Node v0.12.5 (Stable)

The Node.js Project

With this new release, OpenSSL has been upgraded to 1.0.1o to fix several security vulnerabilities. Two of them affect Node.js directly: Logjam and CVE-2015-1788.

Regarding Logjam, OpenSSL has added protection for TLS clients by rejecting handshakes with DH parameters shorter than 768 bits. It means that upgrading to this release of Node.js may prevent TLS clients written in node from connecting to servers using short DH parameters.

Although it is a breaking change in a stable version, the Node.js TSC determined that this is the best path forward to ensure the security of software written with this and future stable versions of node. Should you encounter any issue with this release related to TLS clients not being able to connect to servers using short DH keys, please create an issue at https://github.com/joyent/node/issues.

As for CVE-2015-1788, before this release, TLS programs (including servers) written with Node.js are vulnerable to Denial Of Service attacks.

2015.06.22, Version 0.12.5 (Stable)

  • openssl: upgrade to 1.0.1o (Addressing multiple CVEs)

  • npm: upgrade to 2.11.2

  • uv: upgrade to 1.6.1

  • V8: avoid deadlock when profiling is active (Dmitri Melikyan)

  • install: fix source path for openssl headers (Oguz Bastemur)

  • install: make sure opensslconf.h is overwritten (Oguz Bastemur)

  • timers: fix timeout when added in timer's callback (Julien Gilli)

  • windows: broadcast WM_SETTINGCHANGE after install (Mathias Küsel)

Source Code: https://nodejs.org/dist/v0.12.5/node-v0.12.5.tar.gz

Macintosh Installer (Universal): https://nodejs.org/dist/v0.12.5/node-v0.12.5.pkg

Windows Installer: https://nodejs.org/dist/v0.12.5/node-v0.12.5-x86.msi

Windows x64 Installer: https://nodejs.org/dist/v0.12.5/x64/node-v0.12.5-x64.msi

Windows x64 Files: https://nodejs.org/dist/v0.12.5/x64/

Linux 32-bit Binary: https://nodejs.org/dist/v0.12.5/node-v0.12.5-linux-x86.tar.gz

Linux 64-bit Binary: https://nodejs.org/dist/v0.12.5/node-v0.12.5-linux-x64.tar.gz

Solaris 32-bit Binary: https://nodejs.org/dist/v0.12.5/node-v0.12.5-sunos-x86.tar.gz

Solaris 64-bit Binary: https://nodejs.org/dist/v0.12.5/node-v0.12.5-sunos-x64.tar.gz

Other release files: https://nodejs.org/dist/v0.12.5/

Website: https://nodejs.org/docs/v0.12.5/

Documentation: https://nodejs.org/docs/v0.12.5/api/

Shasums:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

a31674f017aa7bfff6d73d2d62501e78e19f2856  node-v0.12.5-darwin-x64.tar.gz
648c4da8bdb6bf0daadfa11a1f59dc5f354179f3  node-v0.12.5-darwin-x86.tar.gz
d06b46e4b9064b12c3cdb65defaf27b968262856  node-v0.12.5-linux-x64.tar.gz
2b5e20fcb362f34df5508b8334d52514701aa15f  node-v0.12.5-linux-x86.tar.gz
2dbc96c33dced5dc4632588035f92afdedaf0ff0  node-v0.12.5-sunos-x64.tar.gz
27eda0e7cd5cd748919055b22683ce0770ce1906  node-v0.12.5-sunos-x86.tar.gz
dd45f1fad6a32686afee6fc9b3353380481a9bec  node-v0.12.5-x86.msi
f5888618555f97c3d67366f11abaf097491ae6f4  node-v0.12.5.pkg
baecde8c2d297aa001a2a8ba2f2d086d970a13eb  node-v0.12.5.tar.gz
f4c8c81c60ed4ad1be2f2df93c0a99c9ba94a1e7  node.exe
2e6912adf6b1cfa3c818770bcd3c09882afcbf7c  node.exp
e88ff96166822f75d31b246358e13e814ddfc2d9  node.lib
9007edd47eeaa4d14329d879f4248ac42869676f  node.pdb
45e946f6ad94e2225c2f2c5081bd6bfa5dad3a5f  openssl-cli.exe
27ea2047ef5ccf0ebdb8b1a9c61e0c35d36c2c6c  openssl-cli.pdb
689e1dbedf5dac5b900584e878024ab3f31111a6  x64/node-v0.12.5-x64.msi
00652c22276b1e7b0b307437219efc3431446100  x64/node.exe
8888e187bfb8dc1f18f6e1284c46014bf97dbadb  x64/node.exp
c9ba1d50d1c962c169a0d47c8ab1f834ab637621  x64/node.lib
149ec0193bef26c57dc420dfe00f928bb4b7a579  x64/node.pdb
5cc07312c39b18ba27229919114b6b09724c9fb3  x64/openssl-cli.exe
590fb71ca72c876bbaad5e5ee6fe85acf406fe40  x64/openssl-cli.pdb
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJViGeDAAoJEFCjBR+IjGKN4OIP/iCxMMLAKTqlrSma5wiztO82
1ff4yE8rCs0jiGZVgTucmaI7j5fGFHJi1sbsBqqAeda3IYAEq+lL180YioHR8KlS
47cTvqeTnjIj1JhzhhRcGxs17IyK7YFJJmEQ+54XdYDB0dHDJM/UXy8ySiCxBdTf
c1Kzi6OGp7qmSAOdIo76q63AxWzKL5jVrxkBBmtyJFr6EW4xTkz98GDLaK+GeBHT
cdpcInYbtJpWNm/8XOfZqAR0tW4HZ6tYHuSxvaZh18YDd+SNsQgLCmR56pLEMkaw
frgfNje37r6jjx1f1GkpbdQHSVjFUZiiwTyKP7eTDMrjttRuYZk+VUCyh/abqZZ3
dfz9Ue22z5ZJyb9L3adrYATrGKBfkhwljcAgYCaGXOokKRZis8BkZJIQUbHI/jZr
/p2hg413EWYoV+ra0a6qjci0JufNJ5Y+02K3XS+qr0lGS4WICEgtni3p0VhWkKO4
ppYgJD4QhQVyH22fi0LklMoX2VO/iyDaNUKHOOHC1QnGQy/5bIGWE4IcSTWFXIpa
hXJT/UmGe7WXup+AQ53E2jzFK2xKX5qnRBGZWjUKQE+nT4o06QNbupZfMckGc8YO
yF1TCguhR+1oglGZbLyvPfCDuD8gJcI76LhDFkoztQbAmiNZql4CbmOw+R5ebDe+
E2abSYUpsCAZCr+Edudl
=Vxgb
-----END PGP SIGNATURE-----
Last Updated
Jun 22, 2015
Reading Time
2 min read
Contribute
Edit this page