diff options
author | Myles Borins <mylesborins@google.com> | 2017-01-31 21:28:45 +0300 |
---|---|---|
committer | Myles Borins <mylesborins@google.com> | 2017-01-31 21:28:45 +0300 |
commit | 37a8051594719584ed35e88e4862dc5540427beb (patch) | |
tree | 3b4ddbd5e8b27b012e41ec06228954abb6659d1c | |
parent | 87ac44974ad732b0a3dbe33c5b5aee4596b2fe2f (diff) |
2017-01-31, Version 6.9.5 'Boron' (LTS)v6.9.5
This is a security release of the 'Boron' release line to upgrade
OpenSSL to version 1.0.2k
Although the OpenSSL team have determined a maximum severity rating
of "moderate", the Node.js crypto team (Ben Noordhuis, Shigeki Ohtsu
and Fedor Indutny) have determined the impact to Node users is "low".
Details on this determination can be found on the Nodejs.org website
https://nodejs.org/en/blog/vulnerability/openssl-january-2017/
Notable Changes:
* deps:
- upgrade openssl sources to 1.0.2k (Shigeki Ohtsu)
https://github.com/nodejs/node/pull/11021
PR-URL: https://github.com/nodejs/node/pull/11081
-rw-r--r-- | CHANGELOG.md | 3 | ||||
-rw-r--r-- | doc/changelogs/CHANGELOG_V6.md | 27 | ||||
-rw-r--r-- | src/node_version.h | 2 |
3 files changed, 29 insertions, 3 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 1bb9134b5f6..6c96d1b4042 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,7 +26,8 @@ release. </tr> <tr> <td valign="top"> -<b><a href="doc/changelogs/CHANGELOG_V6.md#6.9.4">6.9.4</a></b><br/> +<b><a href="doc/changelogs/CHANGELOG_V6.md#6.9.5">6.9.5</a></b><br/> +<a href="doc/changelogs/CHANGELOG_V6.md#6.9.4">6.9.4</a><br/> <a href="doc/changelogs/CHANGELOG_V6.md#6.9.3">6.9.3</a><br/> <a href="doc/changelogs/CHANGELOG_V6.md#6.9.2">6.9.2</a><br/> <a href="doc/changelogs/CHANGELOG_V6.md#6.9.1">6.9.1</a><br/> diff --git a/doc/changelogs/CHANGELOG_V6.md b/doc/changelogs/CHANGELOG_V6.md index 348c805e9c9..78c9bcebd6b 100644 --- a/doc/changelogs/CHANGELOG_V6.md +++ b/doc/changelogs/CHANGELOG_V6.md @@ -7,9 +7,10 @@ </tr> <tr> <td valign="top"> - <a href="#6.9.4">6.9.4</a><br/> + <a href="#6.9.5">6.9.5</a><br/> </td> <td valign="top"> +<a href="#6.9.4">6.9.4</a><br/> <a href="#6.9.3">6.9.3</a><br/> <a href="#6.9.2">6.9.2</a><br/> <a href="#6.9.1">6.9.1</a><br/> @@ -43,6 +44,30 @@ [Node.js Long Term Support Plan](https://github.com/nodejs/LTS) and will be supported actively until April 2018 and maintained until April 2019. +<a id="6.9.5"></a> +## 2017-01-31, Version 6.9.5 'Boron' (LTS), @MylesBorins + +This is a security release of the 'Boron' release line to upgrade OpenSSL to version 1.0.2k + +Although the OpenSSL team have determined a maximum severity rating of "moderate", the Node.js +crypto team (Ben Noordhuis, Shigeki Ohtsu and Fedor Indutny) have determined the impact to Node +users is "low". Details on this determination can be found +[on the Nodejs.org website](https://nodejs.org/en/blog/vulnerability/openssl-january-2017/). + +### Notable Changes + +* **deps**: upgrade openssl sources to 1.0.2k (Shigeki Ohtsu) [#11021](https://github.com/nodejs/node/pull/11021) + +### Commits + +* [[`87ac44974a`](https://github.com/nodejs/node/commit/87ac44974a)] - **deps**: update openssl asm and asm_obsolete files (Shigeki Ohtsu) [#11021](https://github.com/nodejs/node/pull/11021) +* [[`a4b43a7ef9`](https://github.com/nodejs/node/commit/a4b43a7ef9)] - **deps**: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) [nodejs/io.js#1836](https://github.com/nodejs/io.js/pull/1836) +* [[`f5b77fdf8d`](https://github.com/nodejs/node/commit/f5b77fdf8d)] - **deps**: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) [iojs/io.js#1389](https://github.com/iojs/io.js/pull/1389) +* [[`58fae148fa`](https://github.com/nodejs/node/commit/58fae148fa)] - **deps**: fix openssl assembly error on ia32 win32 (Fedor Indutny) [iojs/io.js#1389](https://github.com/iojs/io.js/pull/1389) +* [[`d623e8c5b9`](https://github.com/nodejs/node/commit/d623e8c5b9)] - **deps**: copy all openssl header files to include dir (Shigeki Ohtsu) [#11021](https://github.com/nodejs/node/pull/11021) +* [[`3f2bef60b8`](https://github.com/nodejs/node/commit/3f2bef60b8)] - **deps**: upgrade openssl sources to 1.0.2k (Shigeki Ohtsu) [#11021](https://github.com/nodejs/node/pull/11021) +* [[`c4678d2f9a`](https://github.com/nodejs/node/commit/c4678d2f9a)] - **openssl**: fix keypress requirement in apps on win32 (Shigeki Ohtsu) [iojs/io.js#1389](https://github.com/iojs/io.js/pull/1389) + <a id="6.9.4"></a> ## 2017-01-05, Version 6.9.4 'Boron' (LTS), @MylesBorins diff --git a/src/node_version.h b/src/node_version.h index 22fd3e449da..7e342cc7971 100644 --- a/src/node_version.h +++ b/src/node_version.h @@ -8,7 +8,7 @@ #define NODE_VERSION_IS_LTS 1 #define NODE_VERSION_LTS_CODENAME "Boron" -#define NODE_VERSION_IS_RELEASE 0 +#define NODE_VERSION_IS_RELEASE 1 #ifndef NODE_STRINGIFY #define NODE_STRINGIFY(n) NODE_STRINGIFY_HELPER(n) |