diff options
author | Richard Lau <riclau@uk.ibm.com> | 2020-09-14 23:02:57 +0300 |
---|---|---|
committer | Richard Lau <riclau@uk.ibm.com> | 2020-09-15 22:17:31 +0300 |
commit | d844fa0a5446ea6848e7afef82eeb671756e0008 (patch) | |
tree | a162048bd67bdbb75a0bfff9ec8d07999c8c0149 | |
parent | 753f3b247ae2d24fee0b3f48b9ec3a5c308f0650 (diff) |
2020-09-15, Version 14.11.0 (Current)v14.11.0
This is a security release.
Notable changes:
Vulnerabilities fixed:
- CVE-2020-8251: Denial of Service by resource exhaustion CWE-400 due
to unfinished HTTP/1.1 requests (Critical).
- CVE-2020-8201: HTTP Request Smuggling due to CR-to-Hyphen conversion
(High).
PR-URL: https://github.com/nodejs-private/node-private/pull/225
-rw-r--r-- | CHANGELOG.md | 3 | ||||
-rw-r--r-- | doc/api/http.md | 2 | ||||
-rw-r--r-- | doc/api/https.md | 2 | ||||
-rw-r--r-- | doc/changelogs/CHANGELOG_V14.md | 18 | ||||
-rw-r--r-- | src/node_version.h | 6 |
5 files changed, 25 insertions, 6 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index ead456b7f1f..d6980334356 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -31,7 +31,8 @@ release. </tr> <tr> <td valign="top"> -<b><a href="doc/changelogs/CHANGELOG_V14.md#14.10.1">14.10.1</a></b><br/> +<b><a href="doc/changelogs/CHANGELOG_V14.md#14.11.0">14.11.0</a></b><br/> +<a href="doc/changelogs/CHANGELOG_V14.md#14.10.1">14.10.1</a><br/> <a href="doc/changelogs/CHANGELOG_V14.md#14.10.0">14.10.0</a><br/> <a href="doc/changelogs/CHANGELOG_V14.md#14.9.0">14.9.0</a><br/> <a href="doc/changelogs/CHANGELOG_V14.md#14.8.0">14.8.0</a><br/> diff --git a/doc/api/http.md b/doc/api/http.md index 29fdae5a3a8..038920eb3e2 100644 --- a/doc/api/http.md +++ b/doc/api/http.md @@ -1258,7 +1258,7 @@ Limits maximum incoming headers count. If set to 0, no limit will be applied. ### `server.requestTimeout` <!-- YAML -added: REPLACEME +added: v14.11.0 --> * {number} **Default:** `0` diff --git a/doc/api/https.md b/doc/api/https.md index 7d40aa1e44c..c0c60ffce72 100644 --- a/doc/api/https.md +++ b/doc/api/https.md @@ -115,7 +115,7 @@ See [`http.Server#maxHeadersCount`][]. ### `server.requestTimeout` <!-- YAML -added: REPLACEME +added: v14.11.0 --> * {number} **Default:** `0` diff --git a/doc/changelogs/CHANGELOG_V14.md b/doc/changelogs/CHANGELOG_V14.md index a5dea842159..86bda5aa6ef 100644 --- a/doc/changelogs/CHANGELOG_V14.md +++ b/doc/changelogs/CHANGELOG_V14.md @@ -10,6 +10,7 @@ </tr> <tr> <td> +<a href="#14.11.0">14.11.0</a><br/> <a href="#14.10.1">14.10.1</a><br/> <a href="#14.10.0">14.10.0</a><br/> <a href="#14.9.0">14.9.0</a><br/> @@ -42,6 +43,23 @@ * [io.js](CHANGELOG_IOJS.md) * [Archive](CHANGELOG_ARCHIVE.md) +<a id="14.11.0"></a> +## 2020-09-15, Version 14.11.0 (Current), @richardlau + +### Notable Changes + +This is a security release. + +Vulnerabilities fixed: + +* **CVE-2020-8251**: Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests (Critical). +* **CVE-2020-8201**: HTTP Request Smuggling due to CR-to-Hyphen conversion (High). + +### Commits + +* [[`dd828376a0`](https://github.com/nodejs/node/commit/dd828376a0)] - **deps**: update llhttp to 2.1.2 (Fedor Indutny) [nodejs-private/node-private#215](https://github.com/nodejs-private/node-private/pull/215) +* [[`753f3b247a`](https://github.com/nodejs/node/commit/753f3b247a)] - **http**: add requestTimeout (Matteo Collina, Paolo Insogna, Robert Nagy) [nodejs-private/node-private#208](https://github.com/nodejs-private/node-private/pull/208) + <a id="14.10.1"></a> ## 2020-09-10, Version 14.10.1 (Current), @richardlau diff --git a/src/node_version.h b/src/node_version.h index 2c627ed41d9..0d7ffd57452 100644 --- a/src/node_version.h +++ b/src/node_version.h @@ -23,13 +23,13 @@ #define SRC_NODE_VERSION_H_ #define NODE_MAJOR_VERSION 14 -#define NODE_MINOR_VERSION 10 -#define NODE_PATCH_VERSION 2 +#define NODE_MINOR_VERSION 11 +#define NODE_PATCH_VERSION 0 #define NODE_VERSION_IS_LTS 0 #define NODE_VERSION_LTS_CODENAME "" -#define NODE_VERSION_IS_RELEASE 0 +#define NODE_VERSION_IS_RELEASE 1 #ifndef NODE_STRINGIFY #define NODE_STRINGIFY(n) NODE_STRINGIFY_HELPER(n) |