Skip to content

Commit

Permalink
2015-12-04, Version 5.1.1 (Stable)
Browse files Browse the repository at this point in the history
Security Update

Notable items:

* **http**: Fix a bug where an HTTP socket may no longer have a socket
  but a pipelined request triggers a pause or resume, a potential
  denial-of-service vector. (Fedor Indutny)
* **openssl**: Upgrade to 1.0.2e, containing fixes for:
  - CVE-2015-3193 "BN_mod_exp may produce incorrect results on x86_64",
    an attack is considered feasible against DH, an attack against RSA
    and DSA is considered possible but unlikely, EC algorithms are not
    affected. Details are available at
    <http://openssl.org/news/secadv/20151203.txt>.
  - CVE-2015-3194 "Certificate verify crash with missing PSS parameter",
    a potential denial-of-service vector for Node.js TLS servers; TLS
    clients are also impacted. Details are available at
    <http://openssl.org/news/secadv/20151203.txt>.
  (Shigeki Ohtsu) #4134
* v8: Backport fixes for a bug in `JSON.stringify()` that can result
  in out-of-bounds reads for arrays. (Ben Noordhuis)

PR-URL: nodejs-private/node-private#11
  • Loading branch information
rvagg committed Dec 3, 2015
1 parent 678398f commit 1143312
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 1 deletion.
25 changes: 25 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,30 @@
# Node.js ChangeLog

## 2015-12-04, Version 5.1.1 (Stable), @rvagg

### Notable changes

* **http**: Fix a bug where an HTTP socket may no longer have a socket but a pipelined request triggers a pause or resume, a potential denial-of-service vector. (Fedor Indutny)
* **openssl**: Upgrade to 1.0.2e, containing fixes for:
- CVE-2015-3193 "BN_mod_exp may produce incorrect results on x86_64", an attack is considered feasible against DH, an attack against RSA and DSA is considered possible but unlikely, EC algorithms are not affected. Details are available at <http://openssl.org/news/secadv/20151203.txt>.
- CVE-2015-3194 "Certificate verify crash with missing PSS parameter", a potential denial-of-service vector for Node.js TLS servers; TLS clients are also impacted. Details are available at <http://openssl.org/news/secadv/20151203.txt>.
(Shigeki Ohtsu) [#4134](https://github.com/nodejs/node/pull/4134)
* **v8**: Backport fixes for a bug in `JSON.stringify()` that can result in out-of-bounds reads for arrays. (Ben Noordhuis)

### Known issues

* Surrogate pair in REPL can freeze terminal. [#690](https://github.com/nodejs/node/issues/690)
* Calling `dns.setServers()` while a DNS query is in progress can cause the process to crash on a failed assertion. [#894](https://github.com/nodejs/node/issues/894)
* `url.resolve` may transfer the auth portion of the url when resolving between two full hosts, see [#1435](https://github.com/nodejs/node/issues/1435).
* Unicode characters in filesystem paths are not handled consistently across platforms or Node.js APIs. See [#2088](https://github.com/nodejs/node/issues/2088), [#3401](https://github.com/nodejs/node/issues/3401) and [#3519](https://github.com/nodejs/node/issues/3519).

### Commits

* [[`678398f250`](https://github.com/nodejs/node/commit/678398f250)] - **deps**: backport a7e50a5 from upstream v8 (Ben Noordhuis)
* [[`76a552c938`](https://github.com/nodejs/node/commit/76a552c938)] - **deps**: backport 6df9a1d from upstream v8 (Ben Noordhuis)
* [[`533881f889`](https://github.com/nodejs/node/commit/533881f889)] - **deps**: upgrade openssl sources to 1.0.2e (Shigeki Ohtsu) [#4134](https://github.com/nodejs/node/pull/4134)
* [[`12e70fafd3`](https://github.com/nodejs/node/commit/12e70fafd3)] - **http**: fix pipeline regression (Fedor Indutny)

## 2015-11-17, Version 5.1.0 (Stable), @Fishrock123

### Notable changes
Expand Down
2 changes: 1 addition & 1 deletion src/node_version.h
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
#define NODE_MINOR_VERSION 1
#define NODE_PATCH_VERSION 1

#define NODE_VERSION_IS_RELEASE 0
#define NODE_VERSION_IS_RELEASE 1

#ifndef NODE_STRINGIFY
#define NODE_STRINGIFY(n) NODE_STRINGIFY_HELPER(n)
Expand Down

0 comments on commit 1143312

Please sign in to comment.