7977a42
  * Calling `assert.ifError()` will now throw with any argument other than `undefined` or `null`. Previously the method would throw with any truthy value. #e65a6e81ef
  * The `assert.rejects()` and `assert.doesNotReject()` methods have been added for working with async functions. #599337f43e
* Async_hooks
  * Older experimental async_hooks APIs have been removed. #1cc6b993b9
* Buffer
  * Uses of `new Buffer()` and `Buffer()` outside of the `node_modules` directory will now emit a runtime deprecation warning. #9d4ab90117
  * `Buffer.isEncoding()` now returns `undefined` for falsy values, including an empty string. #452eed956e
  * `Buffer.fill()` will throw if an attempt is made to fill with an empty `Buffer`. #1e802539b2
* Child Process
  * Undefined properties of env are ignored. #38ee25e2e2, #85739b6c5b
* Console
  * The `console.table()` method has been added. #97ace04492
* Crypto
  * The `crypto.createCipher()` and `crypto.createDecipher()` methods have been deprecated. Please use `crypto.createCipheriv()` and `crypto.createDecipheriv()` instead. #81f88e30dd
  * The `decipher.finaltol()` method has been deprecated. #19f3927d92
  * The `crypto.DEFAULT_ENCODING` property has been deprecated. #6035beea93
  * The `ECDH.convertKey()` method has been added. #f2e02883e7
  * The `crypto.fips` property has been deprecated. #6e7992e8b8
* Dependencies
  * V8 has been updated to 6.6. #9daebb48d6
  * OpenSSL has been updated to 1.1.0h. #66cb29e646
* EventEmitter
  * The `EventEmitter.prototype.off()` method has been added as an alias for `EventEmitter.prototype.removeListener()`. #3bb6f07d52
* File System
  * The `fs.promises` API provides experimental promisified versions of the `fs` functions. #329fc78e49
  * Invalid path errors are now thrown synchronously. #d8f73385e2
  * The `fs.readFile()` method now partitions reads to avoid thread pool exhaustion. #67a4ce1c6e
* HTTP
  * Processing of HTTP Status codes `100`, `102-199` has been improved. #baf8495078
  * Multi-byte characters in URL paths are now forbidden. #b961d9fd83
* N-API
  * The n-api is no longer experimental. #cd7d7b15c1
* Net
  * The `'close'` event will be emitted after `'end'`. #9b7a6914a7
* Perf_hooks
  * The `PerformanceObserver` class is now an `AsyncResource` and can be monitored using `async_hooks`. #009e41826f
  * Trace events are now emitted for performance events. #9e509b622b
  * The `performance` API has been simplified. #2ec6995555
  * Performance milestone marks will be emitted as trace events. #96cb4fb795
* Process
  * Using non-string values for `process.env` is deprecated. #5826fe4e79
  * The `process.assert()` method is deprecated. #703e37cf3f
* REPL
  * REPL now experimentally supports top-level await when using the `--experimental-repl-await` flag. #eeab7bc068
  * The previously deprecated "magic mode" has been removed. #4893f70d12
  * The previously deprecated `NODE_REPL_HISTORY_FILE` environment variable has been removed. #60c9ad7979
  * Proxy objects are shown as Proxy objects when inspected. #90a43906ab
* Streams
  * The `'readable'` event is now always deferred with nextTick. #1e0f3315c7
  * A new `pipeline()` method has been provided for building end-to-data stream pipelines. #a5cf3feaf1
  * Experimental support for async for-await has been added to `stream.Readable`. #61b4d60c5d
* Timers
  * The `enroll()` and `unenroll()` methods have been deprecated. #68783ae0b8
* TLS
  * The `tls.convertNONProtocols()` method has been deprecated. #9204a0db6e
  * Support for NPN (next protocol negotiation) has been dropped. #5bfbe5ceae
  * The `ecdhCurve` default is now `'auto'`. #af78840b19
* Trace Events
  * A new `trace_events` top-level module allows trace event categories to be enabled/disabld at runtime. #da5d818a54
* URL
  * The WHATWG URL API is now a global. #312414662b
* Util
  * `util.types.is[…]` type checks have been added. #b20af8088a
  * Support for bigint formatting has been added to `util.inspect()`. #39dc947409
2018-04-24 12:02:31 -07:00
Myles Borins
49e9893d85
2018-04-05, Version 9.11.1 (Current)
Notable changes:

An infrastructure issue caused a non-functioning msi installer for x64 to be promoted.
The patch release is to ensure that all binaries and installers work as expected.
2018-04-05 01:20:09 -04:00
Michaël Zasso
67cce8d68a
2018-04-04, Version 9.11.0 (Current)
Notable changes:

* deps:
  - Updated ICU to 61.1 (Steven R. Loomis)
    [#19621](https://github.com/nodejs/node/pull/19621)
    Includes CLDR 33 (many new languages and data improvements).
* fs:
  - Emit 'ready' event for `ReadStream` and `WriteStream` (Sameer
    Srivastava) [#19408](https://github.com/nodejs/node/pull/19408)
* n-api:
  - Bump version of n-api supported (Michael Dawson)
    [#19497](https://github.com/nodejs/node/pull/19497)
* net:
  - Emit 'ready' event for `Socket` (Sameer Srivastava)
    [#19408](https://github.com/nodejs/node/pull/19408)
* Added new collaborators
  - [mafintosh](https://github.com/mafintosh) Mathias Buus
2018-04-04 17:17:17 -04:00
Myles Borins
1e0e988430
2018-03-29, Version 9.10.1 (Current)
Notable changes:

No additional commits.

Due to incorrect staging of the upgrade to the GCC 4.9.X compiler, the
latest releases for PPC little endian were built using GCC 4.9.X
instead of GCC 4.8.X. This caused an ABI breakage on PPCLE based
environments. This has been fixed in our infrastructure and we are
doing this release to ensure that the hosted binaries are adhering to
our platform support contract.

Note that Node.js versions 10.X and later will be built with version
4.9.X or later of the GCC compiler, and it is possible that Node.js
version 9.X may be built on the 4.9.X compiler at a later time as the
stated minimum compiler requirement for Node.js version 9.X is 4.9.4.

Refs: https://github.com/nodejs/node/blob/v9.x/BUILDING.md
PR-URL: https://github.com/nodejs/node/pull/19678
2018-03-29 23:38:20 -04:00
Myles Borins
ea4c69676a
2018-03-29, Version 8.11.1 'Carbon' (LTS)
Notable changes:

No additional commits.

Due to incorrect staging of the upgrade to the GCC 4.9.X compiler, the
latest releases for PPC little endian were built using GCC 4.9.X
instead of GCC 4.8.X. This caused an ABI breakage on PPCLE based
environments. This has been fixed in our infrastructure and we are
doing this release to ensure that the hosted binaries are adhering to
our platform support contract.

Note that Node.js versions 10.X and later will be built with version
4.9.X or later of the GCC compiler, and it is possible that Node.js
version 8.X may be built on the 4.9.X compiler at a later time as the
stated minimum compiler requirement for Node.js version 8.X is 4.9.4.

Refs: https://github.com/nodejs/node/blob/v8.x/BUILDING.md
PR-URL: https://github.com/nodejs/node/pull/19679
2018-03-29 23:38:03 -04:00
Myles Borins
b5e9fcfa4e
2018-03-29, Version 6.14.1 'Boron' (LTS)
Notable changes:

No additional commits.

Due to incorrect staging of the upgrade to the GCC 4.9.X compiler, the
latest releases for PPC little endian were built using GCC 4.9.X
instead of GCC 4.8.X. This caused an ABI breakage on PPCLE based
environments. This has been fixed in our infrastructure and we are
doing this release to ensure that the hosted binaries are adhering to
our platform support contract.

PR-URL: https://github.com/nodejs/node/pull/19680
2018-03-29 23:36:33 -04:00
Myles Borins
b3cb8ce111
2018-03-29, Version 4.9.1 'Argon' (Maintenance)
Notable changes:

No additional commits.

Due to incorrect staging of the upgrade to the GCC 4.9.X compiler, the
latest releases for PPC little endian were built using GCC 4.9.X
instead of GCC 4.8.X. This caused an ABI breakage on PPCLE based
environments. This has been fixed in our infrastructure and we are
doing this release to ensure that the hosted binaries are adhering to
our platform support contract.

PR-URL: https://github.com/nodejs/node/pull/19681
2018-03-29 23:36:33 -04:00
Michaël Zasso
80310e916a
2018-03-28, Version 9.10.0 (Current)
This is a security release. All Node.js users should consult the
security release summary at:

https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/

for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

* CVE-2018-7158
* CVE-2018-7159
* CVE-2018-7160

Notable changes:

* Upgrade to OpenSSL 1.0.2o: Does not contain any security fixes that
  are known to impact Node.js.
* **Fix for inspector DNS rebinding vulnerability (CVE-2018-7160)**:
  A malicious website could use a DNS rebinding attack to trick a web
  browser to bypass same-origin-policy checks and allow HTTP
  connections to localhost or to hosts on the local network,
  potentially to an open inspector port as a debugger, therefore
  gaining full code execution access. The inspector now only allows
  connections that have a browser `Host` value of `localhost` or
  `localhost6`.
* **Fix for `'path'` module regular expression denial of service
  (CVE-2018-7158)**: A regular expression used for parsing POSIX an
  Windows paths could be used to cause a denial of service if an
  attacker were able to have a specially crafted path string passed
  through one of the impacted `'path'` module functions.
* **Reject spaces in HTTP `Content-Length` header values
  (CVE-2018-7159)**: The Node.js HTTP parser allowed for spaces inside
  `Content-Length` header values. Such values now lead to rejected
  connections in the same way as non-numeric values.
* **Update root certificates**: 5 additional root certificates have
  been added to the Node.js binary and 30 have been removed.

* cluster:
  - Add support for `NODE_OPTIONS="--inspect"` (Sameer Srivastava)
    https://github.com/nodejs/node/pull/19165
* crypto:
  - Expose the public key of a certificate (Hannes Magnusson)
    https://github.com/nodejs/node/pull/17690
* n-api:
  - Add `napi_fatal_exception` to trigger an `uncaughtException` in
    JavaScript (Mathias Buus)
    https://github.com/nodejs/node/pull/19337
* path:
  - Fix regression in `posix.normalize` (Michaël Zasso)
    https://github.com/nodejs/node/pull/19520
* stream:
  - Improve stream creation performance (Brian White)
    https://github.com/nodejs/node/pull/19401
* Added new collaborators
  - [BethGriggs](https://github.com/BethGriggs) Beth Griggs

PR-URL: https://github.com/nodejs-private/node-private/pull/111
2018-03-28 12:21:10 -04:00
Myles Borins
b2a6c97452
2018-03-28, Version 8.11.0 'Carbon' (LTS)
This is a security release. All Node.js users should consult the
security release summary at:

https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/

for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

* CVE-2018-7158
* CVE-2018-7159
* CVE-2018-7160

Notable changes:

* Upgrade to OpenSSL 1.0.2o: Does not contain any security fixes that
  are known to impact Node.js.
* **Fix for inspector DNS rebinding vulnerability (CVE-2018-7160)**:
  A malicious website could use a DNS rebinding attack to trick a web
  browser to bypass same-origin-policy checks and allow HTTP
  connections to localhost or to hosts on the local network,
  potentially to an open inspector port as a debugger, therefore
  gaining full code execution access. The inspector now only allows
  connections that have a browser `Host` value of `localhost` or
  `localhost6`.
* **Fix for `'path'` module regular expression denial of service
  (CVE-2018-7158)**: A regular expression used for parsing POSIX an
  Windows paths could be used to cause a denial of service if an
  attacker were able to have a specially crafted path string passed
  through one of the impacted `'path'` module functions.
* **Reject spaces in HTTP `Content-Length` header values
  (CVE-2018-7159)**: The Node.js HTTP parser allowed for spaces inside
  `Content-Length` header values. Such values now lead to rejected
  connections in the same way as non-numeric values.
* **Update root certificates**: 5 additional root certificates have
  been added to the Node.js binary and 30 have been removed.

PR-URL: https://github.com/nodejs-private/node-private/pull/112
2018-03-28 12:20:46 -04:00
Myles Borins
ffbcd1d1d1
2018-03-28, Version 6.14.0 'Boron' (LTS)
This is a security release. All Node.js users should consult the
security release summary at:

https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/

for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

* CVE-2018-7158
* CVE-2018-7159
* CVE-2018-7160

Notable changes:

* Upgrade to OpenSSL 1.0.2o: Does not contain any security fixes that
  are known to impact Node.js.
* **Fix for inspector DNS rebinding vulnerability (CVE-2018-7160)**:
  A malicious website could use a DNS rebinding attack to trick a web
  browser to bypass same-origin-policy checks and allow HTTP
  connections to localhost or to hosts on the local network,
  potentially to an open inspector port as a debugger, therefore
  gaining full code execution access. The inspector now only allows
  connections that have a browser `Host` value of `localhost` or
  `localhost6`.
* **Fix for `'path'` module regular expression denial of service
  (CVE-2018-7158)**: A regular expression used for parsing POSIX an
  Windows paths could be used to cause a denial of service if an
  attacker were able to have a specially crafted path string passed
  through one of the impacted `'path'` module functions.
* **Reject spaces in HTTP `Content-Length` header values
  (CVE-2018-7159)**: The Node.js HTTP parser allowed for spaces inside
  `Content-Length` header values. Such values now lead to rejected
  connections in the same way as non-numeric values.
* **Update root certificates**: 5 additional root certificates have
  been added to the Node.js binary and 30 have been removed.

PR-URL: https://github.com/nodejs-private/node-private/pull/113
2018-03-28 12:19:33 -04:00
Myles Borins
ebe51d6492
2018-03-28, Version 4.9.0 'Argon' (Maintenance)
This is a security release. All Node.js users should consult the
security release summary at:

https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/

for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

* CVE-2018-7158
* CVE-2018-7159

Notable Changes:

* Upgrade to OpenSSL 1.0.2o: Does not contain any security fixes that
  are known to impact Node.js.
* **Fix for `'path'` module regular expression denial of service
  (CVE-2018-7158)**: A regular expression used for parsing POSIX an
  Windows paths could be used to cause a denial of service if an
  attacker were able to have a specially crafted path string passed
  through one of the impacted `'path'` module functions.
* **Reject spaces in HTTP `Content-Length` header values
  (CVE-2018-7159)**: The Node.js HTTP parser allowed for spaces inside
  `Content-Length` header values. Such values now lead to rejected
  connections in the same way as non-numeric values.
* **Update root certificates**: 5 additional root certificates have
  been added to the Node.js binary and 30 have been removed.

PR-URL: https://github.com/nodejs-private/node-private/pull/110
2018-03-28 12:18:57 -04:00
Myles Borins
0ac4ef9a4c
doc: fix changelog
s/9\.7\.1/9\.8\.0

PR-URL: https://github.com/nodejs/node/pull/19515
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
2018-03-21 16:13:53 +00:00
Myles Borins
0fc3592255
2018-03-21, Version 9.9.0 (Current)
Notable changes:

* assert:
  - From now on all error messages produced by `assert` in strict mode
    will produce a error diff. (Ruben Bridgewater)
    https://github.com/nodejs/node/pull/17615
  - From now on it is possible to use a validation object in throws
    instead of the other possibilities. (Ruben Bridgewater)
    https://github.com/nodejs/node/pull/17584
* crypto:
  - allow passing null as IV unless required (Tobias Nießen)
    https://github.com/nodejs/node/pull/18644
* fs:
  - support as and as+ flags in stringToFlags() (Sarat Addepalli)
    https://github.com/nodejs/node/pull/18801
* tls:
  - expose Finished messages in TLSSocket (Anton Salikhmetov)
    https://github.com/nodejs/node/pull/19102
* tty:
  - Add getColorDepth function to determine if terminal supports colors
    (Ruben Bridgewater) https://github.com/nodejs/node/pull/17615
* util:
  - add util.inspect compact option (Ruben Bridgewater)
    https://github.com/nodejs/node/pull/17576
* **Added new collaborators**
  - [watson](https://github.com/watson) Thomas Watson

PR-URL: https://github.com/nodejs/node/pull/19428
2018-03-21 15:47:12 +00:00
Myles Borins
282e65cfe3
2018-03-07, Version 9.8.0 (Current)
Notable Changes:

* crypto:
  - add cert.fingerprint256 as SHA256 fingerprint (Hannes Magnusson)
    https://github.com/nodejs/node/pull/17690
* http2:
  - Fixed issues with aborted connections in the HTTP/2 implementation
    (Anna Henningsen)
    https://github.com/nodejs/node/pull/18987
    https://github.com/nodejs/node/pull/19002
* loader:
  - --inspect-brk now works properly for esmodules (Gus Caplan)
    https://github.com/nodejs/node/pull/18949
* src:
  - make process.dlopen() load well-known symbol (Ben Noordhuis)
    https://github.com/nodejs/node/pull/18934
* trace_events:
  - add file pattern cli option (Andreas Madsen)
    https://github.com/nodejs/node/pull/18480
* Added new collaborators:
  - Chen Gang (MoonBall) https://github.com/MoonBall

PR-URL: https://github.com/nodejs/node/pull/19181
2018-03-07 17:54:36 -08:00
Gibson Fahnestock
fc9ddd9cd9 2018-03-06 Version 8.10.0 'Carbon' (LTS)
Notable changes:

* deps:
  * update V8 to 6.2.414.46 (Michaël Zasso) [#16413](https://github.com/nodejs/node/pull/16413)
  * revert ABI breaking changes in V8 6.2 (Anna Henningsen) [#16413](https://github.com/nodejs/node/pull/16413)
  * upgrade libuv to 1.19.1 (cjihrig) [#18260](https://github.com/nodejs/node/pull/18260)
  * re land npm 5.6.0 (Myles Borins) [#18625](https://github.com/nodejs/node/pull/18625)
  * ICU 60 bump (Steven R. Loomis) [#16876](https://github.com/nodejs/node/pull/16876)
* crypto:
  * Support both OpenSSL 1.1.0 and 1.0.2 (David Benjamin) [#16130](https://github.com/nodejs/node/pull/16130)
  * warn on invalid authentication tag length (Tobias Nießen) [#17566](https://github.com/nodejs/node/pull/17566)
* async_hooks:
  * update defaultTriggerAsyncIdScope for perf (Anatoli Papirovski) [#18004](https://github.com/nodejs/node/pull/18004)
  * use typed array stack as fast path (Anna Henningsen) [#17780](https://github.com/nodejs/node/pull/17780)
  * use scope for defaultTriggerAsyncId (Andreas Madsen) [#17273](https://github.com/nodejs/node/pull/17273)
  * separate missing from default context (Andreas Madsen) [#17273](https://github.com/nodejs/node/pull/17273)
  * rename initTriggerId (Andreas Madsen) [#17273](https://github.com/nodejs/node/pull/17273)
  * deprecate undocumented API (Andreas Madsen) [#16972](https://github.com/nodejs/node/pull/16972)
  * add destroy event for gced AsyncResources (Sebastian Mayr) [#16998](https://github.com/nodejs/node/pull/16998)
  * add trace events to async_hooks (Andreas Madsen) [#15538](https://github.com/nodejs/node/pull/15538)
  * set HTTPParser trigger to socket (Andreas Madsen) [#18003](https://github.com/nodejs/node/pull/18003)
  * add provider types for net server (Andreas Madsen) [#17157](https://github.com/nodejs/node/pull/17157)
* n-api:
  * add helper for addons to get the event loop (Anna Henningsen) [#17109](https://github.com/nodejs/node/pull/17109)
* cli:
  * add --stack-trace-limit to NODE_OPTIONS (Anna Henningsen) [#16495](https://github.com/nodejs/node/pull/16495)
* console:
  * add support for console.debug (Benjamin Zaslavsky) [#17033](https://github.com/nodejs/node/pull/17033)
* module:
  * add builtinModules (Jon Moss) [#16386](https://github.com/nodejs/node/pull/16386)
  * replace default paths in require.resolve() (cjihrig) [#17113](https://github.com/nodejs/node/pull/17113)
* src:
  * add helper for addons to get the event loop (Anna Henningsen) [#17109](https://github.com/nodejs/node/pull/17109)
  * add process.ppid (cjihrig) [#16839](https://github.com/nodejs/node/pull/16839)
* http:
  * support generic `Duplex` streams (Anna Henningsen) [#16267](https://github.com/nodejs/node/pull/16267)
  * add rawPacket in err of `clientError` event (XadillaX) [#17672](https://github.com/nodejs/node/pull/17672)
  * better support for IPv6 addresses (Mattias Holmlund) [#14772](https://github.com/nodejs/node/pull/14772)
* net:
  * remove ADDRCONFIG DNS hint on Windows (Bartosz Sosnowski) [#17662](https://github.com/nodejs/node/pull/17662)
* process:
  * fix reading zero-length env vars on win32 (Anna Henningsen) [#18463](https://github.com/nodejs/node/pull/18463)
* tls:
  * unconsume stream on destroy (Anna Henningsen) [#17478](https://github.com/nodejs/node/pull/17478)
* process:
  * improve unhandled rejection message (Madara Uchiha) [#17158](https://github.com/nodejs/node/pull/17158)
* stream:
  * remove usage of *State.highWaterMark (Calvin Metcalf) [#12860](https://github.com/nodejs/node/pull/12860)
* trace_events:
  * add executionAsyncId to init events (Andreas Madsen) [#17196](https://github.com/nodejs/node/pull/17196)

PR-URL: https://github.com/nodejs/node/pull/18336
2018-03-07 01:00:43 +00:00
Myles Borins
4e15679c02
2018-03-06, Version 6.13.1 'Boron' (LTS)
Notable Changes:

* http, tls:
  - better support for IPv6 addresses (Mattias Holmlund)
    https://github.com/nodejs/node/pull/14772

PR-URL: https://github.com/nodejs/node/pull/19027
2018-03-06 12:03:41 -08:00
Rod Vagg
197fbbed55 2018-03-01, Version 9.7.0 (Current)
Notable Changes:

* **libuv**:
  - Updated to libuv 1.19.2 (Colin Ihrig) [#18918](https://github.com/nodejs/node/pull/18918)

* **src**:
  - Add initial support for Node.js-specific post-mortem metadata (Matheus Marchini) [#14901](https://github.com/nodejs/node/pull/14901)

* **timers**:
  - The return value of `setImmediate()` now has `ref()` and `unref()` methods (Anatoli Papirovski) [#18139](https://github.com/nodejs/node/pull/18139)

* **util**:
  - It is now possible to get the name for a numerical platform-specific error code as a string (Joyee Cheung) [#18186](https://github.com/nodejs/node/pull/18186)

PR-URL: https://github.com/nodejs/node/pull/19040
Prepared-By: Anna Henningsen <anna@addaleax.net>
2018-03-01 20:47:02 +11:00
estrada9166
a29089d7c8
doc: add new documentation lint rule
Add 80 characters limit to docs.
Change docs to fit 80 characters per row.

PR-URL: https://github.com/nodejs/node/pull/18726
Fixes: https://github.com/nodejs/node/issues/18703
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
2018-02-23 16:26:29 +00:00
Myles Borins
8476815f01
2018-02-22, Version 9.6.1 (Current)
Notable changes:

* events:
  - `events.usingDomains` being set to false by default was removed in
    9.6.0 which was a change in behavior compared to 9.5.0. This
    behavior change has been reverted and the `events` object now has
    `usingDomains` preset to `false`, which is the behavior in 9.x
    prior to 9.6.0 (Myles Borins)
    https://github.com/nodejs/node/pull/18944

PR-URL: https://github.com/nodejs/node/pull/18946
2018-02-22 23:04:01 -05:00
Myles Borins
945eb1bb69
2018-02-22, Version 9.6.0 (Current)
Notable changes:

* async_hooks:
  - deprecate unsafe emit{Before,After} (Ali Ijaz Sheikh)
    https://github.com/nodejs/node/pull/18513
  - rename PromiseWrap.parentId to PromiseWrap.isChainedPromise
    (Ali Ijaz Sheikh) https://github.com/nodejs/node/pull/18633
* deps:
  - update node-inspect to 1.11.3 (Jan Krems)
    https://github.com/nodejs/node/pull/18354
  - ICU 60.2 bump (Steven R. Loomis)
    https://github.com/nodejs/node/pull/17687
  - Introduce ScriptOrModule and HostDefinedOptions to V8 (Jan Krems)
    https://github.com/nodejs/node/pull/16889
* http:
  - add options to http.createServer() for `IncomingMessage` and
    `ServerReponse` (Peter Marton)
    https://github.com/nodejs/node/pull/15752
* http2:
  - add http fallback options to .createServer (Peter Marton)
    https://github.com/nodejs/node/pull/15752
* https:
  - Adds the remaining options from tls.createSecureContext() to the
    string generated by Agent#getName(). This allows https.request()
    to accept the options and generate unique sockets appropriately.
    (Jeff Principe)
    https://github.com/nodejs/node/pull/16402
* inspector:
  - --inspect-brk for es modules (Guy Bedford)
    https://github.com/nodejs/node/pull/18194
* lib:
  - allow process kill by signal number (Sam Roberts)
    https://github.com/nodejs/node/pull/16944
* module:
  - enable dynamic import (Myles Borins)
    https://github.com/nodejs/node/pull/18387
  - dynamic import is now supported (Jan Krems)
    https://github.com/nodejs/node/pull/15713
* napi:
  - add methods to open/close callback scope (Michael Dawson)
    https://github.com/nodejs/node/pull/18089
* src:
  - allow --perf-(basic-)?prof in NODE_OPTIONS (Leko)
    https://github.com/nodejs/node/pull/17600
* vm:
  - add support for es modules (Gus Caplan)
    https://github.com/nodejs/node/pull/17560

PR-URL: https://github.com/nodejs/node/pull/18902
2018-02-22 12:02:49 -05:00
Myles Borins
60e612d0b0
2018-01-13, Version 6.13.0 'Boron' (LTS)
This LTS release comes with 112 commits, 17 of which are considered
Semver-Minor. This includes 32 which are doc related, 30 which are test
related, 8 which are build / tool related and 1 commit which updates
a dependency.

Notable Changes:

* console:
  - added console.count() and console.clear() (James M Snell)
    https://github.com/nodejs/node/pull/12678
* crypto:
  - expose ECDH class (Bryan English)
    https://github.com/nodejs/node/pull/8188
  - added cypto.randomFill() and crypto.randomFillSync() (Evan Lucas)
    https://github.com/nodejs/node/pull/10209
  - warn on invalid authentication tag length (Tobias Nießen)
    https://github.com/nodejs/node/pull/17566
* deps:
  - upgrade libuv to 1.16.1 (cjihrig)
    https://github.com/nodejs/node/pull/16835
* dgram:
  - added socket.setMulticastInterface() (Will Young)
    https://github.com/nodejs/node/pull/7855
* http:
  - add agent.keepSocketAlive and agent.reuseSocket as to allow
    overridable keep-alive behavior of `Agent` (Fedor Indutny)
    https://github.com/nodejs/node/pull/13005
* lib:
  - return this from net.Socket.end() (Sam Roberts)
    https://github.com/nodejs/node/pull/13481
* module:
  - add builtinModules api that provides list of all builtin modules in
    Node (Jon Moss)
    https://github.com/nodejs/node/pull/16386
* net:
  - return this from getConnections() (Sam Roberts)
    https://github.com/nodejs/node/pull/13553
* promises:
  - more robust stringification for unhandled rejections (Timothy Gu)
    https://github.com/nodejs/node/pull/13784
* repl:
  - improve require() autocompletion (Alexey Orlenko)
    https://github.com/nodejs/node/pull/14409
* src:
  - add openssl-system-ca-path configure option (Daniel Bevenius)
    https://github.com/nodejs/node/pull/16790
  - add --use-bundled-ca --use-openssl-ca check (Daniel Bevenius)
    https://github.com/nodejs/node/pull/12087
  - add process.ppid (cjihrig)
    https://github.com/nodejs/node/pull/16839
* tls:
  - accept `lookup` option for `tls.connect()` (Fedor Indutny)
    https://github.com/nodejs/node/pull/12839
* tools, build:
  - a new macOS installer! (JP Wesselink)
    https://github.com/nodejs/node/pull/15179
* url:
  - WHATWG URL api support (James M Snell)
    https://github.com/nodejs/node/pull/7448
* util:
  - add %i and %f formatting specifiers (Roman Reiss)
    https://github.com/nodejs/node/pull/10308

PR-URL: https://github.com/nodejs/node/pull/18342
2018-02-13 14:01:52 -05:00
Evan Lucas
83d0f4c92b 2018-01-31, Version 9.5.0 (Current)
Notable changes:

* cluster
  - add cwd to cluster.settings (cjihrig) [#18399](https://github.com/nodejs/node/pull/18399)
* deps
  - upgrade libuv to 1.19.1 (cjihrig) [#18260](https://github.com/nodejs/node/pull/18260)
* meta
  - add Leko to collaborators (Leko) [#18117](https://github.com/nodejs/node/pull/18117)
  - add vdeturckheim as collaborator (vdeturckheim) [#18432](https://github.com/nodejs/node/pull/18432)
* n-api
  - expose n-api version in process.versions (Michael Dawson) [#18067](https://github.com/nodejs/node/pull/18067)
* perf_hooks
  - add performance.clear() (James M Snell) [#18046](https://github.com/nodejs/node/pull/18046)
* stream
  - avoid writeAfterEnd() while ending (陈刚) [#18170](https://github.com/nodejs/node/pull/18170)

PR-URL: https://github.com/nodejs/node/pull/18464
2018-01-31 18:06:32 -06:00
Myles Borins
e688175c50
2019-01-10 Version 9.4.0 (Current)
Notable change:

* async_hooks:
  - deprecate AsyncHooks Sensitive API and runInAsyncIdScope. Neither
    API were documented. (Andreas Madsen)
    https://github.com/nodejs/node/pull/16972
* deps:
  - update nghttp2 to 1.29.0 (James M Snell)
    https://github.com/nodejs/node/pull/17908
  - upgrade npm to 5.6.0 (Kat Marchán)
    https://github.com/nodejs/node/pull/17535
  - cherry-pick 50f7455 from upstream V8 (Michaël Zasso)
    https://github.com/nodejs/node/pull/16591
* events:
  - remove reaches into _events internals (Anatoli Papirovski)
    https://github.com/nodejs/node/pull/17440
* http:
  - add rawPacket in err of `clientError` event (XadillaX)
    https://github.com/nodejs/node/pull/17672
* http2:
  - implement maxSessionMemory (James M Snell)
    https://github.com/nodejs/node/pull/17967
  - add initial support for originSet (James M Snell)
    https://github.com/nodejs/node/pull/17935
  - add altsvc support (James M Snell)
    https://github.com/nodejs/node/pull/17917
  - perf_hooks integration (James M Snell)
    https://github.com/nodejs/node/pull/17906
  - Refactoring and cleanup of Http2Session and Http2Stream destroy
    (James M Snell) https://github.com/nodejs/node/pull/17406
* net:
  - remove Socket.prototype.write (Anna Henningsen)
    https://github.com/nodejs/node/pull/17644
  - remove Socket.prototype.listen (Ruben Bridgewater)
    https://github.com/nodejs/node/pull/13735
* repl:
  - show lexically scoped vars in tab completion (Michaël Zasso)
    https://github.com/nodejs/node/pull/16591
* stream:
  - rm {writeable/readable}State.length (Calvin Metcalf)
    https://github.com/nodejs/node/pull/12857
  - add flow and buffer properties to streams (Calvin Metcalf)
    https://github.com/nodejs/node/pull/12855
* util:
  - allow wildcards in NODE_DEBUG variable (Tyler)
    https://github.com/nodejs/node/pull/17609
* zlib:
  - add ArrayBuffer support (Jem Bezooyen)
    https://github.com/nodejs/node/pull/16042
* Addedew collaborator**
  - [starkwang](https://github.com/starkwang) Weijia Wang
* Addedew TSC member**
  - [danbev](https://github.com/danbev) Daniel Bevenius

PR-URL: https://github.com/nodejs/node/pull/18069
2018-01-10 10:24:22 -05:00
Gibson Fahnestock
ec9fb6dd53
2018-01-02 Node.js v8.9.4 'Carbon' (LTS) Release
PR-URL: https://github.com/nodejs/node/pull/17774

Notable Changes:

* deps:
  * upgrade npm to 5.6.0 (Kat Marchán) [#17535](https://github.com/nodejs/node/pull/17535)
* build:
  * configure can now be run from any directory (Gibson Fahnestock) [#17321](https://github.com/nodejs/node/pull/17321)
2018-01-03 04:19:17 +00:00
Myles Borins
02e4c8d981
2018-01-02, Version 6.12.3 'Boron' (LTS)
Notable Changes:

* build:
  - configure can now be run from any directory (Gibson Fahnestock)
    https://github.com/nodejs/node/pull/17321

PR-URL: https://github.com/nodejs/node/pull/17776
2018-01-02 14:09:57 -05:00
Myles Borins
a893e79a69
2017-12-12 Version 9.3.0 (Current)
Notable changes:

* async\_hooks:
  - add trace events to async_hooks (Andreas Madsen)
    https://github.com/nodejs/node/pull/15538
  - add provider types for net server (Andreas Madsen)
    https://github.com/nodejs/node/pull/17157
* console:
  - console.debug can now be used outside of the inspector
    (Benjamin Zaslavsky) https://github.com/nodejs/node/pull/17033
* deps:
  - upgrade libuv to 1.18.0 (cjihrig)
    https://github.com/nodejs/node/pull/17282
  - patch V8 to 6.2.414.46 (Myles Borins)
    https://github.com/nodejs/node/pull/17206
* module:
  - module.builtinModules will return a list of built in modules
    (Jon Moss) https://github.com/nodejs/node/pull/16386
* n-api:
  - add helper for addons to get the event loop (Anna Henningsen)
    https://github.com/nodejs/node/pull/17109
* process:
  - process.setUncaughtExceptionCaptureCallback can now be used to
    customize behavior for `--abort-on-uncaught-exception`
    (Anna Henningsen) https://github.com/nodejs/node/pull/17159
  - A signal handler is now able to receive the signal code that
    triggered the handler. (Robert Rossmann)
    https://github.com/nodejs/node/pull/15606
* src:
  - embedders can now use Node::CreatePlatform to create an instance of
    NodePlatform (Cheng Zhao)
    https://github.com/nodejs/node/pull/16981
* stream:
  - writable.writableHighWaterMark and readable.readableHighWaterMark
    will return the values the stream object was instantiated with
    (Calvin Metcalf) https://github.com/nodejs/node/pull/12860
* **Added new collaborators**
  * [maclover7](https://github.com/maclover7) Jon Moss
  * [guybedford](https://github.com/guybedford) Guy Bedford
  * [hashseed](https://github.com/hashseed) Yang Guo

PR-URL: https://github.com/nodejs/node/pull/17631
2017-12-12 15:59:29 -05:00
Evan Lucas
7f086dd601
2017-12-08 Version 9.2.1 (Current)
Notable changes:

* **buffer**:
  * buffer allocated with an invalid content will now be zero filled (Anna Henningsen) https://github.com/nodejs/node/pull/17428
* **deps**:
  * openssl updated to 1.0.2n (Shigeki Ohtsu) https://github.com/nodejs/node/pull/17526

PR-URL: https://github.com/nodejs/node/pull/17531
2017-12-08 11:36:55 -05:00
Myles Borins
2ac4718ac4
2017-12-08, Version 8.9.3 'Carbon' (LTS)
This is a security release. All Node.js users should consult the
security release summary at
https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/
for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

* CVE-2017-15896
* CVE-2017-15897
* CVE-2017-3738 (from the openssl project)

Notable Changes:

* buffer:
  * buffer allocated with an invalid content will now be zero filled
    (Anna Henningsen)
    https://github.com/nodejs/node/pull/17428
* deps:
  * openssl updated to 1.0.2n (Shigeki Ohtsu)
    https://github.com/nodejs/node/pull/17526

PR-URL: https://github.com/nodejs/node/pull/17532
2017-12-08 11:00:55 -05:00
Myles Borins
6fa9cae83f
2017-12-08, Version 6.12.2 'Boron' (LTS)
This is a security release. All Node.js users should consult the
security release summary at
https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/
for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

* CVE-2017-15896
* CVE-2017-3738 (from the openssl project)

Notable Changes:

* deps:
  * openssl updated to 1.0.2n (Shigeki Ohtsu)
    https://github.com/nodejs/node/pull/17526

PR-URL: https://github.com/nodejs/node/pull/17533
2017-12-08 10:55:19 -05:00
Myles Borins
e832743f72
2017-12-08, Version 4.8.7 'Argon' (LTS)
This is a security release. All Node.js users should consult the
security release summary at
https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/
for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

* CVE-2017-15896
* CVE-2017-3738 (from the openssl project)

Notable Changes:

* deps:
  * openssl updated to 1.0.2n (Shigeki Ohtsu)
    https://github.com/nodejs/node/pull/17526

PR-URL: https://github.com/nodejs/node/pull/17534
2017-12-08 10:52:15 -05:00
Gibson Fahnestock
92011e417c 2017-12-05, Version 8.9.2 'Carbon' (LTS)
Notable Changes:

- **console**:
  - avoid adding infinite error listeners (Matteo Collina) [#16770](https://github.com/nodejs/n
de/pull/16770)
- **http2**:
  - improve errors thrown in header validation (Joyee Cheung) [#16718](https://github.com/nodej
s/node/pull/16718)

PR-URL: https://github.com/nodejs/node/pull/17204
2017-12-05 22:17:19 +00:00