Notable changes This is a security release. Vulnerabilities fixed: CVE-2020-8277: Denial of Service through DNS request (High). A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service by getting the application to resolve a DNS record Read more…
Notable Changes [ 16349b1d673 ] – (SEMVER-MINOR) dns: add a cancel() method to the promise Resolver (Szymon Marczak) #33099 [ 19ce9b016e6 ] – (SEMVER-MINOR) events: add max listener warning for EventTarget (James M Snell) #36001 [ 18390f8a86b ] – (SEMVER-MINOR) http: add support for abortsignal to http.request (Benjamin Gruenbaum) #36048 Read more…
Notable Changes child_processes: add AbortSignal support (Benjamin Gruenbaum) #36308 deps: update ICU to 68.1 (Michaël Zasso) #36187 events: support signal in EventTarget (Benjamin Gruenbaum) #36258 graduate Event, EventTarget, AbortController (James M Snell) #35949 http: enable call chaining with setHeader() (pooja d.p) #35924 module: add isPreloading indicator (James M Snell) #36263 Read more…
Notable Changes Node.js v14.15.2 included a commit that has caused reported breakages when cloning request objects. This release reverts the commit that introduced the behaviour change. See https://github.com/nodejs/node/issues/36550 for more details. Commits [ 14264d9aa67 ] – Revert “http: lazy create IncomingMessage.headers” (Beth Griggs) #36553 Windows 32-bit Installer: https://nodejs.org/dist/v14.15.3/node-v14.15.3-x86.msi Windows 64-bit Read more…
Notable Changes deps: upgrade npm to 6.14.9 (Myles Borins) #36450 update acorn to v8.0.4 (Michaël Zasso) #35791 doc: add release key for Danielle Adams (Danielle Adams) #35545 http2: check write not scheduled in scope destructor (David Halls) #36241 stream: fix regression on duplex end (Momtchil Momtchev) #35941 Commits [ 1c508bfc66b Read more…
Notable Changes OpenSSL-1.1.1i OpenSSL-1.1.1i contains a fix for CVE-2020-1971: OpenSSL – EDIPARTYNAME NULL pointer de-reference (High). This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20201208.txt Contributed by Myles Borins #36520. Extended support for 1AbortSignal in child_process and stream The Read more…
Notable changes Vulnerabilities fixed: CVE-2020-8265: use-after-free in TLSWrap (High) Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, Read more…
Notable changes This is a security release. Vulnerabilities fixed: CVE-2020-8265: use-after-free in TLSWrap (High) Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method Read more…
Notable changes This is a security release. Vulnerabilities fixed: CVE-2020-8265: use-after-free in TLSWrap (High) Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method Read more…
Notable Changes child_process: add ‘overlapped’ stdio flag (Thiago Padilha) #29412 support AbortSignal in fork (Benjamin Gruenbaum) #36603 crypto: implement basic secure heap support (James M Snell) #36779 fixup bug in keygen error handling (James M Snell) #36779 introduce X509Certificate API (James M Snell) #36804 implement randomuuid (James M Snell) #36729 Read more…
