Notable changes This is a security release. Vulnerabilities fixed: CVE-2020-8277: Denial of Service through DNS request (High). A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Read more…
Notable changes This is a security release. Vulnerabilities fixed: CVE-2020-8277: Denial of Service through DNS request (High). A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Read more…
Notable changes This is a security release. Vulnerabilities fixed: CVE-2020-8277: Denial of Service through DNS request (High). A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Read more…
Notable Changes [ 16349b1d673 ] – (SEMVER-MINOR) dns: add a cancel() method to the promise Resolver (Szymon Marczak) #33099 [ 19ce9b016e6 ] – (SEMVER-MINOR) events: add max listener warning for EventTarget (James M Snell) #36001 [ 18390f8a86b ] – (SEMVER-MINOR) Read more…
Notable Changes crypto: update certdata to NSS 3.56 (Shelley Vohr) https://github.com/nodejs/node/pull/35546 deps: update llhttp to 2.1.3 (Fedor Indutny) https://github.com/nodejs/node/pull/35435 (SEMVER-MINOR) upgrade to libuv 1.40.0 (Colin Ihrig) https://github.com/nodejs/node/pull/35333 doc: add aduh95 to collaborators (Antoine du Hamel) https://github.com/nodejs/node/pull/35542 fs: (SEMVER-MINOR) add .ref() Read more…
Notable Changes child_processes: add AbortSignal support (Benjamin Gruenbaum) #36308 deps: update ICU to 68.1 (Michaël Zasso) #36187 events: support signal in EventTarget (Benjamin Gruenbaum) #36258 graduate Event, EventTarget, AbortController (James M Snell) #35949 http: enable call chaining with setHeader() (pooja Read more…
Notable Changes deps: upgrade npm to 6.14.9 (Myles Borins) #36450 update acorn to v8.0.4 (Michaël Zasso) #35791 doc: add release key for Danielle Adams (Danielle Adams) #35545 http2: check write not scheduled in scope destructor (David Halls) #36241 stream: fix Read more…
Notable Changes Node.js v14.15.2 included a commit that has caused reported breakages when cloning request objects. This release reverts the commit that introduced the behaviour change. See https://github.com/nodejs/node/issues/36550 for more details. Commits [ 14264d9aa67 ] – Revert “http: lazy create Read more…
Notable Changes OpenSSL-1.1.1i OpenSSL-1.1.1i contains a fix for CVE-2020-1971: OpenSSL – EDIPARTYNAME NULL pointer de-reference (High). This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20201208.txt Contributed by Myles Borins Read more…
Notable changes Vulnerabilities fixed: CVE-2020-8265: use-after-free in TLSWrap (High) Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first Read more…
