diff options
author | Rod Vagg <rod@vagg.org> | 2015-11-30 16:06:35 +0300 |
---|---|---|
committer | Rod Vagg <rod@vagg.org> | 2015-12-04 00:47:40 +0300 |
commit | 11433127c717b02859c9aef063217b5a0797e6b3 (patch) | |
tree | 1ead3d00478d6601635224771416f84bda64aea0 | |
parent | 678398f2503fbc5faac3f925bb459823e0295141 (diff) |
2015-12-04, Version 5.1.1 (Stable)v5.1.1
Security Update
Notable items:
* **http**: Fix a bug where an HTTP socket may no longer have a socket
but a pipelined request triggers a pause or resume, a potential
denial-of-service vector. (Fedor Indutny)
* **openssl**: Upgrade to 1.0.2e, containing fixes for:
- CVE-2015-3193 "BN_mod_exp may produce incorrect results on x86_64",
an attack is considered feasible against DH, an attack against RSA
and DSA is considered possible but unlikely, EC algorithms are not
affected. Details are available at
<http://openssl.org/news/secadv/20151203.txt>.
- CVE-2015-3194 "Certificate verify crash with missing PSS parameter",
a potential denial-of-service vector for Node.js TLS servers; TLS
clients are also impacted. Details are available at
<http://openssl.org/news/secadv/20151203.txt>.
(Shigeki Ohtsu) #4134
* v8: Backport fixes for a bug in `JSON.stringify()` that can result
in out-of-bounds reads for arrays. (Ben Noordhuis)
PR-URL: https://github.com/nodejs/node-private/pull/11
-rw-r--r-- | CHANGELOG.md | 25 | ||||
-rw-r--r-- | src/node_version.h | 2 |
2 files changed, 26 insertions, 1 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index e6499064663..02a8d3a334c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,30 @@ # Node.js ChangeLog +## 2015-12-04, Version 5.1.1 (Stable), @rvagg + +### Notable changes + +* **http**: Fix a bug where an HTTP socket may no longer have a socket but a pipelined request triggers a pause or resume, a potential denial-of-service vector. (Fedor Indutny) +* **openssl**: Upgrade to 1.0.2e, containing fixes for: + - CVE-2015-3193 "BN_mod_exp may produce incorrect results on x86_64", an attack is considered feasible against DH, an attack against RSA and DSA is considered possible but unlikely, EC algorithms are not affected. Details are available at <http://openssl.org/news/secadv/20151203.txt>. + - CVE-2015-3194 "Certificate verify crash with missing PSS parameter", a potential denial-of-service vector for Node.js TLS servers; TLS clients are also impacted. Details are available at <http://openssl.org/news/secadv/20151203.txt>. + (Shigeki Ohtsu) [#4134](https://github.com/nodejs/node/pull/4134) +* **v8**: Backport fixes for a bug in `JSON.stringify()` that can result in out-of-bounds reads for arrays. (Ben Noordhuis) + +### Known issues + +* Surrogate pair in REPL can freeze terminal. [#690](https://github.com/nodejs/node/issues/690) +* Calling `dns.setServers()` while a DNS query is in progress can cause the process to crash on a failed assertion. [#894](https://github.com/nodejs/node/issues/894) +* `url.resolve` may transfer the auth portion of the url when resolving between two full hosts, see [#1435](https://github.com/nodejs/node/issues/1435). +* Unicode characters in filesystem paths are not handled consistently across platforms or Node.js APIs. See [#2088](https://github.com/nodejs/node/issues/2088), [#3401](https://github.com/nodejs/node/issues/3401) and [#3519](https://github.com/nodejs/node/issues/3519). + +### Commits + +* [[`678398f250`](https://github.com/nodejs/node/commit/678398f250)] - **deps**: backport a7e50a5 from upstream v8 (Ben Noordhuis) +* [[`76a552c938`](https://github.com/nodejs/node/commit/76a552c938)] - **deps**: backport 6df9a1d from upstream v8 (Ben Noordhuis) +* [[`533881f889`](https://github.com/nodejs/node/commit/533881f889)] - **deps**: upgrade openssl sources to 1.0.2e (Shigeki Ohtsu) [#4134](https://github.com/nodejs/node/pull/4134) +* [[`12e70fafd3`](https://github.com/nodejs/node/commit/12e70fafd3)] - **http**: fix pipeline regression (Fedor Indutny) + ## 2015-11-17, Version 5.1.0 (Stable), @Fishrock123 ### Notable changes diff --git a/src/node_version.h b/src/node_version.h index 4ab5cbcb90a..66cffa1e1a4 100644 --- a/src/node_version.h +++ b/src/node_version.h @@ -5,7 +5,7 @@ #define NODE_MINOR_VERSION 1 #define NODE_PATCH_VERSION 1 -#define NODE_VERSION_IS_RELEASE 0 +#define NODE_VERSION_IS_RELEASE 1 #ifndef NODE_STRINGIFY #define NODE_STRINGIFY(n) NODE_STRINGIFY_HELPER(n) |