| Age | Commit message (Collapse) | Author |
|---|
|
Notable changes:
* **tls**:
* support "BEGIN TRUSTED CERTIFICATE" for ca: (Sam Roberts)
[#24733](https://github.com/nodejs/node/pull/24733)
* **util**:
* add inspection getter option (Ruben Bridgewater)
[#24852](https://github.com/nodejs/node/pull/24852)
PR-URL: https://github.com/nodejs/node/pull/25102
|
|
PR-URL: https://github.com/nodejs/node/pull/25058
Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
|
|
Most people are going to use the existing option and switching the
name now comes with a cost which does not seem to justify the
improvement.
PR-URL: https://github.com/nodejs/node/pull/24982
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Anto Aravinth <anto.aravinth.cse@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
|
|
Currently it is not possible to inspect getters. To prevent any side
effects this should not become a default but under lots of
circumstances it would still be useful to inspect getters. This way
it is possible to actively opt into inspecting those.
PR-URL: https://github.com/nodejs/node/pull/24852
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
|
|
Support the same PEM certificate formats for the ca: option to
tls.createSecureContext() that are supported by openssl when loading a
CAfile.
Fixes: https://github.com/nodejs/node/issues/24761
PR-URL: https://github.com/nodejs/node/pull/24733
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
|
|
TLS client authentication should be tested, including failure scenarios.
PR-URL: https://github.com/nodejs/node/pull/24733
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
|
|
Add documentation about Worker class inherits from EventEmitter.
PR-URL: https://github.com/nodejs/node/pull/24849
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
|
|
This adds the `capitalized-comments` eslint rule to verify that
actual sentences use capital letters as starting letters. It ignores
special words and all lines below 62 characters.
PR-URL: https://github.com/nodejs/node/pull/24808
Reviewed-By: Sam Ruby <rubys@intertwingly.net>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
|
|
For new Agent() signature in http doc, list the supported options in
socket.connect().
Refs: https://github.com/nodejs/node/issues/24098
PR-URL: https://github.com/nodejs/node/pull/24846
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/24779
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
|
|
Notable Changes:
* console,util:
* `console` functions now handle symbols as defined in the spec.
https://github.com/nodejs/node/pull/23708
* The inspection `depth` default is now back at 2.
https://github.com/nodejs/node/pull/24326
* dgram,net:
* Added ipv6Only option for `net` and `dgram`.
https://github.com/nodejs/node/pull/23798
* http:
* Chosing between the http parser is now possible per runtime flag.
https://github.com/nodejs/node/pull/24739
* readline:
* The `readline` module now supports async iterators.
https://github.com/nodejs/node/pull/23916
* repl:
* The multiline history feature is removed.
https://github.com/nodejs/node/pull/24804
* tls:
* Added min/max protocol version options.
https://github.com/nodejs/node/pull/24405
* The X.509 public key info now includes the RSA bit size and the
elliptic curve. https://github.com/nodejs/node/pull/24358
* url:
* `pathToFileURL()` now supports LF, CR and TAB.
https://github.com/nodejs/node/pull/23720
* Windows:
* Tools are not installed using Boxstarter anymore.
https://github.com/nodejs/node/pull/24677
* The install-tools scripts or now included in the dist.
https://github.com/nodejs/node/pull/24233
* Added new collaborator:
* [antsmartian](https://github.com/antsmartian) - Anto Aravinth.
https://github.com/nodejs/node/pull/24655
PR-URL: https://github.com/nodejs/node/pull/24854
|
|
Add a `--http-parser=llhttp` vs `--http-parser=traditional`
command line switch, to make testing and comparing the new
llhttp-based implementation easier.
PR-URL: https://github.com/nodejs/node/pull/24739
Refs: https://github.com/nodejs/node/issues/24730
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Matheus Marchini <mat@mmarchini.me>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
|
|
This was missed when reverting a former commit. To make sure the
history is kept in place, this just adds a new entry to state the
revert.
PR-URL: https://github.com/nodejs/node/pull/24805
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/24847
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
|
|
This pull request adds the request psuedo headers authority
and scheme to the http2 documentation
PR-URL: https://github.com/nodejs/node/pull/24777
Fixes: https://github.com/nodejs/node/issues/23825
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
|
|
This reverts commit ac7450a09a4c167cd43c14d7c88721d22f077529.
This fully reverts the changes to util.inspect depth.
It has caused breakage in logging to existing apps, and even
something as simple as `console.log(require)` will cause >1m freezes.
I've heard nothing but negative feedback (seriously not a single
person has expressed anything positive about this change) and
personally i find this change extremely annoying.
|
|
|
|
The existing secureProtocol option only allows setting the allowed
protocol to a specific version, or setting it to "all supported
versions". It also used obscure strings based on OpenSSL C API
functions. Directly setting the min or max is easier to use and explain.
Backport-PR-URL: https://github.com/nodejs/node/pull/24676
PR-URL: https://github.com/nodejs/node/pull/24405
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
|
|
The examples show `process.stdout.fd` as a means to use synchronous
writes in async_hooks context. However this is an undocumented field,
so showcase a file write example instead.
Fixes: https://github.com/nodejs/node/issues/22873
PR-URL: https://github.com/nodejs/node/pull/24741
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/24812
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
|
|
Fill in correct pr-url: value in the YAML changelog that was missing
from f512f5ea. The stanza was also sorted in the wrong order, most
recent is supposed to be in the beginning of the changes, not the end.
PR-URL: https://github.com/nodejs/node/pull/24759
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
|
|
The `util.format()` behavior changed recently. Add the changes entry
to document the new BigInt behavior.
PR-URL: https://github.com/nodejs/node/pull/24758
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Anto Aravinth <anto.aravinth.cse@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
|
|
The `console` functions rely on the `util.format()` behavior. It
did not follow the whatwg spec when it comes to symbols in combination
with the %d, %i and %f format specifiers. Using a symbol argument in
combination with one of these specifiers resulted in an error instead
of returning `'NaN'`. This is now fixed by this patch.
PR-URL: https://github.com/nodejs/node/pull/23708
Refs: https://console.spec.whatwg.org/#formatter
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
|
|
document that incoming cookie headers are joined using '; '.
PR-URL: https://github.com/nodejs/node/pull/24740
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
|
|
Backport-PR-URL: https://github.com/nodejs/node/pull/24680
PR-URL: https://github.com/nodejs/node/pull/24679
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
|
|
This reverts commit 1a1fe53e3dbd0042807b75caac94dcae0abe4dc1.
PR-URL: https://github.com/nodejs/node/pull/24806
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
|
|
Document that the limit was changed from 80KB to 8KB in 186035243.
Fixes: https://github.com/nodejs/node/issues/24693
PR-URL: https://github.com/nodejs/node/pull/24700
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
|
|
This tests child process fork component in detached mode
by spawning a parent process that creates a child process.
We kill the parent process and check if the child is still
running.
Fixes: https://github.com/nodejs/node/issues/17592
PR-URL: https://github.com/nodejs/node/pull/24524
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
|
|
* Fix sort orders of sections and bottom references.
* Fix links.
* Unify spelling.
* Add missing YAML block.
PR-URL: https://github.com/nodejs/node/pull/24697
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Anto Aravinth <anto.aravinth.cse@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
|
|
Fixes: https://github.com/nodejs/node/issues/24550
PR-URL: https://github.com/nodejs/node/pull/24571
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Bartosz Sosnowski <bartosz@janeasystems.com>
|
|
Make it more explicit that symlinks are resolved in `__filename`.
Refs: https://github.com/nodejs/node/issues/22602#issuecomment-440906602
PR-URL: https://github.com/nodejs/node/pull/24587
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/24606
Reviewed-By: Ron Korving <ron@ronkorving.nl>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/24611
Reviewed-By: Ron Korving <ron@ronkorving.nl>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Denys Otrishko <shishugi@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/24590
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
|
|
This was missed when the function was added. As it
is experimental in the code it should also be
experimental in the docs.
Fixes: https://github.com/nodejs/node/issues/24509
PR-URL: https://github.com/nodejs/node/pull/24572
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
|
|
For TCP servers, the dual-stack support is enable by default, i.e.
binding host "::" will also make "0.0.0.0" bound. This commit add
ipv6Only option in `net.Server.listen()` and `dgram.createSocket()`
methods which allows to disable dual-stack support. Support for
cluster module is also provided in this commit.
Fixes: https://github.com/nodejs/node/issues/17664
PR-URL: https://github.com/nodejs/node/pull/23798
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/23933
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
|
|
This commit adds the missing environment variable
NODE_DEBUG_NATIVE to the CLI API docs.
PR-URL: https://github.com/nodejs/node/pull/24383
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Ouyang Yadong <oyydoibh@gmail.com>
Reviewed-By: Weijia Wang <starkwang@126.com>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
|
|
Co-authored-by: Ivan Filenko <ivan.filenko@protonmail.com>
Fixes: https://github.com/nodejs/node/issues/18603
Refs: https://github.com/nodejs/node/pull/18904
PR-URL: https://github.com/nodejs/node/pull/23916
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Gus Caplan <me@gus.host>
|
|
Improve markup and return value description.
PR-URL: https://github.com/nodejs/node/pull/24533
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
|
|
For symmetricality with the EC public key info, and because its useful.
PR-URL: https://github.com/nodejs/node/pull/24358
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
|
|
X.509 certs are provided to the user in a parsed object form by a number
of TLS APIs. Include public key info for elliptic curves as well, not
just RSA.
- pubkey: the public key
- bits: the strength of the curve
- asn1Curve: the ASN.1 OID for the curve
- nistCurve: the NIST nickname for the curve, if it has one
PR-URL: https://github.com/nodejs/node/pull/24358
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
|
|
PR-URL: https://github.com/nodejs/node/pull/24358
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
|
|
Add missing docs for filehandle.write(string[, position[, encoding]])
In the fs.promises API.
Fixes: https://github.com/nodejs/node/issues/20406
PR-URL: https://github.com/nodejs/node/pull/23224
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
|
|
Updated Cipher and Decipher examples to not use deprecated
`crypto.createCipher` and `crypto.createDecipher` in examples and
instead use `createCipheriv` and `createDecipheriv`.
Fixes: https://github.com/nodejs/node/issues/24046
PR-URL: https://github.com/nodejs/node/pull/24107
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
|
|
Forbid modifying tracing state from worker threads, either
through the built-in module or inspector sessions, since
the main thread owns all global state, and at least
the `async_hooks` integration is definitely not thread
safe in its current state.
PR-URL: https://github.com/nodejs/node/pull/23781
Fixes: https://github.com/nodejs/node/issues/22767
Refs: https://github.com/nodejs/node/issues/22513
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Matheus Marchini <mat@mmarchini.me>
|
|
Split the Node.js ECMAScript API (N-EAPI?) into its own header and
implementation files. The motivation is that the ECMAScript API stand
on its own so it might be embedded separately, implementation and all.
Portions of the implementation used by both files are stored in
`node_api_impl.h`.
The checked boxes below indicate that the given API remains in
`node_api.h`, whereas the lack of a checkbox indicates that the API was
moved to `node_ecma_api.h`.
* [x] NAPI_MODULE
* [x] NAPI_MODULE_INIT
* [x] napi_acquire_threadsafe_function
* [x] napi_add_env_cleanup_hook
* [x] napi_async_destroy
* [x] napi_async_init
* [x] napi_call_threadsafe_function
* [x] napi_cancel_async_work
* [x] napi_close_callback_scope
* [x] napi_create_async_work
* [x] napi_create_buffer
* [x] napi_create_buffer_copy
* [x] napi_create_external_buffer
* [x] napi_create_threadsafe_function
* [x] napi_delete_async_work
* [x] napi_fatal_error
* [x] napi_fatal_exception
* [x] napi_get_buffer_info
* [x] napi_get_node_version
* [x] napi_get_threadsafe_function_context
* [x] napi_get_uv_event_loop
* [x] napi_is_buffer
* [x] napi_make_callback
* [x] napi_module_register
* [x] napi_open_callback_scope
* [x] napi_queue_async_work
* [x] napi_ref_threadsafe_function
* [x] napi_release_threadsafe_function
* [x] napi_remove_env_cleanup_hook
* [x] napi_unref_threadsafe_function
* [ ] napi_add_finalizer
* [ ] napi_adjust_external_memory
* [ ] napi_call_function
* [ ] napi_close_escapable_handle_scope
* [ ] napi_close_handle_scope
* [ ] napi_coerce_to_bool
* [ ] napi_coerce_to_number
* [ ] napi_coerce_to_object
* [ ] napi_coerce_to_string
* [ ] napi_create_array
* [ ] napi_create_arraybuffer
* [ ] napi_create_array_with_length
* [ ] napi_create_bigint_int64
* [ ] napi_create_bigint_uint64
* [ ] napi_create_bigint_words
* [ ] napi_create_dataview
* [ ] napi_create_double
* [ ] napi_create_error
* [ ] napi_create_external
* [ ] napi_create_external_arraybuffer
* [ ] napi_create_function
* [ ] napi_create_int32
* [ ] napi_create_int64
* [ ] napi_create_object
* [ ] napi_create_promise
* [ ] napi_create_range_error
* [ ] napi_create_reference
* [ ] napi_create_string_latin1
* [ ] napi_create_string_utf16
* [ ] napi_create_string_utf8
* [ ] napi_create_symbol
* [ ] napi_create_typedarray
* [ ] napi_create_type_error
* [ ] napi_create_uint32
* [ ] napi_define_class
* [ ] napi_define_properties
* [ ] napi_delete_element
* [ ] napi_delete_property
* [ ] napi_delete_reference
* [ ] napi_escape_handle
* [ ] napi_get_and_clear_last_exception
* [ ] napi_get_arraybuffer_info
* [ ] napi_get_array_length
* [ ] napi_get_boolean
* [ ] napi_get_cb_info
* [ ] napi_get_dataview_info
* [ ] napi_get_element
* [ ] napi_get_global
* [ ] napi_get_last_error_info
* [ ] napi_get_named_property
* [ ] napi_get_new_target
* [ ] napi_get_null
* [ ] napi_get_property
* [ ] napi_get_property_names
* [ ] napi_get_prototype
* [ ] napi_get_reference_value
* [ ] napi_get_typedarray_info
* [ ] napi_get_undefined
* [ ] napi_get_value_bigint_int64
* [ ] napi_get_value_bigint_uint64
* [ ] napi_get_value_bigint_words
* [ ] napi_get_value_bool
* [ ] napi_get_value_double
* [ ] napi_get_value_external
* [ ] napi_get_value_int32
* [ ] napi_get_value_int64
* [ ] napi_get_value_string_latin1
* [ ] napi_get_value_string_utf16
* [ ] napi_get_value_string_utf8
* [ ] napi_get_value_uint32
* [ ] napi_get_version
* [ ] napi_has_element
* [ ] napi_has_named_property
* [ ] napi_has_own_property
* [ ] napi_has_property
* [ ] napi_instanceof
* [ ] napi_is_array
* [ ] napi_is_arraybuffer
* [ ] napi_is_dataview
* [ ] napi_is_error
* [ ] napi_is_exception_pending
* [ ] napi_is_promise
* [ ] napi_is_typedarray
* [ ] napi_new_instance
* [ ] napi_open_escapable_handle_scope
* [ ] napi_open_handle_scope
* [ ] napi_reference_ref
* [ ] napi_reference_unref
* [ ] napi_reject_deferred
* [ ] napi_remove_wrap
* [ ] napi_resolve_deferred
* [ ] napi_run_script
* [ ] napi_set_element
* [ ] napi_set_named_property
* [ ] napi_set_property
* [ ] napi_strict_equals
* [ ] napi_throw
* [ ] napi_throw_error
* [ ] napi_throw_range_error
* [ ] napi_throw_type_error
* [ ] napi_typeof
* [ ] napi_unwrap
* [ ] napi_wrap
PR-URL: https://github.com/nodejs/node/pull/23786
Reviewed-By: Yazhong Liu <yorkiefixer@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
|
|
One of the comments we got at the N-API workshop
at NodeConfEU was that we should have a better link to
node-addon-api and the docs in the main API docs for
N-API. The goal being to help people find node-addon-api
and potentially start with the node-addon-api docs
instead if they are using C++.
This expands and strengthens the link along with a
recommendation that starting with the node-addon-api
docs might make sense.
PR-URL: https://github.com/nodejs/node/pull/24371
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
|
|
This is a security release. All Node.js users should consult the security
release summary at:
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
for details on patched vulnerabilities.
Fixes for the following CVEs are included in this release:
* Node.js: Denial of Service with large HTTP headers (CVE-2018-12121)
* Node.js: Slowloris HTTP Denial of Service (CVE-2018-12122 / Node.js)
* Node.js: Hostname spoofing in URL parser for javascript protocol
(CVE-2018-12123)
* OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734)
* OpenSSL: Timing vulnerability in ECDSA signature generation (CVE-2019-0735)
Notable Changes:
* deps: Upgrade to OpenSSL 1.1.0j, fixing CVE-2018-0734 and CVE-2019-0735
* http:
* Headers received by HTTP servers must not exceed 8192 bytes in total to
prevent possible Denial of Service attacks. Reported by Trevor Norris.
(CVE-2018-12121 / Matteo Collina)
* A timeout of 40 seconds now applies to servers receiving HTTP headers. This
value can be adjusted with `server.headersTimeout`. Where headers are not
completely received within this period, the socket is destroyed on the next
received chunk. In conjunction with `server.setTimeout()`, this aids in
protecting against excessive resource retention and possible Denial of
Service. Reported by Jan Maybach (liebdich.com).
* url: Fix a bug that would allow a hostname being spoofed when parsing URLs
with `url.parse()` with the `'javascript:'` protocol. Reported by
Martin Bajanik (kenticocloud.com). (CVE-2018-12123 / Matteo Collina)
PR-URL: https://github.com/nodejs-private/node-private/pull/156/
|
|
CVE-2018-12122
An attacker can send a char/s within headers and exahust the resources
(file descriptors) of a system even with a tight max header length
protection. This PR destroys a socket if it has not received the headers
in 40s.
PR-URL: https://github.com/nodejs-private/node-private/pull/144
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
|
