projects / platform / upstream / nodejs.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 49bbd56) | patch
2015-12-04, Version 4.2.3 "Argon" (LTS) Release upstream/4.2.3 v4.2.3
authorRod Vagg <rod@vagg.org>
Thu, 3 Dec 2015 11:57:34 +0000 (22:57 +1100)
committerRod Vagg <rod@vagg.org>
Thu, 3 Dec 2015 21:45:31 +0000 (08:45 +1100)
commitaa1e9a42f7188986d1aaa5c081d80230fd8ee54a
treef57183b4955a6b9047dd5c9df972eebb43baac6dtree | snapshot
parent49bbd563be6b0ed04286981fa3ff7e46893d5913commit | diff
2015-12-04, Version 4.2.3 "Argon" (LTS) Release

Security Update

Notable items:

* http: Fix a bug where an HTTP socket may no longer have a socket
  but a pipelined request triggers a pause or resume, a potential
  denial-of-service vector. (Fedor Indutny)
* openssl: Upgrade to 1.0.2e, containing fixes for:
  - CVE-2015-3193 "BN_mod_exp may produce incorrect results on x86_64",
    an attack is considered feasible against a Node.js TLS server using
    DHE key exchange. Details are available at
    <http://openssl.org/news/secadv/20151203.txt>.
  - CVE-2015-3194 "Certificate verify crash with missing PSS parameter",
    a potential denial-of-service vector for Node.js TLS servers; TLS
    clients are also impacted. Details are available at
    <http://openssl.org/news/secadv/20151203.txt>.
  (Shigeki Ohtsu) #4134
* v8: Backport fixes for a bug in `JSON.stringify()` that can result
  in out-of-bounds reads for arrays. (Ben Noordhuis)

PR-URL: https://github.com/nodejs/node-private/pull/12
CHANGELOG.md diff | blob | history
src/node_version.h diff | blob | history
Domain: Web Framework / Common;