Notable Changes OpenSSL-1.1.1i OpenSSL-1.1.1i contains a fix for CVE-2020-1971: OpenSSL – EDIPARTYNAME NULL pointer de-reference (High). This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20201208.txt Contributed by Myles Borins #36520. Extended support for 1AbortSignal in child_process and stream The Read more…
Notable Changes Node.js v14.15.2 included a commit that has caused reported breakages when cloning request objects. This release reverts the commit that introduced the behaviour change. See https://github.com/nodejs/node/issues/36550 for more details. Commits [ 14264d9aa67 ] – Revert “http: lazy create IncomingMessage.headers” (Beth Griggs) #36553 Windows 32-bit Installer: https://nodejs.org/dist/v14.15.3/node-v14.15.3-x86.msi Windows 64-bit Read more…
Notable Changes deps: upgrade npm to 6.14.9 (Myles Borins) #36450 update acorn to v8.0.4 (Michaël Zasso) #35791 doc: add release key for Danielle Adams (Danielle Adams) #35545 http2: check write not scheduled in scope destructor (David Halls) #36241 stream: fix regression on duplex end (Momtchil Momtchev) #35941 Commits [ 1c508bfc66b Read more…
Notable Changes child_processes: add AbortSignal support (Benjamin Gruenbaum) #36308 deps: update ICU to 68.1 (Michaël Zasso) #36187 events: support signal in EventTarget (Benjamin Gruenbaum) #36258 graduate Event, EventTarget, AbortController (James M Snell) #35949 http: enable call chaining with setHeader() (pooja d.p) #35924 module: add isPreloading indicator (James M Snell) #36263 Read more…
Notable Changes crypto: update certdata to NSS 3.56 (Shelley Vohr) https://github.com/nodejs/node/pull/35546 deps: update llhttp to 2.1.3 (Fedor Indutny) https://github.com/nodejs/node/pull/35435 (SEMVER-MINOR) upgrade to libuv 1.40.0 (Colin Ihrig) https://github.com/nodejs/node/pull/35333 doc: add aduh95 to collaborators (Antoine du Hamel) https://github.com/nodejs/node/pull/35542 fs: (SEMVER-MINOR) add .ref() and .unref() methods to watcher classes (rickyes) https://github.com/nodejs/node/pull/33134 http: (SEMVER-MINOR) Read more…
Notable Changes [ 16349b1d673 ] – (SEMVER-MINOR) dns: add a cancel() method to the promise Resolver (Szymon Marczak) #33099 [ 19ce9b016e6 ] – (SEMVER-MINOR) events: add max listener warning for EventTarget (James M Snell) #36001 [ 18390f8a86b ] – (SEMVER-MINOR) http: add support for abortsignal to http.request (Benjamin Gruenbaum) #36048 Read more…
Notable changes This is a security release. Vulnerabilities fixed: CVE-2020-8277: Denial of Service through DNS request (High). A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service by getting the application to resolve a DNS record Read more…
Notable changes This is a security release. Vulnerabilities fixed: CVE-2020-8277: Denial of Service through DNS request (High). A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service by getting the application to resolve a DNS record Read more…
Notable changes This is a security release. Vulnerabilities fixed: CVE-2020-8277: Denial of Service through DNS request (High). A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of service by getting the application to resolve a DNS record Read more…
Notable changes events: getEventListeners static (Benjamin Gruenbaum) #35991 fs: support abortsignal in writeFile (Benjamin Gruenbaum) #35993 add support for AbortSignal in readFile (Benjamin Gruenbaum) #35911 stream: fix thrown object reference (Gil Pedersen) #36065 Commits [ 19d9a044c1b ] – benchmark: ignore build artifacts for napi addons (Richard Lau) #35970 [ 14c6de854be Read more…
