Node v0.12.10 (LTS)

By James M Snell,

This is an important security release. For full details see /blog/vulnerability/february-2016-security-releases/ for details on patched vulnerabilities.

Notable changes:

  • http: fix defects in HTTP header parsing for requests and responses that can allow request smuggling (CVE-2016-2086) or response splitting (CVE-2016-2216). HTTP header parsing now aligns more closely with the HTTP spec including restricting the acceptable characters.
  • http-parser: upgrade from 2.3.0 to 2.3.1
  • openssl: upgrade from 1.0.1q to 1.0.1r. To mitigate against the Logjam attack, TLS clients now reject Diffie-Hellman handshakes with parameters shorter than 1024-bits, up from the previous limit of 768-bits.
  • src:
    • introduce new --security-revert={cvenum} command line flag for selective reversion of specific CVE fixes
    • allow the fix for CVE-2016-2216 to be selectively reverted using --security-revert=CVE-2016-2216
  • build:
    • xz compressed tar files will be made available from nodejs.org for v0.12 builds from v0.12.10 onward
    • A headers.tar.gz file will be made available from nodejs.org for v0.12 builds from v0.12.10 onward, a future change to node-gyp will be required to make use of these

Commits:

Windows 32-bit Installer: https://nodejs.org/dist/v0.12.10/node-v0.12.10-x86.msi
Windows 64-bit Installer: https://nodejs.org/dist/v0.12.10/x64/node-v0.12.10-x64.msi
Windows 32-bit Binary: https://nodejs.org/dist/v0.12.10/node.exe
Windows 64-bit Binary: https://nodejs.org/dist/v0.12.10/x64/node.exe
Mac OS X Universal Installer: https://nodejs.org/dist/v0.12.10/node-v0.12.10.pkg
Mac OS X 64-bit Binary: https://nodejs.org/dist/v0.12.10/node-v0.12.10-darwin-x64.tar.gz
Mac OS X 32-bit Binary: https://nodejs.org/dist/v0.12.10/node-v0.12.10-darwin-x86.tar.gz
Linux 32-bit Binary: https://nodejs.org/dist/v0.12.10/node-v0.12.10-linux-x86.tar.gz
Linux 64-bit Binary: https://nodejs.org/dist/v0.12.10/node-v0.12.10-linux-x64.tar.gz
SmartOS 32-bit Binary: https://nodejs.org/dist/v0.12.10/node-v0.12.10-sunos-x86.tar.gz
SmartOS 64-bit Binary: https://nodejs.org/dist/v0.12.10/node-v0.12.10-sunos-x64.tar.gz
Source Code: https://nodejs.org/dist/v0.12.10/node-v0.12.10.tar.gz
Other release files: https://nodejs.org/dist/v0.12.10/
Documentation: https://nodejs.org/docs/v0.12.10/api/

Shasums (GPG signing hash: SHA512, file hash: SHA256):

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

8a9c7fe990c1028e7c6d5bf61413027904a0fff67e23ba7c7c6d5fbb16cd4884  node.exe
c2b369b4fdb12c3ac14a6214c48c901e4805366a361c6cae5bb24215bf282318  node.exp
6919172dc22ad2690836a3988bf138cfc80ba484490a05a6eafda0a4909936d1  node.lib
5809753f1a8b6e3e311c41a066f0eb8f90b5b569896b6f1945af0971de9b2e4d  node.pdb
c95df35ca1ed7b4b0ded815c1d49f36defcb1fdb882f6a8ef6106a07e3f2ffef  node-v0.12.10-darwin-x64.tar.gz
b4ae523d81ced4935e0c7184bafcc1eb199d08ccfc70267a0dab546c33c18831  node-v0.12.10-darwin-x64.tar.xz
d4abd2b778c9d803676ad6121e6fdbc625b9ea73e845b0ecd761c162e86150ca  node-v0.12.10-darwin-x86.tar.gz
0bc827d4c494274855b01ff2fab4ad311fe3c0b50cc0b62bb7736c7c890d2f15  node-v0.12.10-darwin-x86.tar.xz
c8e99589d96f9ad598c2d602e3dcac4bb0147a709da4da89a1f2b7f667f4b415  node-v0.12.10-headers.tar.gz
8c44114a3f5747475a042fd2f2333d4671223638a0dfa3cb264bf32f9a7c91c5  node-v0.12.10-headers.tar.xz
8fb4d6ed8934f0b0c92c26878511e1d340b068ee966c131ba0fccc1199f4349d  node-v0.12.10-linux-x64.tar.gz
a993b72902eb1bdd50f1615026b6372a0d28302c15841b04e11bedab379709c0  node-v0.12.10-linux-x64.tar.xz
6f3ea401d2f488afb6adc57a3056df8658c1c9a57a368637cbc215ed3133c3b7  node-v0.12.10-linux-x86.tar.gz
99d0c121cd58b2d44080f78692dfb400e5098190f453709707594debd1359154  node-v0.12.10-linux-x86.tar.xz
afa45162c741898c7fc382093f29e68503edfa48cd67541d9c2c4081197fba02  node-v0.12.10.pkg
d67f17540c711eb150b8a389af1b4e6ecdcab66a1648b7ce925af98ab52b2698  node-v0.12.10-sunos-x64.tar.gz
2840f181594a0bd8b9cade785e9b6502591da68dc5a3ed3f2773637eb7df980b  node-v0.12.10-sunos-x64.tar.xz
beca24cc3615c5b1858817d121bd91eecdc3af5b98ed0c4c171e1ef60afac049  node-v0.12.10-sunos-x86.tar.gz
3cb4a9cbfd0f724c3ba6e4ca2c6c70bb6d7c103dea682acf9c8ca1125133e1a2  node-v0.12.10-sunos-x86.tar.xz
edbd3710512ec7518a3de4cabf9bfee6d12f278eef2e4b53422c7b063f6b976d  node-v0.12.10.tar.gz
f6318e5413982d40358a1b479458ebdd4bb523ae572c1149ce0e73cb58661978  node-v0.12.10.tar.xz
b888d17dbf04e43f521dbff8a68b24fae37027f6cd6b5a80430bc64fc5e7da40  node-v0.12.10-x86.msi
6153b53d72ea6cfbd6fd4a591787831c32fdd610d851fa2312eece6ac4686929  openssl-cli.exe
668479f90904e088ead0258de2941e597ba08aa61a1eed3ed96622c4c6d3bb25  openssl-cli.pdb
79687fe8d08a439f5167ab474a1238b6423cdb4f72cbc94213cfd6c21cf729f0  x64/node.exe
90116c88db51255a9c20158fd7b577769241b576d5642e269c465342c20f7025  x64/node.exp
490482c06c1ae913e3f78006aa9d41d67659e5499a4155cef2ff2ab49caf8921  x64/node.lib
58d9088252d3d5cc12647448491b6e287f9cd6a573be7b59f98ceb13fed15e2e  x64/node.pdb
a3b49281f8f07eddf310c621feb55f98bd07f7ad252d5afa215212cf3f6e12d2  x64/node-v0.12.10-x64.msi
3cf691f703fc23c71263f8f02fd8780891a0e0f6cae37b4e15353446a47014b7  x64/openssl-cli.exe
ab634d22bd0a6bbf8a1adbd144f621e600deabf957d08effed729f88db3763ab  x64/openssl-cli.pdb
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQEcBAEBCgAGBQJWuhv7AAoJEHNBsVwHCHes2HwH/i14nZes3/aej0uw3Yu2vhU6
X+MSyaZ4/Nrd+5YWy2BYXyVwO/PK7g508nGUqf5I4zEfmw8nwBYqyuf6891YeTR/
rD5yKhldt/lnWFLu6L8g4FKSPo3Zf0Vb1EB/xgL04VHlP6Pjh0/AOU5VS6Rvk9is
TerO4AHbYFYMkI7/xeSSPGxwhGEP5grBxOogJNRyHTfbav04VEg+kLwH59CSaYvM
PdHEvb03fOhJBDsuK1I0yADvLqtiVeUoarWO9h4HVbt2+8haPaDFpHfGREEOwyxn
hTZJUpoHMDTADd8Fzxpqbu2IPBhZwc01QUyCju8FUSTxAScCxNM1bYpuqDr934M=
=w69g
-----END PGP SIGNATURE-----