nodejs

mirror of https://github.com/nodejs/node.git synced 2024-12-01 16:10:02 +01:00

Author	SHA1	Message	Date
Beth Griggs	f1478e1789	2019-08-06, Version 10.16.2 'Dubnium' (LTS) Notable changes: This release patches a regression in the OpenSSL upgrade to 1.1.1c that causes intermittent hangs in machines that have low entropy. Refs: https://github.com/nodejs/node/issues/28932 PR-URL: https://github.com/nodejs/node/pull/29021	2019-08-06 23:29:55 +01:00
Ruben Bridgewater	a9e7441916	2019-08-06, Version 12.8.0 (Current) Notable changes: * assert: * Legacy mode deprecation (`DEP0089`) is revoked (Colin Ihrig) https://github.com/nodejs/node/pull/28892 * crypto: * The `outputLength` option is added to `crypto.createHash` (Tobias Nießen) https://github.com/nodejs/node/pull/28805 * The `maxmem` range is increased from 32 to 53 bits (Tobias Nießen) https://github.com/nodejs/node/pull/28799 * n-api: * Added APIs for per-instance state management (Gabriel Schulhof) https://github.com/nodejs/node/pull/28682 * report: * Network interfaces get included in the report (cjihrig) https://github.com/nodejs/node/pull/28911 * src: * `v8.getHeapCodeStatistics()` is now exported (Yuriy Vasiyarov) https://github.com/nodejs/node/pull/27978 PR-URL: https://github.com/nodejs/node/pull/29017	2019-08-07 00:25:59 +02:00
Beth Griggs	9d37013ef0	2019-07-31, Version 10.16.1 'Dubnium' (LTS) Notable changes: - deps: upgrade openssl sources to 1.1.1c (Sam Roberts) [#28212](https://github.com/nodejs/node/pull/28212) - stream: do not unconditionally call `\_read()` on `resume()` (Anna Henningsen) [#26965](https://github.com/nodejs/node/pull/26965) - worker: fix nullptr deref after MessagePort deser failure (Anna Henningsen) [#25076](https://github.com/nodejs/node/pull/25076) PR-URL: https://github.com/nodejs/node/pull/28731	2019-07-31 20:04:46 +01:00
Michaël Zasso	52c5287aca	2019-07-23, Version 12.7.0 (Current) Notable changes: * deps: * Updated nghttp2 to 1.39.1. https://github.com/nodejs/node/pull/28448 * Updated npm to 6.10.0. https://github.com/nodejs/node/pull/28525 * esm: * Implemented experimental "pkg-exports" proposal. A new `"exports"` field can be added to a module's `package.json` file to provide custom subpath aliasing. See https://github.com/jkrems/proposal-pkg-exports/ for more information. https://github.com/nodejs/node/pull/28568 * http: * Added `response.writableFinished`. https://github.com/nodejs/node/pull/28681 * Exposed `headers`, `rawHeaders` and other fields on an `http.ClientRequest` `"information"` event. https://github.com/nodejs/node/pull/28459 * inspector: * Added `inspector.waitForDebugger()`. https://github.com/nodejs/node/pull/28453 * policy: * Added `--policy-integrity=sri` CLI option to mitigate policy tampering. If a policy integrity is specified and the policy does not have that integrity, Node.js will error prior to running any code. https://github.com/nodejs/node/pull/28734 * readline,tty: * Exposed stream API from various methods which write characters. https://github.com/nodejs/node/pull/28674 https://github.com/nodejs/node/pull/28721 * src: * Use cgroups to get memory limits. This improves the way we set the memory ceiling for a Node.js process. Previously we would use the physical memory size to estimate the necessary V8 heap sizes. The physical memory size is not necessarily the correct limit, e.g. if the process is running inside a docker container or is otherwise constrained. This change adds the ability to get a memory limit set by linux cgroups, which is used by docker containers to set resource constraints. https://docs.docker.com/config/containers/resource_constraints/ https://github.com/nodejs/node/pull/27508 PR-URL: https://github.com/nodejs/node/pull/28817	2019-07-23 22:54:24 +02:00
Michaël Zasso	fcf8fe9f1a	2019-07-03, Version 12.6.0 (Current) Notable changes: * build: * Experimental support for building Node.js on MIPS architecture is back. https://github.com/nodejs/node/pull/27992 * child_process: * The promisified versions of `child_process.exec` and `child_process.execFile` now both return a `Promise` which has the child instance attached to their `child` property. https://github.com/nodejs/node/pull/28325 * deps: * Updated libuv to 1.30.1. https://github.com/nodejs/node/pull/28449, https://github.com/nodejs/node/pull/28511 * Support for the Haiku platform has been added. * The maximum `UV_THREADPOOL_SIZE` has been increased from 128 to 1024. * `uv_fs_copyfile()` now works properly when the source and destination files are the same. * process: * A new method, `process.resourceUsage()` was added. It returns resource usage for the current process, such as CPU time. https://github.com/nodejs/node/pull/28018 * src: * Fixed an issue related to stdio that could lead to a crash of the process in some circumstances. https://github.com/nodejs/node/pull/28490 * stream: * Added a `writableFinished` property to writable streams. It indicates that all the data has been flushed to the underlying system. https://github.com/nodejs/node/pull/28007 * worker: * Fixed an issue that prevented worker threads to listen for data on stdin. https://github.com/nodejs/node/pull/28153 * meta: * Added Jiawen Geng (https://github.com/gengjiawen) to collaborators. https://github.com/nodejs/node/pull/28322 PR-URL: https://github.com/nodejs/node/pull/28508	2019-07-03 15:53:31 +02:00
Gus Caplan	fd3a0d3137	doc: add links to 12.5.0 changelog notable changes PR-URL: https://github.com/nodejs/node/pull/28450 Reviewed-By: Yongsheng Zhang <zyszys98@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>	2019-06-27 10:49:49 -05:00
Ruben Bridgewater	af3cc714f9	2019-06-27, Version 12.5.0 (Current) Notable changes: * build: * The startup time is reduced by enabling V8 snapshots by default https://github.com/nodejs/node/pull/28181 * deps: * Updated `V8` to 7.5.288.22 https://github.com/nodejs/node/pull/27375 * The numeric separator (v8.dev/features/numeric-separators) feature is now enabled by default * Updated `OpenSSL` to 1.1.1c https://github.com/nodejs/node/pull/28211 * inspector: * The `--inspect-publish-uid` flag was added to specify ways of the inspector web socket url exposure https://github.com/nodejs/node/pull/27741 * n-api: * Accessors on napi_define_* are now ECMAScript-compliant https://github.com/nodejs/node/pull/27851 * report: * The cpu info got added to the report output https://github.com/nodejs/node/pull/28188 * src: * Restore the original state of the stdio file descriptors on exit to prevent leaving stdio in raw or non-blocking mode https://github.com/nodejs/node/pull/24260 * tools,gyp: * Introduce MSVS 2019 https://github.com/nodejs/node/pull/27375 * util: * inspect: * Array grouping became more compact and uses more columns than before https://github.com/nodejs/node/pull/28059 https://github.com/nodejs/node/pull/28070 * Long strings will not be split at 80 characters anymore. Instead they will be split on new lines https://github.com/nodejs/node/pull/28055 * worker: * `worker.terminate()` now returns a promise and using the callback is deprecated https://github.com/nodejs/node/pull/28021 PR-URL: https://github.com/nodejs/node/pull/28268	2019-06-27 15:55:50 +02:00
Michaël Zasso	cb68c04ce1	2019-06-04, Version 12.4.0 (Current) Notable changes: * doc: * The JSON variant of the API documentation is no longer experimental (Rich Trott) https://github.com/nodejs/node/pull/27842. * esm: * JSON module support is always enabled under `--experimental-modules`. The `--experimental-json-modules` flag has been removed (Myles Borins) https://github.com/nodejs/node/pull/27752. * http,http2: * A new flag has been added for overriding the default HTTP server socket timeout (which is two minutes). Pass `--http-server-default-timeout=milliseconds` or `--http-server-default-timeout=0` to respectively change or disable the timeout. Starting with Node.js 13.0.0, the timeout will be disabled by default (Ali Ijaz Sheikh) https://github.com/nodejs/node/pull/27704. * inspector: * Added an experimental `--heap-prof` flag to start the V8 heap profiler on startup and write the heap profile to disk before exit (Joyee Cheung) https://github.com/nodejs/node/pull/27596. * stream: * The `readable.unshift()` method now correctly converts strings to buffers. Additionally, a new optional argument is accepted to specify the string's encoding, such as `'utf8'` or `'ascii'` (Marcos Casagrande) https://github.com/nodejs/node/pull/27194. * v8: * The object returned by `v8.getHeapStatistics()` has two new properties: `number_of_native_contexts` and `number_of_detached_contexts` (Yuriy Vasiyarov) https://github.com/nodejs/node/pull/27933. PR-URL: https://github.com/nodejs/node/pull/28040	2019-06-04 16:01:53 +02:00
Beth Griggs	b323658b64	2019-05-28, Version 10.16.0 'Dubnium' (LTS) Notable changes: - deps: - update ICU to 64.2 (Ujjwal Sharma) [#27361](https://github.com/nodejs/node/pull/27361) - upgrade npm to 6.9.0 (Kat Marchán) [#26244](https://github.com/nodejs/node/pull/26244) - upgrade openssl sources to 1.1.1b (Sam Roberts) [#26327](https://github.com/nodejs/node/pull/26327) - upgrade to libuv 1.28.0 (cjihrig) [#27241](https://github.com/nodejs/node/pull/27241) - events: - add once method to use promises with EventEmitter (Matteo Collina) [#26078](https://github.com/nodejs/node/pull/26078) - n-api: - mark thread-safe function as stable (Gabriel Schulhof) [#25556](https://github.com/nodejs/node/pull/25556) - repl: - support top-level for-await-of (Shelley Vohr) [#23841](https://github.com/nodejs/node/pull/23841) - zlib: - add brotli support (Anna Henningsen) [#24938](https://github.com/nodejs/node/pull/24938) PR-URL: https://github.com/nodejs/node/pull/27514	2019-05-28 23:45:42 +01:00
Ruben Bridgewater	8a282dc93a	2019-05-22, Version v12.3.1 (Current) Notable changes * deps: * Fix handling of +0/-0 when constant field tracking is enabled (Michaël Zasso) https://github.com/nodejs/node/pull/27792 * Fix `os.freemem()` and `os.totalmem` correctness (cjihrig) https://github.com/nodejs/node/pull/27718 * src: * Fix v12.3.0 regression that prevents native addons from compiling https://github.com/nodejs/node/pull/27804 PR-URL: https://github.com/nodejs/node/pull/27814	2019-05-22 20:56:15 +02:00
Ruben Bridgewater	9fec70a703	2019-05-21, Version 12.3.0 (Current) Notable changes: * esm: * Added the `--experimental-wasm-modules` flag to support WebAssembly modules (Myles Borins & Guy Bedford) https://github.com/nodejs/node/pull/27659 * process: * Log errors using `util.inspect` in case of fatal exceptions (Ruben Bridgewater) https://github.com/nodejs/node/pull/27243 * repl: * Add `process.on('uncaughtException')` support (Ruben Bridgewater) https://github.com/nodejs/node/pull/27151 * stream: * Implemented `Readable.from` async iterator utility (Guy Bedford) https://github.com/nodejs/node/pull/27660 * tls: * Expose built-in root certificates (Ben Noordhuis) https://github.com/nodejs/node/pull/26415 * Support `net.Server` options (Luigi Pinca) https://github.com/nodejs/node/pull/27665 * Expose `keylog` event on TLSSocket (Alba Mendez) https://github.com/nodejs/node/pull/27654 * worker: * Added the ability to unshift messages from the `MessagePort` (Anna Henningsen) https://github.com/nodejs/node/pull/27294 PR-URL: https://github.com/nodejs/node/pull/27799	2019-05-21 21:23:52 +02:00
Michaël Zasso	e006a8545e	2019-05-07, Version 12.2.0 (Current) Notable changes: * deps: * Updated llhttp to 1.1.3. This fixes a bug that made Node.js' HTTP parser refuse any request URL that contained the "\|" (vertical bar) character. https://github.com/nodejs/node/pull/27595 * tls: * Added an `enableTrace()` method to `TLSSocket` and an `enableTrace` option to `tls.createServer()`. When enabled, TSL packet trace information is written to `stderr`. This can be used to debug TLS connection problems. https://github.com/nodejs/node/pull/27497 https://github.com/nodejs/node/pull/27376 * cli: * Added a `--trace-tls` command-line flag that enables tracing of TLS connections without the need to modify existing application code. https://github.com/nodejs/node/pull/27497 * Added a `--cpu-prof-interval` command-line flag. It can be used to specify the sampling interval for the CPU profiles generated by `--cpu-prof`. https://github.com/nodejs/node/pull/27535 * module: * Added the `createRequire()` method. It allows to create a require function from a file URL object, a file URL string or an absolute path string. The existing `createRequireFromPath()` method is now deprecated https://github.com/nodejs/node/pull/27405. * Throw on `require('./path.mjs')`. This is technically a breaking change that should have landed with Node.js 12.0.0. It is necessary to have this to keep the possibility for a future minor version to load ES Modules with the require function. https://github.com/nodejs/node/pull/27417 * repl: * The REPL now supports multi-line statements using `BigInt` literals as well as public and private class fields and methods. https://github.com/nodejs/node/pull/27400 * The REPL now supports tab autocompletion of file paths with `fs` methods. https://github.com/nodejs/node/pull/26648 * meta: * Added Christian Clauss (https://github.com/cclauss) to collaborators. https://github.com/nodejs/node/pull/27554 PR-URL: https://github.com/nodejs/node/pull/27578	2019-05-07 20:38:46 +02:00
Shelley Vohr	ea46db6642	2019-04-30, Version 11.15.0 (Current) Notable changes: * deps: add s390 asm rules for OpenSSL-1.1.1 (Shigeki Ohtsu) [#19794](https://github.com/nodejs/node/pull/19794) * src: add .code and SSL specific error properties (Sam Roberts) [#25093](https://github.com/nodejs/node/pull/25093) * tls: * add --tls-min-v1.2 CLI switch (Sam Roberts) [#26951](https://github.com/nodejs/node/pull/26951) * supported shared openssl 1.1.0 (Sam Roberts) [#26951](https://github.com/nodejs/node/pull/26951) * revert default max toTLSv1.2 (Sam Roberts) [#26951](https://github.com/nodejs/node/pull/26951) * revert change to invalid protocol error type (Sam Roberts) [#26951](https://github.com/nodejs/node/pull/26951) * support TLSv1.3 (Sam Roberts) [#26209](https://github.com/nodejs/node/pull/26209) * add code for ERR\_TLS\_INVALID\_PROTOCOL\_METHOD (Sam Roberts) [#24729](https://github.com/nodejs/node/pull/24729) PR-URL: https://github.com/nodejs/node/pull/27314	2019-04-30 09:18:04 -07:00
Michaël Zasso	1d4a880700	2019-04-29, Version 12.1.0 (Current) Notable changes: * intl: * Update ICU to 64.2. This adds support for Japanese Era (Reiwa). https://github.com/nodejs/node/pull/27361 * Fixes a bug in ICU that affected Node.js 12.0.0 in the case where `new Date().toLocaleString()` was called with a non-default locale. https://github.com/nodejs/node/pull/27415 * C++ API: * Added an overload of `EmitAsyncDestroy` that can be used during garbage collection. https://github.com/nodejs/node/pull/27255 PR-URL: https://github.com/nodejs/node/pull/27440	2019-04-29 16:38:53 +02:00
Beth Griggs	b773f77ddb	doc: fix v12.0.0 changelog id PR-URL: https://github.com/nodejs/node/pull/27368 Reviewed-By: Refael Ackermann <refack@gmail.com> Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Michaël Zasso <targos@protonmail.com>	2019-04-23 17:58:50 +01:00
Beth Griggs	d896f03578	2019-04-23, Version 12.0.0 (Current) Notable changes: * assert: * validate required arguments (Ruben Bridgewater) [#26641](https://github.com/nodejs/node/pull/26641) * adjust loose assertions (Ruben Bridgewater) [#25008](https://github.com/nodejs/node/pull/25008) * async_hooks: * remove deprecated `emitBefore` and `emitAfter` (Matteo Collina) [#26530](https://github.com/nodejs/node/pull/26530) * remove promise object from resource (Andreas Madsen) [#23443](https://github.com/nodejs/node/pull/23443) * bootstrap: make Buffer and process non-enumerable (Ruben Bridgewater) [#24874](https://github.com/nodejs/node/pull/24874) * buffer: * use stricter range checks (Ruben Bridgewater) [#27045](https://github.com/nodejs/node/pull/27045) * harden `SlowBuffer` creation (ZYSzys) [#26272](https://github.com/nodejs/node/pull/26272) * harden validation of buffer allocation size (ZYSzys) [#26162](https://github.com/nodejs/node/pull/26162) * do proper error propagation in addon methods (Anna Henningsen) [#23939](https://github.com/nodejs/node/pull/23939) * child_process: * remove `options.customFds` (cjihrig) [#25279](https://github.com/nodejs/node/pull/25279) * harden fork arguments validation (ZYSzys) [#27039](https://github.com/nodejs/node/pull/27039) * use non-infinite `maxBuffer` defaults (kohta ito) [#23027](https://github.com/nodejs/node/pull/23027) * console: * don't use ANSI escape codes when `TERM=dumb` (Vladislav Kaminsky) [#26261](https://github.com/nodejs/node/pull/26261) * crypto: * remove legacy native handles (Tobias Nießen) [#27011](https://github.com/nodejs/node/pull/27011) * decode missing passphrase errors (Tobias Nießen) [#25208](https://github.com/nodejs/node/pull/25208) * remove `Cipher.setAuthTag()` and `Decipher.getAuthTag()` (Tobias Nießen) [#26249](https://github.com/nodejs/node/pull/26249) * remove deprecated `crypto._toBuf()` (Tobias Nießen) [#25338](https://github.com/nodejs/node/pull/25338) * set `DEFAULT\_ENCODING` property to non-enumerable (Antoine du Hamel) [#23222](https://github.com/nodejs/node/pull/23222) * deps: * update V8 to 7.4.288.13 (Michaël Zasso, cjihrig, Refael Ackermann) (Anna Henningsen, Ujjwal Sharma) [#26685](https://github.com/nodejs/node/pull/26685) * bump minimum icu version to 63 (Ujjwal Sharma) [#25852](https://github.com/nodejs/node/pull/25852) * update OpenSSL to 1.1.1b (Sam Roberts, Shigeki Ohtsu) [#26327](https://github.com/nodejs/node/pull/26327) * errors: * update error name (Ruben Bridgewater) [#26738](https://github.com/nodejs/node/pull/26738) * fs: * use proper .destroy() implementation for SyncWriteStream (Matteo Collina) [#26690](https://github.com/nodejs/node/pull/26690) * improve mode validation (Ruben Bridgewater) [#26575](https://github.com/nodejs/node/pull/26575) * harden validation of start option in `createWriteStream()` (ZYSzys) [#25579](https://github.com/nodejs/node/pull/25579) * make writeFile consistent with readFile wrt fd (Sakthipriyan Vairamani (thefourtheye)) [#23709](https://github.com/nodejs/node/pull/23709) * http: * validate timeout in `ClientRequest()` (cjihrig) [#26214](https://github.com/nodejs/node/pull/26214) * return HTTP 431 on `HPE_HEADER_OVERFLOW` error (Albert Still) [#25605](https://github.com/nodejs/node/pull/25605) * switch default parser to llhttp (Anna Henningsen) [#24870](https://github.com/nodejs/node/pull/24870) * Runtime-deprecate `outgoingMessage._headers` and `outgoingMessage._headerNames` (Morgan Roderick) [#24167](https://github.com/nodejs/node/pull/24167) * lib: * remove `Atomics.wake()` (Gus Caplan) [#27033](https://github.com/nodejs/node/pull/27033) * move DTRACE\_\* probes out of global scope (James M Snell) [#26541](https://github.com/nodejs/node/pull/26541) * deprecate `_stream_wrap` (Sam Roberts) [#26245](https://github.com/nodejs/node/pull/26245) * use ES6 class inheritance style (Ruben Bridgewater) [#24755](https://github.com/nodejs/node/pull/24755) * module: * remove unintended access to deps/ (Anna Henningsen) [#25138](https://github.com/nodejs/node/pull/25138) * improve error message for MODULE\_NOT\_FOUND (Ali Ijaz Sheikh) [#25690](https://github.com/nodejs/node/pull/25690) * requireStack property for MODULE\_NOT\_FOUND (Ali Ijaz Sheikh) [#25690](https://github.com/nodejs/node/pull/25690) * remove dead code (Ruben Bridgewater) [#26983](https://github.com/nodejs/node/pull/26983) * make `require('.')` never resolve outside the current directory (Ruben Bridgewater) [#26973](https://github.com/nodejs/node/pull/26973) * throw an error for invalid package.json main entries (Ruben Bridgewater) [#26823](https://github.com/nodejs/node/pull/26823) * don't search in `require.resolve.paths` (cjihrig) [#23683](https://github.com/nodejs/node/pull/23683) * net: * remove `Server.listenFD()` (cjihrig) [#27127](https://github.com/nodejs/node/pull/27127) * do not add `.host` and `.port` properties to DNS error (Ruben Bridgewater) [#26751](https://github.com/nodejs/node/pull/26751) * emit "write after end" errors in the next tick (Ouyang Yadong) [#24457](https://github.com/nodejs/node/pull/24457) * deprecate `_setSimultaneousAccepts()` undocumented function (James M Snell) [#23760](https://github.com/nodejs/node/pull/23760) * os: * implement `os.type()` using `uv_os_uname()` (cjihrig) [#25659](https://github.com/nodejs/node/pull/25659) * remove `os.getNetworkInterfaces()` (cjihrig) [#25280](https://github.com/nodejs/node/pull/25280) * process: * make global.process, global.Buffer getters (Guy Bedford) [#26882](https://github.com/nodejs/node/pull/26882) * move DEP0062 (node --debug) to end-of-life (Joyee Cheung) [#25828](https://github.com/nodejs/node/pull/25828) * exit on --debug and --debug-brk after option parsing (Joyee Cheung) [#25828](https://github.com/nodejs/node/pull/25828) * improve `--redirect-warnings` handling (Ruben Bridgewater) [#24965](https://github.com/nodejs/node/pull/24965) * readline: * support TERM=dumb (Vladislav Kaminsky) [#26261](https://github.com/nodejs/node/pull/26261) * repl: * add welcome message (gengjiawen) [#25947](https://github.com/nodejs/node/pull/25947) * fix terminal default setting (Ruben Bridgewater) [#26518](https://github.com/nodejs/node/pull/26518) * check colors with `.getColorDepth()` (Vladislav Kaminsky) [#26261](https://github.com/nodejs/node/pull/26261) * deprecate REPLServer.rli (Ruben Bridgewater) [#26260](https://github.com/nodejs/node/pull/26260) * src: * remove unused `INT_MAX` constant (Sam Roberts) [#27078](https://github.com/nodejs/node/pull/27078) * update `NODE_MODULE_VERSION` to 72 (Ujjwal Sharma) [#26685](https://github.com/nodejs/node/pull/26685) * remove `AddPromiseHook()` (Anna Henningsen) [#26574](https://github.com/nodejs/node/pull/26574) * clean up `MultiIsolatePlatform` interface (Anna Henningsen) [#26384](https://github.com/nodejs/node/pull/26384) * properly configure default heap limits (Ali Ijaz Sheikh) [#25576](https://github.com/nodejs/node/pull/25576) * remove `icuDataDir` from node config (GauthamBanasandra) [#24780](https://github.com/nodejs/node/pull/24780) * tls: * support TLSv1.3 (Sam Roberts) [#26209](https://github.com/nodejs/node/pull/26209) * return correct version from `getCipher()` (Sam Roberts) [#26625](https://github.com/nodejs/node/pull/26625) * check arg types of renegotiate() (Sam Roberts) [#25876](https://github.com/nodejs/node/pull/25876) * add code for `ERR_TLS_INVALID_PROTOCOL_METHOD` (Sam Roberts) [#24729](https://github.com/nodejs/node/pull/24729) * emit a warning when servername is an IP address (Rodger Combs) [#23329](https://github.com/nodejs/node/pull/23329) * disable TLS v1.0 and v1.1 by default (Ben Noordhuis) [#23814](https://github.com/nodejs/node/pull/23814) * remove unused arg to createSecureContext() (Sam Roberts) [#24241](https://github.com/nodejs/node/pull/24241) * deprecate `Server.prototype.setOptions()` (cjihrig) [#23820](https://github.com/nodejs/node/pull/23820) * load `NODE_EXTRA_CA_CERTS` at startup (Ouyang Yadong) [#23354](https://github.com/nodejs/node/pull/23354) * util: * remove `util.print()`, `util.puts()`, `util.debug()` and `util.error()` (cjihrig) [#25377](https://github.com/nodejs/node/pull/25377) * change inspect compact and breakLength default (Ruben Bridgewater) [#27109](https://github.com/nodejs/node/pull/27109) * improve inspect edge cases (Ruben Bridgewater) [#27109](https://github.com/nodejs/node/pull/27109) * only the first line of the error message (Simon Zünd) [#26685](https://github.com/nodejs/node/pull/26685) * don't set the prototype of callbackified functions (Ruben Bridgewater) [#26893](https://github.com/nodejs/node/pull/26893) * rename callbackified function (Ruben Bridgewater) [#26893](https://github.com/nodejs/node/pull/26893) * increase function length when using `callbackify()` (Ruben Bridgewater) [#26893](https://github.com/nodejs/node/pull/26893) * prevent tampering with internals in `inspect()` (Ruben Bridgewater) [#26577](https://github.com/nodejs/node/pull/26577) * prevent Proxy traps being triggered by `.inspect()` (Ruben Bridgewater) [#26241](https://github.com/nodejs/node/pull/26241) * prevent leaking internal properties (Ruben Bridgewater) [#24971](https://github.com/nodejs/node/pull/24971) * protect against monkeypatched Object prototype for inspect() (Rich Trott) [#25953](https://github.com/nodejs/node/pull/25953) * treat format arguments equally (Roman Reiss) [#23162](https://github.com/nodejs/node/pull/23162) * win, fs: * detect if symlink target is a directory (Bartosz Sosnowski) [#23724](https://github.com/nodejs/node/pull/23724) * zlib: * throw TypeError if callback is missing (Anna Henningsen) [#24929](https://github.com/nodejs/node/pull/24929) * make “bare” constants un-enumerable (Anna Henningsen) [#24824](https://github.com/nodejs/node/pull/24824) PR-URL: https://github.com/nodejs/node/pull/26930	2019-04-23 16:46:54 +01:00
Myles Borins	1c26169714	2019-04-16, Version 8.16.0 'Carbon' (LTS) Notable Changes: * n-api: - add API for asynchronous functions (Gabriel Schulhof) https://github.com/nodejs/node/pull/17887 - mark thread-safe function as stable (Gabriel Schulhof) https://github.com/nodejs/node/pull/25556 PR-URL: https://github.com/nodejs/node/pull/26933	2019-04-16 16:04:56 -04:00
Beth Griggs	d42456020b	2019-04-11, Version 11.14.0 (Current) Notable changes: - child_process: doc deprecate ChildProcess.\_channel (cjihrig) [#26982](https://github.com/nodejs/node/pull/26982) - deps: update nghttp2 to 1.37.0 (gengjiawen) [#26990](https://github.com/nodejs/node/pull/26990) - dns: - make dns.promises enumerable (cjihrig) [#26592](https://github.com/nodejs/node/pull/26592) - remove dns.promises experimental warning (cjihrig) [#26592](https://github.com/nodejs/node/pull/26592) - fs: remove experimental warning for fs.promises (Anna Henningsen) [#26581] (https://github.com/nodejs/node/pull/26581) - stream: make Symbol.asyncIterator support stable (Matteo Collina) [#26989](https://github.com/nodejs/node/pull/26989) - worker: use copy of process.env (Anna Henningsen) [#26544](https://github.com/nodejs/node/pull/26544) PR-URL: https://github.com/nodejs/node/pull/27163	2019-04-11 17:56:55 +01:00
Beth Griggs	883a0d521f	2019-04-03, Version 6.17.1 'Boron' (LTS) Notable changes: - http: - fix error check in `Execute()` (Brian White) [#25939](https://github.com/nodejs/node/pull/25939) PR-URL: https://github.com/nodejs/node/pull/26684	2019-04-03 20:35:39 +01:00
Michaël Zasso	2c73868b04	2019-03-28, Version 11.13.0 (Current) Notable changes: * crypto * Allow deriving public from private keys (Tobias Nießen) [#26278](https://github.com/nodejs/node/pull/26278). * events * Added a `once` function to use `EventEmitter` with promises (Matteo Collina) [#26078](https://github.com/nodejs/node/pull/26078). * tty * Added a `hasColors` method to `WriteStream` (Ruben Bridgewater) [#26247](https://github.com/nodejs/node/pull/26247). * Added NO_COLOR and FORCE_COLOR support (Ruben Bridgewater) [#26485](https://github.com/nodejs/node/pull/26485). * v8 * Added `v8.getHeapSnapshot` and `v8.writeHeapSnapshot` to generate snapshots in the format used by tools such as Chrome DevTools (James M Snell) [#26501](https://github.com/nodejs/node/pull/26501). * worker * Added `worker.moveMessagePortToContext`. This enables using MessagePorts in different vm.Contexts, aiding with the isolation that the vm module seeks to provide (Anna Henningsen) [#26497](https://github.com/nodejs/node/pull/26497). * C++ API * `AddPromiseHook` is now deprecated. This API was added to fill an use case that is served by `async_hooks`, since that has `Promise` support (Anna Henningsen) [#26529](https://github.com/nodejs/node/pull/26529). * Added a `Stop` API to shut down Node.js while it is running (Gireesh Punathil) [#21283](https://github.com/nodejs/node/pull/21283). * meta * [Gireesh Punathil](https://github.com/gireeshpunathil) is now a member of the Technical Steering Committee [#26657](https://github.com/nodejs/node/pull/26657). * Added [Yongsheng Zhang](https://github.com/ZYSzys) to collaborators [#26730](https://github.com/nodejs/node/pull/26730). PR-URL: https://github.com/nodejs/node/pull/26949	2019-03-28 20:23:29 +01:00
Jesse McCarthy	0622ce6e7f	doc: fix changelog date typo PR-URL: https://github.com/nodejs/node/pull/26831 Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>	2019-03-21 23:36:38 +02:00
Ruben Bridgewater	969c63a0f1	2019-03-15, Version 11.12.0 (Current) Notable Changes * bootstrap: * Add experimental `--frozen-intrinsics` flag (Guy Bedford) https://github.com/nodejs/node/pull/25685 * build: * Enable v8's siphash for hash seed creation (Rod Vagg) https://github.com/nodejs/node/pull/26367 * deps: * Upgrade openssl to 1.1.1b (Sam Roberts) https://github.com/nodejs/node/pull/26327 * process: * Make `process[Symbol.toStringTag]` writable again (Ruben Bridgewater) https://github.com/nodejs/node/pull/26488 * repl: * Add `util.inspect.replDefaults` to customize the writer (Ruben Bridgewater) https://github.com/nodejs/node/pull/26375 * report: * Rename `triggerReport()` to `writeReport()` (Colin Ihrig) https://github.com/nodejs/node/pull/26527	2019-03-15 22:03:09 +01:00
Colin Prince	06879aafee	doc: fix year in changelog Most minor, 2018 should be 2019 for 10.15.3 PR-URL: https://github.com/nodejs/node/pull/26584 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com> Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>	2019-03-11 17:56:59 +02:00
Ruben Bridgewater	b22ee71ef6	2019-03-06, Version 11.11.0 (Current) Notable Changes * n-api: * Implement date object (Jarrod Connolly) https://github.com/nodejs/node/pull/25917 * util: * Add compact depth mode for `util.inspect()` (Ruben Bridgewater) https://github.com/nodejs/node/pull/26269 * worker: * Improve integration with native addons (Anna Henningsen) https://github.com/nodejs/node/pull/26175 * MessagePort.prototype.onmessage takes arguments closer to the Web specification now (Anna Henningsen) https://github.com/nodejs/node/pull/26082	2019-03-06 20:24:50 +01:00
Beth Griggs	a52c1ead02	2019-03-05, Version 10.15.3 'Dubnium' (LTS) Notable Changes * doc * add antsmartian to collaborators (Anto Aravinth) [#24655](https://github.com/nodejs/node/pull/24655) * http * fix error check in Execute() (Brian White) [#25863](https://github.com/nodejs/node/pull/25863) * stream * fix end-of-stream for HTTP/2 (Anna Henningsen) [#24926](https://github.com/nodejs/node/pull/24926) PR-URL: https://github.com/nodejs/node/pull/26063	2019-03-05 17:08:25 +00:00
Rod Vagg	0d64a56012	2019-02-28, Version 6.17.0 'Boron' (LTS) This is a security release. All Node.js users should consult the security release summary at: https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/ for details on patched vulnerabilities. Fixes for the following CVEs are included in this release: * Node.js: Denial of Service with keep-alive HTTP connections (CVE-2019-5739) * Node.js: Slowloris HTTP Denial of Service with keep-alive (CVE-2019-5737) * OpenSSL: 0-byte record padding oracle (CVE-2019-1559) Notable Changes: * deps: OpenSSL has been upgraded to 1.0.2r which contains a fix for CVE-2019-1559 (https://www.openssl.org/news/secadv/20190226.txt). Under certain circumstances, a TLS server can be forced to respond differently to a client if a zero-byte record is received with an invalid padding compared to a zero-byte record with an invalid MAC. This can be used as the basis of a padding oracle attack to decrypt data. * http: - Backport `server.keepAliveTimeout` to prevent keep-alive HTTP and HTTPS connections remaining open and inactive for an extended period of time, leading to a potential Denial of Service (DoS). (CVE-2019-5739 / Timur Shemsedinov, Matteo Collina) - Further prevention of "Slowloris" attacks on HTTP and HTTPS connections by consistently applying the receive timeout set by `server.headersTimeout` to connections in keep-alive mode. Reported by Marco Pracucci (https://voxnest.com). (CVE-2019-5737 / Matteo Collina) PR-URL: https://github.com/nodejs-private/node-private/pull/169	2019-02-28 22:36:11 +11:00
Rod Vagg	980cce6d29	2019-02-28, Version 8.15.1 'Carbon' (LTS) This is a security release. All Node.js users should consult the security release summary at: https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/ for details on patched vulnerabilities. Fixes for the following CVEs are included in this release: * Node.js: Slowloris HTTP Denial of Service with keep-alive (CVE-2019-5737) * OpenSSL: 0-byte record padding oracle (CVE-2019-1559) Notable Changes: * deps: OpenSSL has been upgraded to 1.0.2r which contains a fix for CVE-2019-1559 (https://www.openssl.org/news/secadv/20190226.txt). Under certain circumstances, a TLS server can be forced to respond differently to a client if a zero-byte record is received with an invalid padding compared to a zero-byte record with an invalid MAC. This can be used as the basis of a padding oracle attack to decrypt data. * http: Further prevention of "Slowloris" attacks on HTTP and HTTPS connections by consistently applying the receive timeout set by `server.headersTimeout` to connections in keep-alive mode. Reported by Marco Pracucci (https://voxnest.com). (CVE-2019-5737 / Matteo Collina) PR-URL: https://github.com/nodejs-private/node-private/pull/165	2019-02-28 22:31:14 +11:00
Rod Vagg	b974d0dd64	2019-02-28, Version 10.15.2 'Dubnium' (LTS) This is a security release. All Node.js users should consult the security release summary at: https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/ for details on patched vulnerabilities. A fix for the following CVE is included in this release: * Node.js: Slowloris HTTP Denial of Service with keep-alive (CVE-2019-5737) Notable Changes: * http: Further prevention of "Slowloris" attacks on HTTP and HTTPS connections by consistently applying the receive timeout set by `server.headersTimeout` to connections in keep-alive mode. Reported by Marco Pracucci (https://voxnest.com). (CVE-2019-5737 / Matteo Collina) PR-URL: https://github.com/nodejs-private/node-private/pull/164	2019-02-28 22:29:17 +11:00
Rod Vagg	f1cefdca80	2019-02-28, Version 11.10.1 (Current) This is a security release. All Node.js users should consult the security release summary at: https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/ for details on patched vulnerabilities. A fix for the following CVE is included in this release: * Node.js: Slowloris HTTP Denial of Service with keep-alive (CVE-2019-5737) Notable Changes: * http: Further prevention of "Slowloris" attacks on HTTP and HTTPS connections by consistently applying the receive timeout set by `server.headersTimeout` to connections in keep-alive mode. Reported by Marco Pracucci (https://voxnest.com). (CVE-2019-5737 / Matteo Collina) PR-URL: https://github.com/nodejs-private/node-private/pull/163	2019-02-28 22:27:59 +11:00
Michaël Zasso	48491ce405	doc: fix notable changes in v11 changelog	2019-02-17 18:49:36 +01:00
Colin Ihrig	bc72470788	doc: fix changelog entry PR-URL: https://github.com/nodejs/node/pull/26114 Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Yuta Hiroto <hello@hiroppy.me> Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>	2019-02-16 09:04:14 -05:00
Kai	e74019fa8b	doc: fix notable changes list format for 11.9.0 & 11.10.0 PR-URL: https://github.com/nodejs/node/pull/26129 Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>	2019-02-16 11:42:29 +02:00
Michaël Zasso	82ee0ff1b8	2018-02-14, Version 11.10.0 (Current) Notable changes: deps: * Updated libuv to 1.26.0. * Updated npm to 6.7.0. http, http2: * `response.writeHead` now returns the response object. perf_hooks: * Implemented a histogram based API. process: * Exposed `process.features.inspector`. repl: * Added `repl.setupHistory` for programmatic repl. tls: * Introduced client "session" event. PR-URL: https://github.com/nodejs/node/pull/26098	2019-02-14 23:55:48 +01:00
Michaël Zasso	9e08386e61	2019-01-30, Version 11.9.0 (Current) Notable changes: * deps: * OpenSSL has been updated to 1.1.1a, which is API/ABI compatible with the previous OpenSSL 1.1.0j. Note that while OpenSSL 1.1.1a supports TLS1.3, Node.js still does not. https://github.com/nodejs/node/pull/25582 PR-URL: https://github.com/nodejs/node/pull/25802	2019-01-30 23:06:17 +01:00
Shelley Vohr	d56212e6ef	2019-01-29, Version 10.15.1 'Dubnium' (LTS) * doc: * add oyyd to collaborators (Ouyang Yadong) [#24300](https://github.com/nodejs/node/pull/24300) * tls: * throw if protocol too long (Andre Jodat-Danbrani) [#23606](https://github.com/nodejs/node/pull/23606) PR-URL: https://github.com/nodejs/node/pull/25346	2019-01-29 10:17:08 -08:00
Myles Borins	96731fc8d3	doc: fix 11.8.0 changelog Problem with tool resulted in wrong commits being included PR-URL: https://github.com/nodejs/node/pull/25705 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>	2019-01-25 20:39:13 +01:00
Myles Borins	641de82404	2019-01-24, Version 11.8.0 (Current) Notable Changes: * events: * For unhandled `error` events with an argument that is not an `Error` object, the resulting exeption will have more information about the argument. https://github.com/nodejs/node/pull/25621 * child_process: * When the `maxBuffer` option is passed, `stdout` and `stderr` will be truncated rather than unavailable in case of an error. https://github.com/nodejs/node/pull/24951 * policy: * Experimental support for module integrity checks through a manifest file is implemented now. https://github.com/nodejs/node/pull/23834 * n-api: * The `napi_threadsafe_function` feature is now stable. https://github.com/nodejs/node/pull/25556 * report: * An experimental diagnostic API for capturing process state is available as `process.report` and through command line flags. https://github.com/nodejs/node/pull/22712 * tls: * `tls.connect()` takes a `timeout` option analogous to the `net.connect()` one. https://github.com/nodejs/node/pull/25517 * worker: * `process.umask()` is available as a read-only function inside Worker threads now. https://github.com/nodejs/node/pull/25526 * An `execArgv` option that supports a subset of Node.js command line options is supported now. https://github.com/nodejs/node/pull/25467 PR-URL: https://github.com/nodejs/node/pull/25687	2019-01-24 20:51:40 -05:00
Ruben Bridgewater	d3f8f905b3	2019-01-17, Version 11.7.0 (Current), @BridgeAR Notable Changes * compression / zlib: * Added brotli support (Anna Henningsen and Zach Vacura) https://github.com/nodejs/node/pull/24938 * console: * Added `inspectOptions` option (Ruben Bridgewater) https://github.com/nodejs/node/pull/24978 * crypto: * Always accept private keys as public keys (Tobias Nießen) https://github.com/nodejs/node/pull/25217 * deps: * Upgrade npm to v6.5.0 (Jordan Harband) https://github.com/nodejs/node/pull/25234 * fs: * Use internalBinding('fs') internally instead of process.binding('fs') (Masashi Hirano) https://github.com/nodejs/node/pull/22478 * http(s): * Support overriding http\\s.globalAgent (Roy Sommer) https://github.com/nodejs/node/pull/25170 * util: * Inspect ArrayBuffers contents closely (Ruben Bridgewater) https://github.com/nodejs/node/pull/25006 * worker: * Expose workers by default and remove `--experimental-worker` flag (Anna Henningsen) https://github.com/nodejs/node/pull/25361 PR-URL: https://github.com/nodejs/node/pull/25537	2019-01-18 14:03:19 +01:00
Myles Borins	3614157b78	doc: fix lint in CHANGELOG_V6 introduced in `7b9c9b3dcc` PR-URL: https://github.com/nodejs/node/pull/25233 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Gus Caplan <me@gus.host>	2018-12-26 13:08:36 -05:00
Myles Borins	e01999db14	2018-12-26, Version 11.6.0 (Current) Notable Changes: * cli: - add --max-http-header-size flag (cjihrig) https://github.com/nodejs/node/pull/24811 * crypto: - always accept certificates as public keys (Tobias Nießen) https://github.com/nodejs/node/pull/24234 - add key object API (Tobias Nießen) [#24234](https://github.com/nodejs/node/pull/24234) - update root certificates (Sam Roberts) https://github.com/nodejs/node/pull/25113 * deps: - upgrade to libuv 1.24.1 (cjihrig) https://github.com/nodejs/node/pull/25078 - upgrade npm to 6.5.0 (Audrey Eschright) https://github.com/nodejs/node/pull/24734 * http: - add maxHeaderSize property (cjihrig) https://github.com/nodejs/node/pull/24860 PR-URL: https://github.com/nodejs/node/pull/25175	2018-12-26 11:24:51 -05:00
Myles Borins	78f2e142c5	2018-12-26, Version 10.15.0 'Dubnium' (LTS) The 10.14.0 security release introduced some unexpected breakages on the 10.x release line. This is a special release to fix a regression in the HTTP binary upgrade response body and add a missing CLI flag to adjust the max header size of the http parser. Notable Changes: * cli: - add --max-http-header-size flag (cjihrig) https://github.com/nodejs/node/pull/24811 * http: - add maxHeaderSize property (cjihrig) https://github.com/nodejs/node/pull/24860 PR-URL: https://github.com/nodejs/node/pull/25176	2018-12-26 11:24:26 -05:00
Myles Borins	9542324d9e	2018-12-26, Version 8.15.0 'Carbon' (LTS) The 8.14.0 security release introduced some unexpected breakages on the 8.x release line. This is a special release to fix a regression in the HTTP binary upgrade response body and add a missing CLI flag to adjust the max header size of the http parser. Notable changes: * cli: - add --max-http-header-size flag (cjihrig) https://github.com/nodejs/node/pull/24811 * http: - add maxHeaderSize property (cjihrig) https://github.com/nodejs/node/pull/24860 PR-URL: https://github.com/nodejs/node/pull/25177	2018-12-26 11:23:32 -05:00
Myles Borins	7b9c9b3dcc	2018-12-26, Version 6.16.0 'Boron' (LTS) The 6.15.0 security release introduced some unexpected breakages on the 6.x release line. This is a special release to fix a regression in the HTTP binary upgrade response body and add a missing CLI flag to adjust the max header size of the http parser. Notable changes: * cli: - add --max-http-header-size flag (cjihrig) https://github.com/nodejs/node/pull/24811 * http: - add maxHeaderSize property (cjihrig) https://github.com/nodejs/node/pull/24860 PR-URL: https://github.com/nodejs/node/pull/25178	2018-12-26 11:22:24 -05:00
Beth Griggs	74a1dfb56e	2018-12-18, Version 11.5.0 (Current) Notable changes: * tls: * support "BEGIN TRUSTED CERTIFICATE" for ca: (Sam Roberts) [#24733](https://github.com/nodejs/node/pull/24733) * util: * add inspection getter option (Ruben Bridgewater) [#24852](https://github.com/nodejs/node/pull/24852) PR-URL: https://github.com/nodejs/node/pull/25102	2018-12-18 18:36:17 +00:00
Beth Griggs	1cbd377078	2018-12-18, Version 8.14.1 'Carbon' (LTS) Notable changes: * assert: - revert breaking change (Ruben Bridgewater) [#24786](https://github.com/nodejs/node/pull/24786) * http2: - fix sequence of error/close events (Gerhard Stoebich) [#24789](https://github.com/nodejs/node/pull/24789) PR-URL: https://github.com/nodejs/node/pull/24832	2018-12-18 11:29:17 -05:00
Shelley Vohr	6c6c5630a7	2018-12-11, Version 10.14.2 'Dubnium' (LTS) Notable changes: * deps: * upgrade to c-ares v1.15.0 (Ben Noordhuis) https://github.com/nodejs/node/pull/23854 * Windows: * A crashing process will now show the names of stack frames if the node.pdb file is available. (Refael Ackermann) https://github.com/nodejs/node/pull/23822 * Added new collaborators: * Peter Marshall. https://github.com/nodejs/node/pull/24170 * Masashi Hirano. https://github.com/nodejs/node/pull/24136 PR-URL: https://github.com/nodejs/node/pull/24727	2018-12-11 15:38:17 -05:00
Ruben Bridgewater	bcef949c93	2018-12-07, Version 11.4.0 (Current) Notable Changes: * console,util: * `console` functions now handle symbols as defined in the spec. https://github.com/nodejs/node/pull/23708 * The inspection `depth` default is now back at 2. https://github.com/nodejs/node/pull/24326 * dgram,net: * Added ipv6Only option for `net` and `dgram`. https://github.com/nodejs/node/pull/23798 * http: * Chosing between the http parser is now possible per runtime flag. https://github.com/nodejs/node/pull/24739 * readline: * The `readline` module now supports async iterators. https://github.com/nodejs/node/pull/23916 * repl: * The multiline history feature is removed. https://github.com/nodejs/node/pull/24804 * tls: * Added min/max protocol version options. https://github.com/nodejs/node/pull/24405 * The X.509 public key info now includes the RSA bit size and the elliptic curve. https://github.com/nodejs/node/pull/24358 * url: * `pathToFileURL()` now supports LF, CR and TAB. https://github.com/nodejs/node/pull/23720 * Windows: * Tools are not installed using Boxstarter anymore. https://github.com/nodejs/node/pull/24677 * The install-tools scripts or now included in the dist. https://github.com/nodejs/node/pull/24233 * Added new collaborator: * [antsmartian](https://github.com/antsmartian) - Anto Aravinth. https://github.com/nodejs/node/pull/24655 PR-URL: https://github.com/nodejs/node/pull/24854	2018-12-07 18:50:20 +01:00
Rod Vagg	dbdc9081fa	2018-12-03, Version 6.15.1 'Boron' (LTS) Notable Changes: This is a patch release to address a bad backport of the fix for "Slowloris HTTP Denial of Service" (CVE-2018-12122). Node.js 6.15.0 misapplies the headers timeout to an entire keep-alive HTTP session, resulting in prematurely disconnected sockets. PR-URL: https://github.com/nodejs/node/pull/24803 Refs: https://github.com/nodejs/node/pull/24796 Refs: https://github.com/nodejs/node/issues/24760 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com>	2018-12-04 01:06:32 +11:00
Myles Borins	9efcfd313a	2018-11-29, Version 10.14.1 'Dubnium' (LTS) Notable Changes: * win/msi: Revert changes to installer causing issues on Windows systems. PR-URL: https://github.com/nodejs/node/pull/24711	2018-11-29 11:43:35 -05:00
Rod Vagg	cc399cf5b2	2018-11-27, Version 11.3.0 (Current) This is a security release. All Node.js users should consult the security release summary at: https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/ for details on patched vulnerabilities. Fixes for the following CVEs are included in this release: * Node.js: Denial of Service with large HTTP headers (CVE-2018-12121) * Node.js: Slowloris HTTP Denial of Service (CVE-2018-12122 / Node.js) * Node.js: Hostname spoofing in URL parser for javascript protocol (CVE-2018-12123) * OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734) * OpenSSL: Timing vulnerability in ECDSA signature generation (CVE-2019-0735) Notable Changes: * deps: Upgrade to OpenSSL 1.1.0j, fixing CVE-2018-0734 and CVE-2019-0735 * http: * Headers received by HTTP servers must not exceed 8192 bytes in total to prevent possible Denial of Service attacks. Reported by Trevor Norris. (CVE-2018-12121 / Matteo Collina) * A timeout of 40 seconds now applies to servers receiving HTTP headers. This value can be adjusted with `server.headersTimeout`. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with `server.setTimeout()`, this aids in protecting against excessive resource retention and possible Denial of Service. Reported by Jan Maybach (liebdich.com). * url: Fix a bug that would allow a hostname being spoofed when parsing URLs with `url.parse()` with the `'javascript:'` protocol. Reported by Martin Bajanik (kenticocloud.com). (CVE-2018-12123 / Matteo Collina) PR-URL: https://github.com/nodejs-private/node-private/pull/156/	2018-11-28 11:36:34 +11:00

1 2 3 4 5 ...

251 Commits