Skip to content

2018-06-12, Version 9.11.2 (Current), @evanlucas

Compare
Choose a tag to compare
@evanlucas evanlucas released this 13 Jun 00:24
· 23347 commits to main since this release
v9.11.2

Notable Changes

  • Fixes memory exhaustion DoS (CVE-2018-7164): Fixes a bug introduced in 9.7.0 that increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream.
  • buffer (CVE-2018-7167): Fixes Denial of Service vulnerability where calling Buffer.fill() could hang
  • http2
    • (CVE-2018-7161): Fixes Denial of Service vulnerability by updating the http2 implementation to not crash under certain circumstances during cleanup
    • (CVE-2018-1000168): Fixes Denial of Service vulnerability by upgrading nghttp2 to 1.32.0
  • tls (CVE-2018-7162): Fixes Denial of Service vulnerability by updating the TLS implementation to not crash upon receiving

Commits