mirror of
https://github.com/nodejs/node.git
synced 2024-11-29 23:16:30 +01:00
f0f2583c91
This is a security release. Vulnerabilities fixed: * **CVE-2019-15606**: HTTP header values do not have trailing OWS trimmed. * **CVE-2019-15605**: HTTP request smuggling using malformed Transfer-Encoding header. * **CVE-2019-15604**: Remotely trigger an assertion on a TLS server with a malformed certificate string. Also, HTTP parsing is more strict to be more secure. Since this may cause problems in interoperability with some non-conformant HTTP implementations, it is possible to disable the strict checks with the `--insecure-http-parser` command line flag, or the `insecureHTTPParser` http option. Using the insecure HTTP parser should be avoided. PR-URL: https://github.com/nodejs-private/node-private/pull/196 |
||
---|---|---|
.. | ||
CHANGELOG_ARCHIVE.md | ||
CHANGELOG_IOJS.md | ||
CHANGELOG_V4.md | ||
CHANGELOG_V5.md | ||
CHANGELOG_V6.md | ||
CHANGELOG_V7.md | ||
CHANGELOG_V8.md | ||
CHANGELOG_V9.md | ||
CHANGELOG_V10.md | ||
CHANGELOG_V11.md | ||
CHANGELOG_V12.md | ||
CHANGELOG_V13.md | ||
CHANGELOG_V010.md | ||
CHANGELOG_V012.md |