mirrors/nodejs
mirrors/nodejs
0
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2024-12-01 16:10:02 +01:00
Code Issues Releases Activity
9910cc29bc
nodejs/doc/api
History
Rod Vagg 9910cc29bc 2018-11-27, Version 10.14.0 'Dubnium' (LTS) 
This is a security release. All Node.js users should consult the security
release summary at:

  https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/

for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

  * Node.js: Denial of Service with large HTTP headers (CVE-2018-12121)
  * Node.js: Slowloris HTTP Denial of Service (CVE-2018-12122 / Node.js)
  * Node.js: Hostname spoofing in URL parser for javascript protocol
    (CVE-2018-12123)
  * OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734)
  * OpenSSL: Timing vulnerability in ECDSA signature generation (CVE-2019-0735)

Notable Changes:

* deps: Upgrade to OpenSSL 1.1.0j, fixing CVE-2018-0734 and CVE-2019-0735
* http:
  * Headers received by HTTP servers must not exceed 8192 bytes in total to
    prevent possible Denial of Service attacks. Reported by Trevor Norris.
    (CVE-2018-12121 / Matteo Collina)
  * A timeout of 40 seconds now applies to servers receiving HTTP headers. This
    value can be adjusted with `server.headersTimeout`. Where headers are not
    completely received within this period, the socket is destroyed on the next
    received chunk. In conjunction with `server.setTimeout()`, this aids in
    protecting against excessive resource retention and possible Denial of
    Service. Reported by Jan Maybach (liebdich.com).
* url: Fix a bug that would allow a hostname being spoofed when parsing URLs
  with `url.parse()` with the `'javascript:'` protocol. Reported by
  Martin Bajanik (kenticocloud.com). (CVE-2018-12123 / Matteo Collina)

PR-URL: https://github.com/nodejs-private/node-private/pull/155/
2018-11-28 11:36:34 +11:00
..
addons.md test: fix v8 Set/Get compiler warnings 2018-11-11 08:02:30 +01:00
assert.md doc: remove notice of dashes in V8 options 2018-10-29 21:24:08 +00:00
async_hooks.md doc: use arrow function for anonymous callbacks 2018-11-25 20:32:02 -08:00
buffer.md 2018-10-23, Version 11.0.0 (Current) 2018-10-23 11:03:02 -07:00
child_process.md doc: remove duplicate whitespaces in doc/api 2018-11-24 11:30:04 +02:00
cli.md doc: remove duplicate whitespaces in doc/api 2018-11-24 11:30:04 +02:00
cluster.md doc: remove duplicate whitespaces in doc/api 2018-11-24 11:30:04 +02:00
console.md 2018-07-18, Version 10.7.0 (Current) 2018-07-18 20:17:23 +02:00
crypto.md doc: update crypto examples to not use deprecated api 2018-11-18 23:26:00 -08:00
debugger.md inspector: use js_app.html as the landing page for chrome devtools 2018-06-28 09:24:02 -03:00
deprecations.md http: change DEP0066 to a runtime deprecation 2018-11-22 04:45:27 -08:00
dgram.md net,dgram: add ipv6Only option for net and dgram 2018-11-22 21:45:08 +08:00
dns.md doc: add missing metadata for dns.lookup 2018-09-19 21:11:51 +02:00
documentation.md doc: use Node.js instead of Node 2018-10-31 23:26:51 -07:00
domain.md doc: remove notice of dashes in V8 options 2018-10-29 21:24:08 +00:00
errors.md tls: add min/max protocol version options 2018-11-22 09:14:58 -08:00
esm.md esm: provide named exports for builtin libs 2018-05-11 12:06:18 -05:00
events.md doc: add note about removeListener order 2018-10-23 13:12:03 -07:00
fs.md doc: remove duplicate whitespaces in doc/api 2018-11-24 11:30:04 +02:00
globals.md doc: remove "idiomatic choice" from queueMicrotask 2018-10-31 07:38:30 +11:00
http2.md doc: fix duplicate "this" and "the" on http2.md 2018-11-24 13:44:15 +02:00
http.md 2018-11-27, Version 10.14.0 'Dubnium' (LTS) 2018-11-28 11:36:34 +11:00
https.md http,https: protect against slow headers attack 2018-11-28 11:36:34 +11:00
index.md doc: remove mailing list 2018-10-29 20:49:59 -07:00
inspector.md doc: inspector security warning for changing host 2018-11-05 22:38:01 -08:00
intl.md doc: bump ICU version to avoid confusion 2018-08-14 22:44:58 +03:00
modules.md doc: clarify symlink resolution for __filename 2018-11-26 18:28:57 -08:00
n-api.md doc: mark napi_add_finalizer experimental 2018-11-23 22:07:59 -08:00
net.md net,dgram: add ipv6Only option for net and dgram 2018-11-22 21:45:08 +08:00
os.md doc: remove duplicate whitespaces in doc/api 2018-11-24 11:30:04 +02:00
path.md doc: implement minor text fixes to path.md 2018-11-05 23:21:45 -08:00
perf_hooks.md perf_hooks: remove less useful bootstrap marks 2018-06-15 09:05:19 -07:00
process.md doc: fix comma splices in process.md 2018-11-13 22:13:32 -08:00
punycode.md doc: prevent some redirections 2018-07-14 22:57:03 +03:00
querystring.md doc: remove redundant 'Example:' and similar notes 2018-08-29 16:53:03 +03:00
readline.md readline: add support for async iteration 2018-11-20 15:41:16 -08:00
repl.md doc: add types and their corresponding return values 2018-11-02 00:36:40 +02:00
stream.md doc: add readable and writable property to Readable and Writable 2018-11-21 10:49:47 -08:00
string_decoder.md string_decoder: support typed array or data view 2018-09-17 17:48:44 +02:00
synopsis.md doc: fix typographical issues 2018-10-31 01:14:37 +02:00
timers.md 2018-10-23, Version 11.0.0 (Current) 2018-10-23 11:03:02 -07:00
tls.md doc: remove duplicate whitespaces in doc/api 2018-11-24 11:30:04 +02:00
tracing.md trace_events: forbid tracing modifications from worker threads 2018-10-24 11:20:35 -03:00
tty.md tty: document WriteStream.cursorTo() and others 2018-10-06 01:36:03 +03:00
url.md 2018-10-23, Version 11.0.0 (Current) 2018-10-23 11:03:02 -07:00
util.md Revert "util: change util.inspect depth default" 2018-11-14 19:44:39 -08:00
v8.md doc: use arrow function 2018-11-24 11:56:33 +02:00
vm.md vm: clarify timeout option in vm 2018-11-05 22:39:01 -08:00
worker_threads.md trace_events: forbid tracing modifications from worker threads 2018-10-24 11:20:35 -03:00
zlib.md doc: unify optional arguments format in headings 2018-08-19 21:45:39 +03:00