Notable Changes [ 16349b1d673 ] – (SEMVER-MINOR) dns: add a cancel() method to the promise Resolver (Szymon Marczak) #33099 [ 19ce9b016e6 ] – (SEMVER-MINOR) events: add max listener warning for EventTarget (James M Snell) #36001 [ 18390f8a86b ] – (SEMVER-MINOR) http: add support for abortsignal to http.request (Benjamin Gruenbaum) #36048 Read more…
Notable changes This is a security release. Vulnerabilities fixed: CVE-2020-8277: Denial of Service through DNS request (High). A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service by getting the application to resolve a DNS record Read more…
Notable changes This is a security release. Vulnerabilities fixed: CVE-2020-8277: Denial of Service through DNS request (High). A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service by getting the application to resolve a DNS record Read more…
Notable changes This is a security release. Vulnerabilities fixed: CVE-2020-8277: Denial of Service through DNS request (High). A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of service by getting the application to resolve a DNS record Read more…
Notable changes events: getEventListeners static (Benjamin Gruenbaum) #35991 fs: support abortsignal in writeFile (Benjamin Gruenbaum) #35993 add support for AbortSignal in readFile (Benjamin Gruenbaum) #35911 stream: fix thrown object reference (Gil Pedersen) #36065 Commits [ 19d9a044c1b ] – benchmark: ignore build artifacts for napi addons (Richard Lau) #35970 [ 14c6de854be Read more…
Notable Changes Diagnostics channel (experimental module) 1diagnostics_channel is a new experimental module that provides an API to create named channels to report arbitrary message data for diagnostics purposes. With 1diagnostics_channel , Node.js core and module authors can publish contextual data about what they are doing at a given time. This Read more…
Notable changes Vulnerabilities fixed: CVE-2020-8265: use-after-free in TLSWrap (High) Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, Read more…
Notable Changes OpenSSL-1.1.1i OpenSSL-1.1.1i contains a fix for CVE-2020-1971: OpenSSL – EDIPARTYNAME NULL pointer de-reference (High). This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20201208.txt Contributed by Myles Borins #36520. Extended support for 1AbortSignal in child_process and stream The Read more…
Notable Changes Node.js v14.15.2 included a commit that has caused reported breakages when cloning request objects. This release reverts the commit that introduced the behaviour change. See https://github.com/nodejs/node/issues/36550 for more details. Commits [ 14264d9aa67 ] – Revert “http: lazy create IncomingMessage.headers” (Beth Griggs) #36553 Windows 32-bit Installer: https://nodejs.org/dist/v14.15.3/node-v14.15.3-x86.msi Windows 64-bit Read more…
Notable Changes deps: upgrade npm to 6.14.9 (Myles Borins) #36450 update acorn to v8.0.4 (MichaĆ«l Zasso) #35791 doc: add release key for Danielle Adams (Danielle Adams) #35545 http2: check write not scheduled in scope destructor (David Halls) #36241 stream: fix regression on duplex end (Momtchil Momtchev) #35941 Commits [ 1c508bfc66b Read more…
