Node v0.12.11 (LTS)
Rod Vagg
This release contains security updates. OpenSSL 1.0.1s fixes some low-severity defects that impact Node.js. See our impact assessment for full details.
Notable changes:
- http_parser: Update to http-parser 2.3.2 to fix an unintentionally strict limitation of allowable header characters. (James M Snell) nodejs/node#5241
- domains:
- Prevent an exit due to an exception being thrown rather than emitting an 'uncaughtException' event on the
processobject when no error handler is set on the domain within which an error is thrown and an 'uncaughtException' event listener is set onprocess. (Julien Gilli) nodejs/node#3885 - Fix an issue where the process would not abort in the proper function call if an error is thrown within a domain with no error handler and
--abort-on-uncaught-exceptionis used. (Julien Gilli) nodejs/node#3885
- Prevent an exit due to an exception being thrown rather than emitting an 'uncaughtException' event on the
- openssl: Upgrade from 1.0.1r to 1.0.1s (Ben Noordhuis) nodejs/node#5509
- Fix a double-free defect in parsing malformed DSA keys that may potentially be used for DoS or memory corruption attacks. It is likely to be very difficult to use this defect for a practical attack and is therefore considered low severity for Node.js users. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0705
- Fix a defect that can cause memory corruption in certain very rare cases relating to the internal
BN_hex2bn()andBN_dec2bn()functions. It is believed that Node.js is not invoking the code paths that use these functions so practical attacks via Node.js using this defect are unlikely to be possible. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0797 - Fix a defect that makes the CacheBleed Attack (https://ssrg.nicta.com.au/projects/TS/cachebleed/) possible. This defect enables attackers to execute side-channel attacks leading to the potential recovery of entire RSA private keys. It only affects the Intel Sandy Bridge (and possibly older) microarchitecture when using hyper-threading. Newer microarchitectures, including Haswell, are unaffected. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0702
Commits:
- [
1ab6653db9] - build: update Node.js logo on OSX installer (Rod Vagg) #5401 - [
fcc64792ae] - child_process: guard against race condition (Rich Trott) #5153 - [
6c468df9af] - child_process: fix data loss with readable event (Brian White) #5037 - [
61a22019c2] - deps: upgrade openssl to 1.0.1s (Ben Noordhuis) #5509 - [
fa26b13df7] - deps: update to http-parser 2.3.2 (James M Snell) #5241 - [
46c8e2165f] - deps: backport 1f8555 from v8's upstream (Trevor Norris) #3945 - [
ce58c2c31a] - doc: remove SSLv2 descriptions (Shigeki Ohtsu) #5541 - [
018e4e0b1a] - domains: fix handling of uncaught exceptions (Julien Gilli) #3885 - [
d421e85dc9] - lib: fix cluster handle leak (Rich Trott) #5152 - [
3a48f0022f] - node: fix leaking Context handle (Trevor Norris) #3945 - [
28dddabf6a] - src: fix build error without OpenSSL support (Jörg Krause) #4201 - [
a79baf03cd] - src: use global SealHandleScope (Trevor Norris) #3945 - [
be39f30447] - test: add test-domain-exit-dispose-again back (Julien Gilli) #4278 - [
da66166b9a] - test: fix test-domain-exit-dispose-again (Julien Gilli) #3991
Windows 32-bit Installer: https://nodejs.org/dist/v0.12.11/node-v0.12.11-x86.msi
Windows 64-bit Installer: https://nodejs.org/dist/v0.12.11/x64/node-v0.12.11-x64.msi
Windows 32-bit Binary: https://nodejs.org/dist/v0.12.11/node.exe
Windows 64-bit Binary: https://nodejs.org/dist/v0.12.11/x64/node.exe
Mac OS X Universal Installer: https://nodejs.org/dist/v0.12.11/node-v0.12.11.pkg
Mac OS X 64-bit Binary: https://nodejs.org/dist/v0.12.11/node-v0.12.11-darwin-x64.tar.gz
Mac OS X 32-bit Binary: https://nodejs.org/dist/v0.12.11/node-v0.12.11-darwin-x86.tar.gz
Linux 32-bit Binary: https://nodejs.org/dist/v0.12.11/node-v0.12.11-linux-x86.tar.gz
Linux 64-bit Binary: https://nodejs.org/dist/v0.12.11/node-v0.12.11-linux-x64.tar.gz
SmartOS 32-bit Binary: https://nodejs.org/dist/v0.12.11/node-v0.12.11-sunos-x86.tar.gz
SmartOS 64-bit Binary: https://nodejs.org/dist/v0.12.11/node-v0.12.11-sunos-x64.tar.gz
Source Code: https://nodejs.org/dist/v0.12.11/node-v0.12.11.tar.gz
Other release files: https://nodejs.org/dist/v0.12.11/
Documentation: https://nodejs.org/docs/v0.12.11/api/
Shasums (GPG signing hash: SHA512, file hash: SHA256):
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
17c2d6926976279707d5576a82eb59c4dadc5b8adaef562744fc14fa19e3ab5a node.exe
f6a93ff89cdd8532a63f81d1e97a8394c6da6353ab0cdbf6ce83d69bfdbecc13 node.exp
6524b6acf14f93ad15fa26a938ae13867cab17f8d031f03d5cad12c6b752244e node.lib
8fc934c37296fb639b080d0ba474ba5d6521cc32f0fd01e1514880f45a7e5b1b node.pdb
68b949f6c308eb1ad28e96926fca68e3ac0dfb7ec997945f4e26db99fe3ad711 node-v0.12.11-darwin-x64.tar.gz
4011d2c1c24f19c8f6ec8c93616ed0259b5c8f56b32f9f043b0706a4891065ee node-v0.12.11-darwin-x64.tar.xz
057f701678c0fe0c596eaa517e8b7ba771bdca89d99a7ace8df8e1064784727b node-v0.12.11-darwin-x86.tar.gz
64181afbb0e9bf4087582b24f8332ae60a92d65fbf03f2ae4064c27e0df8ad09 node-v0.12.11-darwin-x86.tar.xz
4d3985bddfbdc867eb1f226e74c3a507db01410f95aaa566da18ada9bfd51d02 node-v0.12.11-headers.tar.gz
0d6c113200170e80e1fa7aac4830f513ff93269d96c7a32e9f5c30ac6c45ac0b node-v0.12.11-headers.tar.xz
d98b76b7721a60471801e07e1f90af4fd479e8e42a632d419ede0a7b3c603cc0 node-v0.12.11-linux-x64.tar.gz
6122af4237461982e80111583c1b845ec8276c95dfd241f1e96c1cbcda671586 node-v0.12.11-linux-x64.tar.xz
ecf627bf67bfd231e549869c6e2963acd5551d15d5cf1116b0649d3d14ddde19 node-v0.12.11-linux-x86.tar.gz
5f376924c3e70a0b8283a0bcda15f2b32ff63adaa195a26a77bf309f04122d65 node-v0.12.11-linux-x86.tar.xz
f6c2b066b9d75ed9b352849ff5044819bd527fceada669210999310aada9a280 node-v0.12.11.pkg
6a68d6ad04c9b73ed72e88e39002bbaa95ffc423c6cf47e3c3da5edd0abbc701 node-v0.12.11-sunos-x64.tar.gz
688f63d22fa8b2094225ffe049e5b7b584b899e5ede565b6f001d019c0e9c0da node-v0.12.11-sunos-x64.tar.xz
9e61254d7437c2498817225c62dc6cfc065bd3b2404a213d8d305419bca07a6c node-v0.12.11-sunos-x86.tar.gz
a0b32c1e606ce31d61faf4eb340aeecd0fc973a7c6fb4b45dd6a9aa1fac48ba5 node-v0.12.11-sunos-x86.tar.xz
e49049d82f2a11fa164549d907d4739fe1293d53c07f48bd70e1df237b238a68 node-v0.12.11.tar.gz
ad36d2fee86171582b7a3c7470a0c565bd816dc02518e1b64aa5f21a0fdf86ce node-v0.12.11.tar.xz
fbc814fe197618421015807e487ee5b30eeaca5224511680342e9eb178afd252 node-v0.12.11-x86.msi
df06cd0f64660802d20cbff3655ce89dc1f302fa9fce05140ee00663d8a54c50 openssl-cli.exe
f5386b0f3bd3591b5d65a0f7c8167f50c3a8c9dc8dab08fd8abcdd2b001ea1b7 openssl-cli.pdb
46893f15c3ef27631646f47f380ad1e2ad344c2b337a85d228aa94ae58349f8a x64/node.exe
c9e771b9eddb0f7b0da929a3c3f27bdc8836da6e436e3980f97854e09c496f38 x64/node.exp
e25a49dbaa616bd4cf9e7bb46ea3ec06e8cc68b255e2893772d40182896ec7bb x64/node.lib
965a585155a296f81c82b77c4df2d17680660aca3f074cd3c0a0b34adc339c4c x64/node.pdb
b9496d61e09ae852f27d7571c3be39a834befa7587607ae229d41f0e3bd56f59 x64/node-v0.12.11-x64.msi
2e22479b9681caedfa271b9b414d5e4e6fc8b185ce560c57be10a61c98388e39 x64/openssl-cli.exe
32ebc22dec65750c3e43ba944dd3fdd6fffefc303c6142a0f131d215b86b613d x64/openssl-cli.pdb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJW2HuxAAoJEMJzeS99g1Rd6MUH/jMQgOKWaO1+70aTA3g8/3yX
S4Gj05FZiDTF8HO6Svrbka5hpU8BkuJAsL3sp+E4+cIwGdYyA73hzq8qN4Gwm0X8
nmRpMfY1T+Goeox2m7D2rcrM88yeTRxtD7mM2sg32lDGUGwI0CiIEpYcA3BFF6tj
Km7NlZahyiXaGEh6hUWcbkwHuoMEHKrACiMRb9RNOE0pdpdeXvoSYli7KBn8JZAl
cQaK/KJxxUWeywnDzPcsg+gN4CQlnnKm6Tawtu++v6FWLcS8WTktd81Jue4knbks
JoC+Bb4h2rvDR1/8o+Jjc95MnGvIx/MB5tFyY1tDEDjQxsC1oZXcUz4P5pjlnqE=
=KKkY
-----END PGP SIGNATURE-----