Skip to content

Releases: nodejs/node

2017-11-07, Version 9.1.0 (Current), @cjihrig

15 Nov 15:30
v9.1.0
9de633d
Compare
Choose a tag to compare

Notable Changes

  • CLI:
    • NODE_OPTIONS now supports the --stack-trace-limit option. #16495
  • deps:
    • OpenSSL is upgraded to 1.0.2m #16691
  • http:
    • A 'connect' event handler leak has been fixed. #16725
    • The 103 Early Hints status code is now supported. #16644

Commits

Read more

2017-11-07, Version 8.9.1 'Carbon' (LTS), @gibfahn

15 Nov 15:29
v8.9.1
48813de
Compare
Choose a tag to compare

Notable Changes

  • openssl:
    • upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) #16691
  • Revert "https:
    • refactor to use http internals" (Myles Borins) #16660

Commits

2017-11-07, Version 6.12.0 'Boron' (LTS), @MylesBorins

15 Nov 15:29
Compare
Choose a tag to compare

This LTS release comes with 127 commits. This includes 45 which are test related,
33 which are doc related, 13 which are updates to dependencies and 7 commits which are related to build / tools.

This release includes a security update to openssl that has been deemed low severity for the Node.js project.

Notable Changes

  • assert:
    • assert.fail() can now take one or two arguments (Rich Trott) #12293
  • crypto:
    • add sign/verify support for RSASSA-PSS (Tobias Nießen) #11705
  • deps:
    • upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) #16691
    • upgrade libuv to 1.15.0 (cjihrig) #15745
    • upgrade libuv to 1.14.1 (cjihrig) #14866
    • upgrade libuv to 1.13.1 (cjihrig) #14117
    • upgrade libuv to 1.12.0 (cjihrig) #13306
  • fs:
    • Add support for fs.write/fs.writeSync(fd, buffer, cb) and fs.write/fs.writeSync(fd, buffer, offset, cb) as documented (Andreas Lind) #7856
  • inspector:
    • enable --inspect-brk (Refael Ackermann) #12615
  • process:
    • add --redirect-warnings command line argument (James M Snell) #10116
  • src:
    • allow CLI args in env with NODE_OPTIONS (Sam Roberts) #12028
    • --abort-on-uncaught-exception in NODE_OPTIONS (Sam Roberts) #13932
    • allow --tls-cipher-list in NODE_OPTIONS (Sam Roberts) #13172
    • use SafeGetenv() for NODE_REDIRECT_WARNINGS (Sam Roberts) #12677
  • test:
    • remove common.fail() (Rich Trott) #12293

Commits

Read more

2017-11-07, Version 4.8.6 'Argon' (Maintenance), @MylesBorins

15 Nov 15:28
Compare
Choose a tag to compare

This Maintenance release comes with 47 commits. This includes 26 commits which are updates to dependencies,
8 which are build / tool related, 4 which are doc related, and 2 which are test related.

This release includes a security update to openssl that has been deemed low severity for the Node.js project.

Notable Changes

  • crypto:
    • update root certificates (Ben Noordhuis) #13279
    • update root certificates (Ben Noordhuis) #12402
  • deps:
    • add support for more modern versions of INTL (Bruno Pagani) #13040
    • upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) #16691
    • upgrade openssl sources to 1.0.2l (Daniel Bevenius) #13233

Commits

2017-10-31, Version 9.0.0 (Current), @jasnell

03 Nov 05:08
v9.0.0
Compare
Choose a tag to compare

Notable Changes

Commits

Semver-Major

Read more

2017-10-31, Version 8.9.0 'Carbon' (LTS), @gibfahn

03 Nov 05:08
v8.9.0
f76ce0a
Compare
Choose a tag to compare

This release marks the transition of Node.js v8 into Long Term Support (LTS) with the codename 'Carbon'. The v8 release line now moves in to "Active LTS" and will remain so until April 2019. After that time it will move in to "Maintenance" until end of life in December 2019.

Notable Changes

  • doc:
    • add Gibson Fahnestock to Release team (Gibson Fahnestock) #16620
  • deps:
    • update npm to 5.5.1 (Myles Borins) #16509
  • http2:
    • The exposed http2 socket is no longer manipulatable (Anatoli Papirovski) #16330
  • module:
    • support custom paths to require.resolve() (cjihrig) #16397
  • util:
    • util.TextEncoder and util.TextDecoder are no longer experimental. There will no longer be a warning when they are used (James M Snell) #15743

Commits

Read more

2017-10-25, Version 8.8.1 (Current), @cjihrig

03 Nov 05:07
v8.8.1
dc6bbb4
Compare
Choose a tag to compare

Notable Changes

  • net:
    • Fix timeout with null handle issue. This is a regression in Node 8.8.0 #16489

Commits

2017-10-24, Version 8.8.0 (Current), @MylesBorins

25 Oct 15:49
Compare
Choose a tag to compare

Notable Changes

  • crypto:
    • expose ECDH class #8188
  • http2:
    • http2 is now exposed by default without the need for a flag #15685
    • a new environment variable NODE_NO_HTTP2 has been added to allow userland http2 to be required #15685
    • support has been added for generic Duplex streams #16269
  • module:
    • resolve and instantiate loader pipeline hooks have been added to the ESM lifecycle #15445
  • zlib:
    • CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an error to be raised when a raw deflate stream is initialized with windowBits set to 8. On some versions this crashes Node and you cannot recover from it, while on some versions it throws an exception. Node.js will now gracefully set windowBits to 9 replicating the legacy behavior to avoid a DOS vector. nodejs-private/node-private#95

Commits

Read more

2017-10-24, Version 6.11.5 'Boron' (LTS), @MylesBorins

25 Oct 15:49
Compare
Choose a tag to compare

This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/oct-2017-dos/ for details on patched vulnerabilities.

Notable Changes

  • zlib:
    • CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an error to be raised when a raw deflate stream is initialized with windowBits set to 8. On some versions this crashes Node and you cannot recover from it, while on some versions it throws an exception. Node.js will now gracefully set windowBits to 9 replicating the legacy behavior to avoid a DOS vector. nodejs-private/node-private#95

Commits

Version 4.8.5 'Argon' (Maintenance), @MylesBorins

25 Oct 15:45
Compare
Choose a tag to compare

This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/oct-2017-dos/ for details on patched vulnerabilities.

Notable Changes

  • zlib:
    • CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an error to be raised when a raw deflate stream is initialized with windowBits set to 8. On some versions this crashes Node and you cannot recover from it, while on some versions it throws an exception. Node.js will now gracefully set windowBits to 9 replicating the legacy behavior to avoid a DOS vector. nodejs-private/node-private#95

Commits