mirrors/nodejs
mirrors/nodejs
0
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2024-12-01 16:10:02 +01:00
Code Issues Releases Activity
b2a6c97452
nodejs/doc
History
Myles Borins b2a6c97452
2018-03-28, Version 8.11.0 'Carbon' (LTS) 
This is a security release. All Node.js users should consult the
security release summary at:

https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/

for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

* CVE-2018-7158
* CVE-2018-7159
* CVE-2018-7160

Notable changes:

* Upgrade to OpenSSL 1.0.2o: Does not contain any security fixes that
  are known to impact Node.js.
* **Fix for inspector DNS rebinding vulnerability (CVE-2018-7160)**:
  A malicious website could use a DNS rebinding attack to trick a web
  browser to bypass same-origin-policy checks and allow HTTP
  connections to localhost or to hosts on the local network,
  potentially to an open inspector port as a debugger, therefore
  gaining full code execution access. The inspector now only allows
  connections that have a browser `Host` value of `localhost` or
  `localhost6`.
* **Fix for `'path'` module regular expression denial of service
  (CVE-2018-7158)**: A regular expression used for parsing POSIX an
  Windows paths could be used to cause a denial of service if an
  attacker were able to have a specially crafted path string passed
  through one of the impacted `'path'` module functions.
* **Reject spaces in HTTP `Content-Length` header values
  (CVE-2018-7159)**: The Node.js HTTP parser allowed for spaces inside
  `Content-Length` header values. Such values now lead to rejected
  connections in the same way as non-numeric values.
* **Update root certificates**: 5 additional root certificates have
  been added to the Node.js binary and 30 have been removed.

PR-URL: https://github.com/nodejs-private/node-private/pull/112
2018-03-28 12:20:46 -04:00
..
api doc: fix grammar error in process.md 2018-03-27 22:09:19 +03:00
api_assets doc: fix paragraph line-height issue 2017-10-15 12:39:49 +02:00
changelogs 2018-03-28, Version 8.11.0 'Carbon' (LTS) 2018-03-28 12:20:46 -04:00
guides doc: add directory structure in writing-tests.md 2018-03-24 20:57:03 -07:00
.eslintrc.yaml doc: enable eslint prefer-template rule 2018-02-22 14:56:17 +00:00
first_timer_badge.png doc: add recommendations for first timers 2017-10-24 10:26:20 -04:00
full-white-stripe.jpg
node.1 trace_events: add file pattern cli option 2018-03-04 12:07:39 +01:00
onboarding-extras.md doc: move who-to-cc to COLABORATOR_GUIDE.md 2018-03-21 20:27:36 -07:00
onboarding.md doc: move who-to-cc to COLABORATOR_GUIDE.md 2018-03-21 20:27:36 -07:00
osx_installer_logo.png
releases.md doc: note that linting is required in releases.md 2018-02-16 19:41:19 +01:00
STYLE_GUIDE.md doc: improve style guide text 2018-03-12 20:27:10 -07:00
template.html
thin-white-stripe.jpg