Node v5.1.1/v4.2.3/v0.12.9/v0.10.41 發布

Node v5.1.1 (Stable)，該版本是重要安全更新發布，主要更新內容如下：

• http: Fix a bug where an HTTP socket may no longer have an associated parser but a pipelined request triggers a pause or resume, a potential denial-of-service vector. (Fedor Indutny)

  </li>

• openssl: Upgrade to 1.0.2e, containing fixes for:

  </li>

  • CVE-2015-3193 "BN_mod_exp may produce incorrect results on x86_64", an attack may be feasible against a Node.js TLS server using DHE key exchange. Details are available at http://openssl.org/news/secadv/20151203.txt.

    </li>

  • CVE-2015-3194 "Certificate verify crash with missing PSS parameter", a potential denial-of-service vector for Node.js TLS servers using client authentication; TLS clients are also impacted. Details are available at http://openssl.org/news/secadv/20151203.txt. (Shigeki Ohtsu) #4134

    </li> </ul>

  • v8: Backport fixes for a bug in JSON.stringify() that can result in out-of-bounds reads for arrays. (Ben Noordhuis)

    </li> </ul>

    詳情請看：04 Dec 15Node v5.1.1 (Stable) 

    同時更新的版本還有：

    • 04 Dec 15

      Node v4.2.3 "Argon" (LTS)                        

    • 04 Dec 15

      Node v0.12.9 (LTS)                        

    • 04 Dec 15

      Node v0.10.41 (Maintenance)                        

    </ul>

    
    

    來自：http://www.oschina.net/news/68673/node-5-1-1
     本文由用戶 ffc8 自行上傳分享，僅供網友學習交流。所有權歸原作者，若您的權利被侵害，請聯系管理員。
     轉載本站原創文章，請注明出處，并保留原始鏈接、圖片水印。
     本站是一個以用戶分享為主的開源技術平臺，歡迎各類分享！
      本文地址：http://www.baiduhome.net/news/view/15a7a66
    Node