0
0
mirror of https://github.com/nodejs/node.git synced 2024-12-01 16:10:02 +01:00
Commit Graph

216 Commits

Author SHA1 Message Date
Evan Lucas
89e121d4a7 2017-07-11, Version 7.10.1 (Current)
This is a security release. All Node.js users should consult the
security release summary at
https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/
for details on patched vulnerabilities.

* **build**:
  - Disable V8 snapshots - The hashseed embedded in the snapshot is
    currently the same for all runs of the binary. This opens node up to
collision attacks which could result in a Denial of Service. We have
temporarily disabled snapshots until a more robust solution is found
(Ali Ijaz Sheikh)
* **deps**:
  - CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(),
    which is used for parsing NAPTR responses, could be triggered to
read memory outside of the given input buffer if the passed in DNS
response packet was crafted in a particular way. This patch checks that
there is enough data for the required elements of an NAPTR record (2
int16, 3 bytes for string lengths) before processing a record. (David
Drysdale)

PR-URL: https://github.com/nodejs/node-private/pull/92
2017-07-11 11:56:23 -05:00
Myles Borins
6218939cdd
2017-07-11, Version 6.11.1 'Boron' (LTS)
This is a security release. All Node.js users should consult the
security release summary at:

https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/

for details on patched vulnerabilities.

Notable Changes:

* build:
  - Disable V8 snapshots - The hashseed embedded in the snapshot is
    currently the same for all runs of the binary. This opens node
    up to collision attacks which could result in a Denial of Service.
    We have temporarily disabled snapshots until a more robust solution
    is found (Ali Ijaz Sheikh)
* deps:
  - CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(),
    which is used for parsing NAPTR responses, could be triggered to
    read memory outside of the given input buffer if the passed in DNS
    response packet was crafted in a particular way. This patch checks
    that there is enough data for the required elements of an NAPTR
    record (2 int16, 3 bytes for string lengths) before processing a
    record. (David Drysdale)

PR-URL: https://github.com/nodejs/node-private/pull/89
2017-07-11 17:50:09 +01:00
Myles Borins
0130cf55bb
2017-07-11, Version 4.8.4 'Argon' (Maintenance)
This is a security release. All Node.js users should consult the
security release summary at:

https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/

for details on patched vulnerabilities.

Notable Changes:

* build:
  - Disable V8 snapshots - The hashseed embedded in the snapshot is
    currently the same for all runs of the binary. This opens node
    up to collision attacks which could result in a Denial of Service.
    We have temporarily disabled snapshots until a more robust solution
    is found (Ali Ijaz Sheikh)
* deps:
  - CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(),
    which is used for parsing NAPTR responses, could be triggered to
    read memory outside of the given input buffer if the passed in DNS
    response packet was crafted in a particular way. This patch checks
    that there is enough data for the required elements of an NAPTR
    record (2 int16, 3 bytes for string lengths) before processing a
    record. (David Drysdale)

PR-URL: https://github.com/nodejs/node-private/pull/90
2017-07-11 17:49:34 +01:00
Rod Vagg
53b8c51e7c 2017-06-29, Version 8.1.3 (Current)
Notable changes

* **Stream**
  Two regressions with the `stream` module have been fixed:
  * The `finish` event will now always be emitted after the `error` event
    if one is emitted:
    [[`0a9e96e86c`](https://github.com/nodejs/node/commit/0a9e96e86c)]
    [#13850](https://github.com/nodejs/node/pull/13850)
  * In object mode, readable streams can now use `undefined` again.
    [[`5840138e70`](https://github.com/nodejs/node/commit/5840138e70)]
    [#13760](https://github.com/nodejs/node/pull/13760)
2017-06-29 17:02:43 +10:00
Teddy Katz
9f9e3c0653
doc: fix typo in changelog
PR-URL: https://github.com/nodejs/node/pull/13713
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Alexey Orlenko <eaglexrlnk@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
2017-06-16 00:07:59 -07:00
Rod Vagg
c7323af131 2017-06-15, Version 8.1.2 (Current)
Release to fix broken `process.release` properties
Ref: https://github.com/nodejs/node/issues/13667
2017-06-15 22:43:54 +10:00
Anna Henningsen
9dc3f936c7 2017-06-13, Version 8.1.1 (Current)
* **Child processes**
  * `stdout` and `stderr` are now available on the error output of a
    failed call to the `util.promisify()`ed version of
    `child_process.exec`.
    [[`d66d4fc94c`](https://github.com/nodejs/node/commit/d66d4fc94c)]
    [#13388](https://github.com/nodejs/node/pull/13388)

* **HTTP**
  * A regression that broke certain scenarios in which HTTP is used together
    with the `cluster` module has been fixed.
    [[`fff8a56d6f`](https://github.com/nodejs/node/commit/fff8a56d6f)]
    [#13578](https://github.com/nodejs/node/pull/13578)

* **HTTPS**
  * The `rejectUnauthorized` option now works properly for unix sockets.
    [[`c4cbd99d37`](https://github.com/nodejs/node/commit/c4cbd99d37)]
    [#13505](https://github.com/nodejs/node/pull/13505)

* **Readline**
  * A change that broke `npm init` and other code which uses `readline`
    multiple times on the same input stream is reverted.
    [[`0df6c0b5f0`](https://github.com/nodejs/node/commit/0df6c0b5f0)]
    [#13560](https://github.com/nodejs/node/pull/13560)

PR-URL: https://github.com/nodejs/node/pull/13598
2017-06-13 15:32:26 -07:00
James M Snell
d7f6919228 2017-05-07, Version 8.1.0 (Current)
* **Async Hooks**
  * When one `Promise` leads to the creation of a new `Promise`, the parent
    `Promise` will be identified as the trigger
    [[`135f4e6643`](https://github.com/nodejs/node/commit/135f4e6643)]
    [#13367](https://github.com/nodejs/node/pull/13367).
* **Dependencies**
  * libuv has been updated to 1.12.0
    [[`968596ec77`](https://github.com/nodejs/node/commit/968596ec77)]
    [#13306](https://github.com/nodejs/node/pull/13306).
  * npm has been updated to 5.0.3
    [[`ffa7debd7a`](https://github.com/nodejs/node/commit/ffa7debd7a)]
    [#13487](https://github.com/nodejs/node/pull/13487).
* **File system**
  * The `fs.exists()` function now works correctly with `util.promisify()`
    [[`6e0eccd7a1`](https://github.com/nodejs/node/commit/6e0eccd7a1)]
    [#13316](https://github.com/nodejs/node/pull/13316).
  * fs.Stats times are now also available as numbers
    [[`c756efb25a`](https://github.com/nodejs/node/commit/c756efb25a)]
    [#13173](https://github.com/nodejs/node/pull/13173).
* **Inspector**
  * It is now possible to bind to a random port using `--inspect=0`
    [[`cc6ec2fb27`](https://github.com/nodejs/node/commit/cc6ec2fb27)]
    [#5025](https://github.com/nodejs/node/pull/5025).
* **Zlib**
  * A regression in the Zlib module that made it impossible to properly
    subclasses `zlib.Deflate` and other Zlib classes has been fixed.
    [[`6aeb555cc4`](https://github.com/nodejs/node/commit/6aeb555cc4)]
    [#13374](https://github.com/nodejs/node/pull/13374).
2017-06-08 20:54:01 +10:00
Myles Borins
4c5cbb7c83
2017-06-06, Version 6.11.0 'Boron' (LTS)
This LTS release comes with 126 commits. This includes 40 which
are test related, 32 which are doc related, 12 which are
build / tool related and 4 commits which are updates to
dependencies.

Notable Changes:

* build:
  - support for building mips64el (nanxiongchao)
    https://github.com/nodejs/node/pull/10991
* cluster:
  - disconnect() now returns a reference to the disconnected
    worker. (Sean Villars)
    https://github.com/nodejs/node/pull/10019
* crypto:
  - ability to select cert store at runtime (Adam Majer)
    https://github.com/nodejs/node/pull/8334
  - Use system CAs instead of using bundled ones (Adam Majer)
    https://github.com/nodejs/node/pull/8334
  - The `Decipher` methods `setAuthTag()` and `setAAD` now return
    `this`. (Kirill Fomichev)
    https://github.com/nodejs/node/pull/9398
  - adding support for OPENSSL_CONF again (Sam Roberts)
    https://github.com/nodejs/node/pull/11006
  - make LazyTransform compabile with Streams1 (Matteo Collina)
    https://github.com/nodejs/node/pull/12380
* deps:
  - upgrade libuv to 1.11.0 (cjihrig)
    https://github.com/nodejs/node/pull/11094
  - upgrade libuv to 1.10.2 (cjihrig)
    https://github.com/nodejs/node/pull/10717
  - upgrade libuv to 1.10.1 (cjihrig)
    https://github.com/nodejs/node/pull/9647
  - upgrade libuv to 1.10.0 (cjihrig)
    https://github.com/nodejs/node/pull/9267
* dns:
  - Implemented `{ttl: true}` for `resolve4()` and `resolve6()`
    (Ben Noordhuis)
    https://github.com/nodejs/node/pull/9296
* process:
  - add NODE_NO_WARNINGS environment variable (cjihrig)
    https://github.com/nodejs/node/pull/10842
* readline:
  - add option to stop duplicates in history (Danny Nemer)
    https://github.com/nodejs/node/pull/2982
* src:
  - support "--" after "-e" as end-of-options (John Barboza)
    https://github.com/nodejs/node/pull/10651
* tls:
  - new tls.TLSSocket() supports sec ctx options (Sam Roberts)
    https://github.com/nodejs/node/pull/11005
  - Allow obvious key/passphrase combinations. (Sam Roberts)
    https://github.com/nodejs/node/pull/10294

PR-URL: https://github.com/nodejs/node/pull/13059
2017-06-06 16:30:15 -04:00
James M Snell
43e4efdf21 2017-05-30, Version 8.0.0 (Current)
* **Async Hooks**
  * The `async_hooks` module has landed in core
    [[`4a7233c178`](https://github.com/nodejs/node/commit/4a7233c178)]
    [#12892](https://github.com/nodejs/node/pull/12892).

* **Buffer**
  * Using the `--pending-deprecation` flag will cause Node.js to emit a
    deprecation warning when using `new Buffer(num)` or `Buffer(num)`.
    [[`d2d32ea5a2`](https://github.com/nodejs/node/commit/d2d32ea5a2)]
    [#11968](https://github.com/nodejs/node/pull/11968).
  * `new Buffer(num)` and `Buffer(num)` will zero-fill new `Buffer` instances
    [[`7eb1b4658e`](https://github.com/nodejs/node/commit/7eb1b4658e)]
    [#12141](https://github.com/nodejs/node/pull/12141).
  * Many `Buffer` methods now accept `Uint8Array` as input
    [[`beca3244e2`](https://github.com/nodejs/node/commit/beca3244e2)]
    [#10236](https://github.com/nodejs/node/pull/10236).

* **Child Process**
  * Argument and kill signal validations have been improved
    [[`97a77288ce`](https://github.com/nodejs/node/commit/97a77288ce)]
    [#12348](https://github.com/nodejs/node/pull/12348),
    [[`d75fdd96aa`](https://github.com/nodejs/node/commit/d75fdd96aa)]
    [#10423](https://github.com/nodejs/node/pull/10423).
  * Child Process methods accept `Uint8Array` as input
    [[`627ecee9ed`](https://github.com/nodejs/node/commit/627ecee9ed)]
    [#10653](https://github.com/nodejs/node/pull/10653).

* **Console**
  * Error events emitted when using `console` methods are now supressed.
    [[`f18e08d820`](https://github.com/nodejs/node/commit/f18e08d820)]
    [#9744](https://github.com/nodejs/node/pull/9744).

* **Dependencies**
  * The npm client has been updated to 5.0.0
    [[`3c3b36af0f`](https://github.com/nodejs/node/commit/3c3b36af0f)]
    [#12936](https://github.com/nodejs/node/pull/12936).
  * V8 has been updated to 5.8 with forward ABI stability to 6.0
    [[`60d1aac8d2`](https://github.com/nodejs/node/commit/60d1aac8d2)]
    [#12784](https://github.com/nodejs/node/pull/12784).

* **Domains**
  * Native `Promise` instances are now `Domain` aware
    [[`84dabe8373`](https://github.com/nodejs/node/commit/84dabe8373)]
    [#12489](https://github.com/nodejs/node/pull/12489).

* **Errors**
  * We have started assigning static error codes to errors generated by Node.js.
    This has been done through multiple commits and is still a work in
    progress.

* **File System**
  * The utility class `fs.SyncWriteStream` has been deprecated
    [[`7a55e34ef4`](https://github.com/nodejs/node/commit/7a55e34ef4)]
    [#10467](https://github.com/nodejs/node/pull/10467).
  * The deprecated `fs.read()` string interface has been removed
    [[`3c2a9361ff`](https://github.com/nodejs/node/commit/3c2a9361ff)]
    [#9683](https://github.com/nodejs/node/pull/9683).

* **HTTP**
  * Improved support for userland implemented Agents
    [[`90403dd1d0`](https://github.com/nodejs/node/commit/90403dd1d0)]
    [#11567](https://github.com/nodejs/node/pull/11567).
  * Outgoing Cookie headers are concatenated into a single string
    [[`d3480776c7`](https://github.com/nodejs/node/commit/d3480776c7)]
    [#11259](https://github.com/nodejs/node/pull/11259).
  * The `httpResponse.writeHeader()` method has been deprecated
    [[`fb71ba4921`](https://github.com/nodejs/node/commit/fb71ba4921)]
    [#11355](https://github.com/nodejs/node/pull/11355).
  * New methods for accessing HTTP headers have been added to `OutgoingMessage`
    [[`3e6f1032a4`](https://github.com/nodejs/node/commit/3e6f1032a4)]
    [#10805](https://github.com/nodejs/node/pull/10805).

* **Lib**
  * All deprecation messages have been assigned static identifiers
    [[`5de3cf099c`](https://github.com/nodejs/node/commit/5de3cf099c)]
    [#10116](https://github.com/nodejs/node/pull/10116).
  * The legacy `linkedlist` module has been removed
    [[`84a23391f6`](https://github.com/nodejs/node/commit/84a23391f6)]
    [#12113](https://github.com/nodejs/node/pull/12113).

* **N-API**
  * Experimental support for the new N-API API has been added
    [[`56e881d0b0`](https://github.com/nodejs/node/commit/56e881d0b0)]
    [#11975](https://github.com/nodejs/node/pull/11975).

* **Process**
  * Process warning output can be redirected to a file using the
    `--redirect-warnings` command-line argument
    [[`03e89b3ff2`](https://github.com/nodejs/node/commit/03e89b3ff2)]
    [#10116](https://github.com/nodejs/node/pull/10116).
  * Process warnings may now include additional detail
    [[`dd20e68b0f`](https://github.com/nodejs/node/commit/dd20e68b0f)]
    [#12725](https://github.com/nodejs/node/pull/12725).

* **REPL**
  * REPL magic mode has been deprecated
    [[`3f27f02da0`](https://github.com/nodejs/node/commit/3f27f02da0)]
    [#11599](https://github.com/nodejs/node/pull/11599).

* **Src**
  * `NODE_MODULE_VERSION` has been updated to 57
    (https://github.com/nodejs/node/commit/ec7cbaf266)]
    [#12995](https://github.com/nodejs/node/pull/12995).
  * Add `--pending-deprecation` command-line argument and
    `NODE_PENDING_DEPRECATION` environment variable
    [[`a16b570f8c`](https://github.com/nodejs/node/commit/a16b570f8c)]
    [#11968](https://github.com/nodejs/node/pull/11968).
  * The `--debug` command-line argument has been deprecated. Note that
    using `--debug` will enable the *new* Inspector-based debug protocol
    as the legacy Debugger protocol previously used by Node.js has been
    removed. [[`010f864426`](https://github.com/nodejs/node/commit/010f864426)]
    [#12949](https://github.com/nodejs/node/pull/12949).
  * Throw when the `-c` and `-e` command-line arguments are used at the same
    time [[`a5f91ab230`](https://github.com/nodejs/node/commit/a5f91ab230)]
    [#11689](https://github.com/nodejs/node/pull/11689).
  * Throw when the `--use-bundled-ca` and `--use-openssl-ca` command-line
    arguments are used at the same time.
    [[`8a7db9d4b5`](https://github.com/nodejs/node/commit/8a7db9d4b5)]
    [#12087](https://github.com/nodejs/node/pull/12087).

* **Stream**
  * `Stream` now supports `destroy()` and `_destroy()` APIs
    [[`b6e1d22fa6`](https://github.com/nodejs/node/commit/b6e1d22fa6)]
    [#12925](https://github.com/nodejs/node/pull/12925).
  * `Stream` now supports the `_final()` API
    [[`07c7f198db`](https://github.com/nodejs/node/commit/07c7f198db)]
    [#12828](https://github.com/nodejs/node/pull/12828).

* **TLS**
  * The `rejectUnauthorized` option now defaults to `true`
    [[`348cc80a3c`](https://github.com/nodejs/node/commit/348cc80a3c)]
    [#5923](https://github.com/nodejs/node/pull/5923).
  * The `tls.createSecurePair()` API now emits a runtime deprecation
    [[`a2ae08999b`](https://github.com/nodejs/node/commit/a2ae08999b)]
    [#11349](https://github.com/nodejs/node/pull/11349).
  * A runtime deprecation will now be emitted when `dhparam` is less than
    2048 bits [[`d523eb9c40`](https://github.com/nodejs/node/commit/d523eb9c40)]
    [#11447](https://github.com/nodejs/node/pull/11447).

* **URL**
  * The WHATWG URL implementation is now a fully-supported Node.js API
    [[`d080ead0f9`](https://github.com/nodejs/node/commit/d080ead0f9)]
    [#12710](https://github.com/nodejs/node/pull/12710).

* **Util**
  * `Symbol` keys are now displayed by default when using `util.inspect()`
    [[`5bfd13b81e`](https://github.com/nodejs/node/commit/5bfd13b81e)]
    [#9726](https://github.com/nodejs/node/pull/9726).
  * `toJSON` errors will be thrown when formatting `%j`
    [[`455e6f1dd8`](https://github.com/nodejs/node/commit/455e6f1dd8)]
    [#11708](https://github.com/nodejs/node/pull/11708).
  * Convert `inspect.styles` and `inspect.colors` to prototype-less objects
    [[`aab0d202f8`](https://github.com/nodejs/node/commit/aab0d202f8)]
    [#11624](https://github.com/nodejs/node/pull/11624).
  * The new `util.promisify()` API has been added
    [[`99da8e8e02`](https://github.com/nodejs/node/commit/99da8e8e02)]
    [#12442](https://github.com/nodejs/node/pull/12442).

* **Zlib**
  * Support `Uint8Array` in Zlib convenience methods
    [[`91383e47fd`](https://github.com/nodejs/node/commit/91383e47fd)]
    [#12001](https://github.com/nodejs/node/pull/12001).
  * Zlib errors now use `RangeError` and `TypeError` consistently
    [[`b514bd231e`](https://github.com/nodejs/node/commit/b514bd231e)]
    [#11391](https://github.com/nodejs/node/pull/11391).
2017-05-30 10:58:31 -07:00
Evan Lucas
871fb5a779 2017-05-02, Version 7.10.0 (Current)
Notable changes:

* **crypto**:
  - add randomFill and randomFillSync (Evan Lucas)
    https://github.com/nodejs/node/pull/10209
* **meta**: Added new collaborators
  - add lucamaraschi to collaborators (Luca Maraschi)
    https://github.com/nodejs/node/pull/12538
  - add DavidCai1993 to collaborators (David Cai)
    https://github.com/nodejs/node/pull/12435
  - add jkrems to collaborators (Jan Krems)
    https://github.com/nodejs/node/pull/12427
  - add AnnaMag to collaborators (AnnaMag)
    https://github.com/nodejs/node/pull/12414
* **process**:
  - fix crash when Promise rejection is a Symbol (Cameron Little)
    https://github.com/nodejs/node/pull/11640
* **url**:
  - make WHATWG URL more spec compliant (Timothy Gu)
    https://github.com/nodejs/node/pull/12507
* **v8**:
  - fix stack overflow in recursive method (Ben Noordhuis)
    https://github.com/nodejs/node/pull/12460
  - fix build errors with g++ 7 (Ben Noordhuis)
    https://github.com/nodejs/node/pull/12392

PR-URL: https://github.com/nodejs/node/pull/12775
2017-05-03 07:58:11 -05:00
Myles Borins
20e27dd849
2017-05-02, Version 6.10.3 'Boron' (LTS)
Notable Changes:

* module:
  - The module loading global fallback to the Node executable's
    directory now works correctly on Windows.
    (Richard Lau) https://github.com/nodejs/node/pull/9283
* src:
  - fix base64 decoding in rare edgecase
    (Nikolai Vavilov) https://github.com/nodejs/node/pull/11995
* tls:
  - fix rare segmentation faults when using TLS
   * (Trevor Norris) https://github.com/nodejs/node/pull/11947
   * (Ben Noordhuis) https://github.com/nodejs/node/pull/11898
   * (jBarz) https://github.com/nodejs/node/pull/11776

PR-URL: https://github.com/nodejs/node/pull/12497
2017-05-02 20:04:35 +02:00
Myles Borins
9802d466cc
2017-05-02, Version 4.8.3 'Argon' (Maintenance)
Notable Changes:

* module:
  - The module loading global fallback to the Node executable's
    directory now works correctly on Windows.
    (Richard Lau) https://github.com/nodejs/node/pull/9283
* src:
  - fix base64 decoding in rare edgecase
    (Nikolai Vavilov) https://github.com/nodejs/node/pull/11995
* tls:
  - fix rare segmentation faults when using TLS
   * (Trevor Norris) https://github.com/nodejs/node/pull/11947
   * (Ben Noordhuis) https://github.com/nodejs/node/pull/11898
   * (jBarz) https://github.com/nodejs/node/pull/11776

PR-URL: https://github.com/nodejs/node/pull/12499
2017-05-02 19:54:13 +02:00
Gautam krishna.R
b837bd2792 doc: fix typo in CHANGELOG.md
PR-URL: https://github.com/nodejs/node/pull/12434
Fixes: https://github.com/nodejs/node/issues/12430
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: Timothy Gu <timothygu99@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
2017-04-16 10:47:47 -07:00
Italo A. Casas
b8f416023d
2017-04-11, Version 7.9.0 (Current)
Notable changes:

* util: console is now closer to what is supported in all major browsers
(Roman Reiss) [#10308](https://github.com/nodejs/node/pull/10308)

PR-URL: https://github.com/nodejs/node/pull/12319
2017-04-11 13:39:32 -04:00
Myles Borins
f7a31180ad
2017-04-04, Version 4.8.2 'Argon' (Maintenance)
This is a maintenance release to fix a memory leak that was
introduced in 4.8.1.

It also includes an upgrade to zlib 1.2.11 to fix a number of low
severity CVEs that were present in zlib 1.2.8.

http://seclists.org/oss-sec/2016/q4/602

Notable changes:

* crypto:
  - fix memory leak if certificate is revoked (Tom Atkinson)
    https://github.com/nodejs/node/pull/12089
* deps:
  - upgrade zlib to 1.2.11 (Sam Roberts)
    https://github.com/nodejs/node/pull/10980
2017-04-04 14:40:28 +02:00
Myles Borins
28f8b17ffb
2017-04-04, Version 6.10.2 'Boron' (LTS)
This is a special LTS to fix a number of regressions that were found
on the 6.10.x release line.

This includes:

 * a fix for memory leak in the crypto module that
   was introduced in 6.10.1
 * a fix for a regression introduced to the windows repl in 6.10.0
 * a backported fix for V8 to stop a segfault that could occur
   when using spread syntax

It also includes an upgrade to zlib 1.2.11 to fix a numberof low
severity CVEs that were present in zlib 1.2.8.

http://seclists.org/oss-sec/2016/q4/602

Notable changes

* crypto:
  - fix memory leak if certificate is revoked (Tom Atkinson)
    https://github.com/nodejs/node/pull/12089
* deps:
  - upgrade zlib to 1.2.11 (Sam Roberts)
    https://github.com/nodejs/node/pull/10980
  - backport V8 fixes for spread syntax regression causing segfaults
    (Michaël Zasso) https://github.com/nodejs/node/pull/12037
* repl:
  - Revert commit that broke REPL display on Windows (Myles Borins)
    https://github.com/nodejs/node/pull/12123
2017-04-04 14:23:35 +02:00
Myles Borins
9b2dd47704 2017-03-28, Version 7.8.0 (Current)
Notable changes:

* buffer:
  - do not segfault on out-of-range index (Timothy Gu)
    https://github.com/nodejs/node/pull/11927
* crypto:
  - Fix memory leak if certificate is revoked (Tom Atkinson)
    https://github.com/nodejs/node/pull/12089
* deps:
  * upgrade npm to 4.2.0 (Kat Marchán)
    https://github.com/nodejs/node/pull/11389
  * fix async await desugaring in V8 (Michaël Zasso)
    https://github.com/nodejs/node/pull/12004
* readline:
  - add option to stop duplicates in history (Danny Nemer)
    https://github.com/nodejs/node/pull/2982
* src:
  - add native URL class (James M Snell)
    https://github.com/nodejs/node/pull/11801

PR-URL: https://github.com/nodejs/node/pull/12104
2017-03-28 23:05:21 -04:00
cjihrig
7e6e7d34f3 2017-03-21, Version 7.7.4 (Current)
Notable changes:

* deps: Add node-inspect 1.10.6 (Jan Krems) https://github.com/nodejs/node/pull/11869
* inspector: proper WS URLs when bound to 0.0.0.0 (Eugene Ostroukhov) https://github.com/nodejs/node/pull/11850
* tls: fix segfault on destroy after partial read. (Ben Noordhuis) https://github.com/nodejs/node/pull/11898

PR-URL: https://github.com/nodejs/node/pull/11941
2017-03-21 17:44:18 -04:00
Myles Borins
2569c909ba
2017-03-21, Version 6.10.1 'Boron' (LTS)
Notable changes

* performance: The performance of several APIs has been improved.
  - `Buffer.compare()` is up to 35% faster on average. (Brian White)
    https://github.com/nodejs/node/pull/10927
  - `buffer.toJSON()` is up to 2859% faster on average. (Brian White)
    https://github.com/nodejs/node/pull/10895
  - `fs.*statSync()` functions are now up to 9.3% faster on average.
    (Brian White) https://github.com/nodejs/node/pull/11522
  - `os.loadavg` is up to 151% faster. (Brian White)
    https://github.com/nodejs/node/pull/11516
  - `process.memoryUsage()` is up to 34% faster. (Brian White)
    https://github.com/nodejs/node/pull/11497
  - `querystring.unescape()` for `Buffer`s is 15% faster on average.
    (Brian White) https://github.com/nodejs/node/pull/10837
  - `querystring.stringify()` is up to 7.8% faster on average.
    (Brian White) https://github.com/nodejs/node/pull/10852
  - `querystring.parse()` is up to 21% faster on average. (Brian White)
    https://github.com/nodejs/node/pull/10874

* IPC:
  - Batched writes have been enabled for process IPC on platforms that
    support Unix Domain Sockets. (Alexey Orlenko)
    https://github.com/nodejs/node/pull/10677
  - Performance gains may be up to 40% for some workloads.

* child_process:
  - `spawnSync` now returns a null `status` when child is terminated by
    a signal. (cjihrig) https://github.com/nodejs/node/pull/11288
  - This fixes the behavior to act like `spawn()` does.

* http:
  - Control characters are now always rejected when using
    `http.request()`. (Ben Noordhuis)
    https://github.com/nodejs/node/pull/8923
  - Debug messages have been added for cases when headers contain
    invalid values. (Evan Lucas)
    https://github.com/nodejs/node/pull/9195

* node:
  - Heap statistics now support values larger than 4GB. (Ben Noordhuis)
    https://github.com/nodejs/node/pull/10186

* timers:
  - Timer callbacks now always maintain order when interacting with
    domain error handling. (John Barboza)
    https://github.com/nodejs/node/pull/10522

PR-URL: https://github.com/nodejs/node/pull/11759
2017-03-21 14:31:07 -07:00
Myles Borins
7738cf22c2
2017-03-21, Version 4.8.1 'Argon' (LTS)
Notable Changes:

* buffer:
  - The performance of `.toJSON()` is now up to 2859% faster on average
    (Brian White) https://github.com/nodejs/node/pull/10895

* IPC:
  - Batched writes have been enabled for process IPC on platforms that
    support Unix Domain Sockets. (Alexey Orlenko)
    https://github.com/nodejs/node/pull/10677
  - Performance gains may be up to 40% for some workloads.

* http:
  - Control characters are now always rejected when using
    `http.request()`. (Ben Noordhuis)
    https://github.com/nodejs/node/pull/8923

* node:
  - Heap statistics now support values larger than 4GB. (Ben Noordhuis)
    https://github.com/nodejs/node/pull/10186

PR-URL: https://github.com/nodejs/node/pull/11760
2017-03-21 14:20:51 -07:00
Italo A. Casas
bc26c62524
2017-03-14, Version 7.7.3 (Current)
Notable changes:

* module: The [module loading global fallback]
(https://nodejs.org/dist/latest-v6.x/docs/api/modules.html#modules_loading_from_the_global_folders)
to the Node executable's directory now works correctly on Windows.
(Richard Lau) [#9283](https://github.com/nodejs/node/pull/9283)

* net: `Socket.prototype.connect` now once again functions without
a callback. (Juwan Yoo) [#11762](https://github.com/nodejs/node/pull/11762)

* url: `URL.prototype.origin` now properly specified an opaque return of
`'null'` for `file://` URLs. (Brian White)
[#11691](https://github.com/nodejs/node/pull/11691)

PR-URL: https://github.com/nodejs/node/pull/11831
2017-03-14 18:39:08 -04:00
Evan Lucas
b394cf35c5 2017-03-08, Version 7.7.2 (Current)
Notable changes:

* doc: add `Daijiro Wachi` to collaborators (Daijiro Wachi) https://github.com/nodejs/node/pull/11676
* tty: add ref() so process.stdin.ref() etc. work (Ben Schmidt) https://github.com/nodejs/node/pull/7360
* util: fix inspecting symbol key in string (Ali BARIN) https://github.com/nodejs/node/pull/11672

PR-URL: https://github.com/nodejs/node/pull/11745
2017-03-08 16:03:18 -06:00
Italo A. Casas
77249adf84
2017-03-01, Version 7.7.1 (Current)
Notable changes:

Node.js 7.7.0 contains a bug that will prevent all native modules
from building, this patch should fix the issue. Apologies to
everyone who was affected by 7.7.0.

PR-URL: https://github.com/nodejs/node/pull/11638
2017-03-01 19:51:47 -05:00
Italo A. Casas
abc13e56b6
2017-02-28, Version 7.7.0 (Current)
Notables changes:

* child_process: spawnSync() exit code now is null when the child is killed via signal (cjihrig)
[#11288](https://github.com/nodejs/node/pull/11288)
* http: new functions to access the headers for an outgoing HTTP message (Brian White)
[#11562](https://github.com/nodejs/node/pull/11562)
* lib: deprecate node --debug at runtime (Josh Gavant)
[#11275](https://github.com/nodejs/node/pull/11275)
* tls: new tls.TLSSocket() supports sec ctx options (Sam Roberts)
[#11005](https://github.com/nodejs/node/pull/11005)
* url: adding URL.prototype.toJSON support (Michaël Zasso)
[#11236](https://github.com/nodejs/node/pull/11236)
* doc: items in the API documentation may now have changelogs (Anna Henningsen)
[#11489](https://github.com/nodejs/node/pull/11489)
* crypto: adding support for OPENSSL_CONF again (Sam Roberts)
[#11006](https://github.com/nodejs/node/pull/11006)
* src: adding support for trace-event tracing (misterpoe)
[#11106](https://github.com/nodejs/node/pull/11106)

PR-URL: https://github.com/nodejs/node/pull/11553
2017-02-28 21:58:21 -05:00
Italo A. Casas
2b5d83d4df
2017-02-21, Version 7.6.0 (Current)
Notable changes:

* deps:
    * update V8 to 5.5 (Michaël Zasso) [#11029](https://github.com/nodejs/node/pull/11029)
    * upgrade libuv to 1.11.0 (cjihrig) [#11094](https://github.com/nodejs/node/pull/11094)
    * add node-inspect 1.10.4 (Jan Krems) [#10187](https://github.com/nodejs/node/pull/10187)
    * upgrade zlib to 1.2.11 (Sam Roberts) [#10980](https://github.com/nodejs/node/pull/10980)
* lib: build `node inspect` into `node` (Anna Henningsen) [#10187](https://github.com/nodejs/node/pull/10187)
* crypto: Remove expired certs from CNNIC whitelist (Shigeki Ohtsu) [#9469](https://github.com/nodejs/node/pull/9469)
* inspector: add --inspect-brk (Josh Gavant) [#11149](https://github.com/nodejs/node/pull/11149)
* fs: allow WHATWG URL objects as paths (James M Snell) [#10739](https://github.com/nodejs/node/pull/10739)
* src: support UTF-8 in compiled-in JS source files (Ben Noordhuis) [#11129](https://github.com/nodejs/node/pull/11129)
* url: extend url.format to support WHATWG URL (James M Snell) [#10857](https://github.com/nodejs/node/pull/10857)

PR-URL: https://github.com/nodejs/node/pull/11185
2017-02-21 21:38:53 -05:00
Myles Borins
aecb0859e5
2017-02-21, Version 6.10.0 'Boron' (LTS)
Notable Changes:

The SEMVER-MINOR changes include:

*  crypto: allow adding extra certs to well-known CAs (Sam Roberts)
   https://github.com/nodejs/node/pull/9139
*  deps: Upgrade INTL ICU to version 58 (Steven R. Loomis)
   https://github.com/nodejs/node/pull/9234
*  process: add `process.memoryUsage.external` (Fedor Indutny)
   https://github.com/nodejs/node/pull/9587
*  src: add wrapper for process.emitWarning() (Sam Roberts)
   https://github.com/nodejs/node/pull/9139

Notable SEMVER-PATCH changes include:

*  fs: cache non-symlinks in realpathSync. (Jeremy Yallop)
   https://github.com/nodejs/node/pull/10253
*  repl: allow autocompletion for scoped packages (Evan Lucas)
   https://github.com/nodejs/node/pull/10296

PR-URL: https://github.com/nodejs/node/pull/10974
2017-02-21 21:10:39 -05:00
Myles Borins
49c5ff4408
2017-02-21, Version 4.8.0 'Argon' (LTS)
Notable Changes:

* child_process: add shell option to spawn() (cjihrig)
  https://github.com/nodejs/node/pull/4598
* crypto:
  * add ALPN Support (Shigeki Ohtsu)
    https://github.com/nodejs/node/pull/2564
  * allow adding extra certs to well-known CAs (Sam Roberts)
    https://github.com/nodejs/node/pull/9139
* deps:
  * v8: expose statistics about heap spaces (Ben Ripkens)
    https://github.com/nodejs/node/pull/4463
* fs: add the fs.mkdtemp() function. (Florian MARGAINE)
  https://github.com/nodejs/node/pull/5333
* process:
  * add `externalMemory` to `process` (Fedor Indutny)
    https://github.com/nodejs/node/pull/9587
  * add process.cpuUsage() (Patrick Mueller)
    https://github.com/nodejs/node/pull/10796

PR-URL: https://github.com/nodejs/node/pull/10973
2017-02-21 20:45:47 -05:00
Evan Lucas
a1c91eccbb 2017-01-31, Version 7.5.0 (Current)
Notable changes:

* crypto:
  * ability to select cert store at runtime (Adam Majer) #8334
  * Use system CAs instead of using bundled ones (Adam Majer) #8334
* deps:
  * upgrade npm to 4.1.2 (Kat Marchán) #11020
  * upgrade openssl sources to 1.0.2k (Shigeki Ohtsu) #11021
* doc: add basic documentation for WHATWG URL API (James M Snell) #10620
* process: add NODE_NO_WARNINGS environment variable (cjihrig) #10842
* url: allow use of URL with http.request and https.request (James M Snell) #10638

PR-URL: https://github.com/nodejs/node/pull/11062
2017-01-31 20:48:02 -06:00
Myles Borins
54fef6761e
2017-01-31, Version 4.7.3 'Argon' (LTS)
This is a security release of the 'Boron' release line to upgrade
OpenSSL to version 1.0.2k

Although the OpenSSL team have determined a maximum severity rating
of "moderate", the Node.js crypto team (Ben Noordhuis, Shigeki Ohtsu
and Fedor Indutny) have determined the impact to Node users is "low".
Details on this determination can be found on the Nodejs.org website

https://nodejs.org/en/blog/vulnerability/openssl-january-2017/

Notable Changes:

* deps:
  - upgrade openssl sources to 1.0.2k (Shigeki Ohtsu)
		https://github.com/nodejs/node/pull/11021

PR-URL: https://github.com/nodejs/node/pull/11083
2017-01-31 20:00:04 -05:00
Myles Borins
5faaf07063 2017-01-31, Version 6.9.5 'Boron' (LTS)
This is a security release of the 'Boron' release line to upgrade
OpenSSL to version 1.0.2k

Although the OpenSSL team have determined a maximum severity rating
of "moderate", the Node.js crypto team (Ben Noordhuis, Shigeki Ohtsu
and Fedor Indutny) have determined the impact to Node users is "low".
Details on this determination can be found on the Nodejs.org website

https://nodejs.org/en/blog/vulnerability/openssl-january-2017/

Notable Changes:

* deps:
  - upgrade openssl sources to 1.0.2k (Shigeki Ohtsu)
		https://github.com/nodejs/node/pull/11021

PR-URL: https://github.com/nodejs/node/pull/11081
2017-01-31 17:12:54 -05:00
Сковорода Никита Андреевич
f3f2468bdc doc: fix CHANGELOG.md table formatting
* It had some minor errors in td/th html tags.
* Make it clear that v5, v0.10, and v0.12 are EOL and unsupported.

We probably don't want people seeing 'LTS' badge next to those
in the current Node.js repo and think that those are still supported.
Not everyone is aware of the nodejs/LTS repo.

This also includes the dates for v5, v0.10 and v0.12 EOL:
 - 2016-07-01 for v5
 - 2016-11-01 for v0.10
 - 2017-01-01 for v0.12

* Make v5/v0.10/v0.12 not bold in CHANGELOG

Make v5, v0.10, v0.12 not bold in the CHANGELOG.md, as bold is said to
be an indication of the most recent actively supported release futher
on the same page.

PR-URL: https://github.com/nodejs/node/pull/10743
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
2017-01-16 11:28:20 -08:00
Myles Borins
8066215e5d 2017-01-05, Version 6.9.4 'Boron' (LTS)
This is a special release that contains 0 commits. While promoting
additional platforms for v6.9.3 after the release, the tarballs on the
release server were overwritten and now have different shasums. In
order to remove any ambiguity around the release we have opted to do a
semver patch release with no changes.
2017-01-05 18:00:28 -05:00
Myles Borins
d4d3e2f674 2017-01-05, Version 4.7.2 'Argon' (LTS)
This is a special release that contains 0 commits. While promoting
additional platforms for v4.7.1 after the release, the tarballs on the
release server were overwritten and now have different shasums. In
order to remove any ambiguity around the release we have opted to do a
semver patch release with no changes.
2017-01-05 17:58:05 -05:00
Evan Lucas
b8f6c1fff5 2017-01-04, Version 7.4.0 (Current)
Notable changes:

* buffer:
  - Improve performance of Buffer allocation by ~11% (Brian White) https://github.com/nodejs/node/pull/10443
  - Improve performance of Buffer.from() by ~50% (Brian White) https://github.com/nodejs/node/pull/10443
* events: Improve performance of EventEmitter.once() by ~27% (Brian White) https://github.com/nodejs/node/pull/10445
* fs: Allow passing Uint8Array to fs methods where Buffers are supported. (Anna Henningsen) https://github.com/nodejs/node/pull/10382
* http: Improve performance of http server by ~7% (Brian White) https://github.com/nodejs/node/pull/6533
* npm: Upgrade to v4.0.5 (Kat Marchán) https://github.com/nodejs/node/pull/10330

PR-URL: https://github.com/nodejs/node/pull/10589
2017-01-04 12:42:04 -06:00
Myles Borins
b26a469211 2017-01-03, Version 4.7.1 'Argon' (LTS)
This LTS release comes with 180 commits. This includes 117 which are
test related, 34 which are doc related, 15 which are build / tool
related, and 1 commit which is an update to dependencies.

Notable Changes:

* build:
  - shared library support is now working for AIX builds
    (Stewart Addison) https://github.com/nodejs/node/pull/9675
* repl:
  - Passing options to the repl will no longer overwrite defaults
    (cjihrig) https://github.com/nodejs/node/pull/7826
* timers:
  - Re canceling a cancelled timers will no longer throw
    (Jeremiah Senkpiel) https://github.com/nodejs/node/pull/9685

PR-URL: https://github.com/nodejs/node/pull/10395
2017-01-03 19:10:36 -05:00
Myles Borins
2bf1c24f6a 2017-01-03, Version 6.9.3 'Boron' (LTS) Release
This LTS release comes with 312 commits. This includes 229 that are
test related, 62 that are docs related, 17 which are build / tools
related, and 4 commits which are updates to dependencies.

Notable Changes:

* build:
  - shared library support is now working for AIX builds
    (Stewart Addison) https://github.com/nodejs/node/pull/9675
* deps:
    - *npm*: upgrade npm to 3.10.10 (Rebecca Turner)
             https://github.com/nodejs/node/pull/9847
    - *V8*: Destructuring of arrow function arguments via computed
            property no longer throws (Michaël Zasso)
            https://github.com/nodejs/node/pull/10386)
* inspector:
  - /json/version returns object, not an object wrapped in an array
    (Ben Noordhuis) https://github.com/nodejs/node/pull/9762
* module:
  - using --debug-brk and --eval together now works as expected
    (Kelvin Jin) https://github.com/nodejs/node/pull/8876
* process:
  - improve performance of nextTick up to 20% (Evan Lucas)
    https://github.com/nodejs/node/pull/8932
* repl:
    - the division operator will no longer be accidentally parsed as
      regex (Teddy Katz) https://github.com/nodejs/node/pull/10103
    - improved support for generator functions (Teddy Katz)
      https://github.com/nodejs/node/pull/9852
* timers:
  - Re canceling a cancelled timers will no longer throw
    (Jeremiah Senkpiel) https://github.com/nodejs/node/pull/9685

PR-URL: https://github.com/nodejs/node/pull/10394
2017-01-03 18:55:26 -05:00
Rod Vagg
2a5f789141 2016-12-21 Version 0.12.18 (Maintenance) Release
Notable changes:

* npm: upgrade from v2.15.1 to v2.15.11, including accurate updated license (Jeremiah Senkpiel)
* process: `process.versions.ares` now outputs the c-ares version (Johan Bergström)

PR-URL: https://github.com/nodejs/node/pull/10352
2016-12-22 01:50:07 +11:00
cjihrig
ffd01da0f2 2016-12-20, Version 7.3.0 (Current)
Notable changes:

* buffer:
  - buffer.fill() now works properly for the UCS2 encoding on
    Big-Endian machines.
    (Anna Henningsen) https://github.com/nodejs/node/pull/9837
* cluster:
  - disconnect() now returns a reference to the disconnected
    worker. (Sean Villars)
    https://github.com/nodejs/node/pull/10019
* crypto:
  - The built-in list of Well-Known CAs (Certificate Authorities)
    can now be extended via a NODE_EXTRA_CA_CERTS environment
    variable. (Sam Roberts)
    https://github.com/nodejs/node/pull/9139
* http:
  - Remove stale timeout listeners in order to prevent a memory leak
    when using keep alive. (Karl Böhlmark)
    https://github.com/nodejs/node/pull/9440
* tls:
  - Allow obvious key/passphrase combinations. (Sam Roberts)
    https://github.com/nodejs/node/pull/10294
* url:
  - Including base argument in URL.originFor() to meet specification
    compliance. (joyeecheung)
    https://github.com/nodejs/node/pull/10021
  - Improve URLSearchParams to meet specification compliance.
    (Timothy Gu) https://github.com/nodejs/node/pull/9484

PR-URL: https://github.com/nodejs/node/pull/10277
2016-12-20 16:43:12 -05:00
Jeremiah Senkpiel
8ab8363677 2016-12-06, Version 7.2.1 (Current)
Notable changes:

* buffer:
  - Reverted the runtime deprecation of calling `Buffer()` without
`new`. (Anna Henningsen) https://github.com/nodejs/node/pull/9529
  - Fixed `buffer.transcode()` for single-byte character
encodings to `UCS2`. (Anna Henningsen)
https://github.com/nodejs/node/pull/9838
* promise: `--trace-warnings` now produces useful stacktraces for
Promise warnings. (Anna Henningsen)
https://github.com/nodejs/node/pull/9525
* repl: Fixed a bug preventing correct parsing of generator functions.
(Teddy Katz) https://github.com/nodejs/node/pull/9852
* V8: Fixed a significant `instanceof` performance regression.
(Franziska Hinkelmann) https://github.com/nodejs/node/pull/9730

PR-URL: https://github.com/nodejs/node/pull/10127
2016-12-06 17:40:56 -05:00
Myles Borins
6ade6dedab 2016-12-06, Version 4.7.0 'Argon' (LTS)
This LTS release comes with 108 commits. This includes 30 which are doc
related, 28 which are test related, 16 which are build / tool related,
and 4 commits which are updates to dependencies.

Notable Changes:

The SEMVER-MINOR changes include:

* build:
  - export openssl symbols on Windows making it possible to build
    addons linked against the bundled version of openssl (Alex Hultman)
    https://github.com/nodejs/node/pull/7576
* debugger:
  - make listen address configurable in the debugger server
    (Ben Noordhuis) https://github.com/nodejs/node/pull/3316
* dgram:
  - generalized send queue to handle close fixing a potential throw
    when dgram socket is closed in the listening event handler.
    (Matteo Collina) https://github.com/nodejs/node/pull/7066
* http:
  - Introduce the 451 status code "Unavailable For Legal Reasons"
    (Max Barinov) https://github.com/nodejs/node/pull/4377
* tls:
  - introduce `secureContext` for `tls.connect` which is useful for
    caching client certificates, key, and CA certificates.
    (Fedor Indutny) https://github.com/nodejs/node/pull/4246

Notable SEMVER-PATCH changes include:

* build:
  - introduce the configure --shared option for embedders (sxa555)
    https://github.com/nodejs/node/pull/6994
* gtest:
  - the test reporter now outputs tap comments as yamlish
    (Johan Bergström) https://github.com/nodejs/node/pull/9262
* src:
  - node no longer aborts when c-ares initialization fails
    (Ben Noordhuis) https://github.com/nodejs/node/pull/8710
* tls:
  - fix memory leak when writing data to TLSWrap instance during
    handshake (Fedor Indutny)
    https://github.com/nodejs/node/pull/9586

PR-URL: https://github.com/nodejs/node/pull/9736
2016-12-06 14:58:36 -05:00
Myles Borins
c4391f4664 2016-12-06, Version 6.9.2 'Boron' (LTS) Release
This LTS release comes with 144 commits. This includes 47 that are docs
related, 46 that are test related, 15 which are build / tools related,
and 9 commits which are updates to dependencies

Notable Changes:

* buffer:
  - coerce slice parameters consistently
    (Sakthipriyan Vairamani (thefourtheye))
    https://github.com/nodejs/node/pull/9101
* deps:
    - *npm*:
      - upgrade npm to 3.10.9 (Kat Marchán)
       https://github.com/nodejs/node/pull/9286
    - *V8*:
      - Various fixes to destructuring edge cases
        - cherry-pick 3c39bac from V8 upstream (Cristian Cavalli)
          https://github.com/nodejs/node/pull/9138
        - cherry pick 7166503 from upstream v8 (Cristian Cavalli)
          https://github.com/nodejs/node/pull/9173
* gtest:
  - the test reporter now outputs tap comments as yamlish
    (Johan Bergström) https://github.com/nodejs/node/pull/9262
* inspector:
  - inspector now prompts user to use 127.0.0.1 rather than localhost
    (Eugene Ostroukhov) https://github.com/nodejs/node/pull/9451
* tls:
  - fix memory leak when writing data to TLSWrap instance during
    handshake (Fedor Indutny)
    https://github.com/nodejs/node/pull/9586

PR-URL: https://github.com/nodejs/node/pull/9735
2016-12-06 14:32:30 -05:00
Jeremiah Senkpiel
db3f12f7e0 2016-11-22, Version 7.2.0 (Current)
This is a security release impacting Windows 10 users.

Notable changes:

* crypto: The `Decipher` methods `setAuthTag()` and `setAAD` now return
`this`. (Kirill Fomichev) https://github.com/nodejs/node/pull/9398
* dns: Implemented `{ttl: true}` for `resolve4()` and `resolve6()`.
(Ben Noordhuis) https://github.com/nodejs/node/pull/9296 &
https://github.com/nodejs/node/pull/9296
* libuv: Upgrade to v1.10.1 (cjihrig)
https://github.com/nodejs/node/pull/9647
  - Fixed a potential buffer overflow when writing data to console on
Windows 10. (CVE-2016-9551)
* process: Added a new `external` property to the data returned by
`memoryUsage()`. (Fedor Indutny)
https://github.com/nodejs/node/pull/9587
* tls: Fixed a memory leak when writes were queued on TLS connection
that was destroyed during handshake. (Fedor Indutny)
https://github.com/nodejs/node/pull/9626
* V8 (dep): Upgrade to v5.4.500.43 (Michaël Zasso)
https://github.com/nodejs/node/pull/9697
* v8: The data returned by `getHeapStatistics()` now includes three new
fields: `malloced_memory`, `peak_malloced_memory`, and
`does_zap_garbage`. (Gareth Ellis)
https://github.com/nodejs/node/pull/8610

PR-URL: https://github.com/nodejs/node/pull/9745
2016-11-22 18:46:07 -05:00
Evan Lucas
9314886053 2016-11-08, Version 7.1.0 (Current)
Notable changes:

* buffer: add buffer.transcode to transcode a buffer's content from one
  encoding to another primarily using ICU (James M Snell)
* child_process: add public API for IPC channel (cjihrig)
* icu
  * Upgraded to ICU 58 - small icu (Steven R. Loomis)
  * Add `cldr`, `tz`, and `unicode` to `process.versions` (Steven R. Loomis)
* lib: make `String(global) === '[object global]'` (Anna Henningsen)
* libuv: Upgraded to 1.10.0 (cjihrig)
* readline: use icu based string width calculation (James M Snell)
* src:
  * add NODE_PRESERVE_SYMLINKS environment variable that has the same
    effect as the `--preserve-symlinks` flag (Marc Udoff)
  * Fix `String#toLocaleUpperCase()` and `String#toLocaleLowerCase()`
    (Steven R. Loomis)

PR-URL: https://github.com/nodejs/node/pull/9438
2016-11-08 15:14:16 -06:00
Myles Borins
3562658bed 2016-11-08, Version 4.6.2 'Argon' (LTS)
This LTS release comes with 219 commits. This includes 80 commits that
are docs related, 58 commits that are test related, 20 commits that
are build / tool related, and 9 commits that are updates to
dependencies.

Notable Changes

* build:
  - It is now possible to build the documentation from the release
    tarball (Anna Henningsen)
    https://github.com/nodejs/node/pull/8413
* buffer:
  - Buffer.alloc() will no longer incorrectly return a zero filled
    buffer when an encoding is passed (Teddy Katz)
    https://github.com/nodejs/node/pull/9238
* deps:
  - upgrade npm in LTS to 2.15.11 (Kat Marchán)
    https://github.com/nodejs/node/pull/8928
* repl:
  - Enable tab completion for global properties (Lance Ball)
    https://github.com/nodejs/node/pull/7369
* url:
  - `url.format()` will now encode all `#` in `search` (Ilkka Myller)
    https://github.com/nodejs/node/pull/8072

PR-URL: https://github.com/nodejs/node/pull/9298
2016-11-08 14:42:44 -05:00
James M Snell
1e4fafcb1a 2016-10-25, Version 7.0.0 (Current)
Notable Changes:

* Buffer
  * Passing invalid input to Buffer.byteLength will now throw an error [#8946](https://github.com/nodejs/node/pull/8946).
  * Calling Buffer without new is now deprecated and will emit a process warning [#8169](https://github.com/nodejs/node/pull/8169).
  * Passing a negative number to allocUnsafe will now throw an error [#7079](https://github.com/nodejs/node/pull/7079).
* Child Process
  * The fork and execFile methods now have stronger argument validation [#7399](https://github.com/nodejs/node/pull/7399).
* Cluster
  * The worker.suicide method is deprecated and will emit a process warning [#3747](https://github.com/nodejs/node/pull/3747).
* Deps
  * V8 has been updated to 5.4.500.36 [#8317](https://github.com/nodejs/node/pull/8317), [#8852](https://github.com/nodejs/node/pull/8852), [#9253](https://github.com/nodejs/node/pull/9253).
  * NODE_MODULE_VERSION has been updated to 51 [#8808](https://github.com/nodejs/node/pull/8808).
* File System
  * A process warning is emitted if a callback is not passed to async file system methods [#7897](https://github.com/nodejs/node/pull/7897).
* Intl
  * Intl.v8BreakIterator constructor has been deprecated and will emit a process warning [#8908](https://github.com/nodejs/node/pull/8908).
* Promises
  * Unhandled Promise rejections have been deprecated and will emit a process warning [#8217](https://github.com/nodejs/node/pull/8217).
* Punycode
  * The `punycode` module has been deprecated [#7941](https://github.com/nodejs/node/pull/7941).
* URL
  * An Experimental WHATWG URL Parser has been introduced [#7448](https://github.com/nodejs/node/pull/7448).

PR-URL: https://github.com/nodejs/node/pull/9099
2016-10-25 06:53:36 -07:00
Myles Borins
4b65a65e75 2016-10-19, Version 6.9.1 'Boron' (LTS) Release
Notable changes:

* streams: Fix a regression introduced in v6.8.0 in readable stream
that caused unpipe to remove the wrong stream (Anna Henningsen)

PR-URL: https://github.com/nodejs/node/pull/9186
2016-10-19 23:30:15 +01:00
Jeremiah Senkpiel
252cc3d00b doc: v6 is now LTS rather than Current
PR-URL: https://github.com/nodejs/node/pull/9182
Reviewed-By: Claudio Rodriguez <cjrodr@yahoo.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
2016-10-19 19:26:31 +01:00
Jeremiah Senkpiel
e44eb0e6ce doc: fix some table problems in changelog.md
PR-URL: https://github.com/nodejs/node/pull/9183
Reviewed-By: Claudio Rodriguez <cjrodr@yahoo.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
2016-10-19 19:18:18 +01:00
Rod Vagg
0e6750d1cd 2016-10-18 Node.js v6.9.0 'Boron' (LTS) Release
This release marks the transition of Node.js v6 into Long Term Support
(LTS) with the codename 'Boron'. The v6 release line now moves in to
"Active LTS" and will remain so until April 2018. After that time it
will move in to "Maintenance" until end of life in April 2019.

This is also a security release. All Node.js users should consult the
security release summary at
https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/
for details on patched vulnerabilities.

Notable changes:

* crypto: Don't automatically attempt to load an OpenSSL configuration
  file, from the `OPENSSL_CONF` environment variable or from the
  default location for the current platform. Always triggering a
  configuration file load attempt may allow an attacker to load
  compromised OpenSSL configuration into a Node.js process if they are
  able to place a file in a default location. (Fedor Indutny, Rod Vagg)
* node: Introduce the `process.release.lts` property, set to `"Boron"`.
  This value is `"Argon"` for v4 LTS releases and `undefined` for all
  other releases. (Rod Vagg)
* V8: Backport fix for CVE-2016-5172, an arbitrary memory read.
  The parser in V8 mishandled scopes, potentially allowing an attacker
  to obtain sensitive information from arbitrary memory locations via
  crafted JavaScript code. This vulnerability would require an
  attacker to be able to execute arbitrary JavaScript code in a
  Node.js process. (Rod Vagg)
* **v8_inspector**: Generate a UUID for each execution of the
  inspector. This provides additional security to prevent unauthorized
  clients from connecting to the Node.js process via the v8_inspector
  port when running with `--inspect`. Since the debugging protocol
  allows extensive access to the internals of a running process, and
  the execution of arbitrary code, it is important to limit
  connections to authorized tools only. Vulnerability originally
  reported by Jann Horn. (Eugene Ostroukhov)

PR-URL: https://github.com/nodejs/node-private/pull/81
2016-10-19 04:22:07 +11:00