Weekly Update - May 22nd, 2015
io.js 1.8, 2.0 and 2.1 releases
This week we had three io.js releases v1.8.2, v2.0.2 and v2.1.0, complete changelog can be found on GitHub.
- crypto: significantly reduced memory usage for TLS (Fedor Indutny & Сковорода Никита Андреевич) #1529
- npm: Upgrade npm to 2.9.0. See the v2.8.4 and v2.9.0 release notes for details.
- win,node-gyp: the delay-load hook for windows addons has now been correctly enabled by default, it had wrongly defaulted to off in the release version of 2.0.0 (Bert Belder) #1433
tmpdir()'s trailing slash stripping has been refined to fix an issue when the temp directory is at '/'. Also considers which slash is used by the operating system. (cjihrig) #1673
- tls: default ciphers have been updated to use gcm and aes128 (Mike MacCana) #1660
- build: v8 snapshots have been re-enabled by default as suggested by the v8 team, since prior security issues have been resolved. This should give some perf improvements to both startup and vm context creation. (Trevor Norris) #1663
- src: fixed preload modules not working when other flags were used before
--require(Yosuke Furukawa) #1694
- dgram: fixed
send()'s callback not being asynchronous (Yosuke Furukawa) #1313
- readline: emitKeys now keeps buffering data until it has enough to parse. This fixes an issue with parsing split escapes. (Alex Kocharin) #1601
- cluster: works now properly emit 'disconnect' to
cluster.worker(Oleg Elifantiev) #1386
- events: uncaught errors now provide some context (Evan Lucas) #1654
- crypto: Diffie-Hellman key exchange (DHE) parameters (
'dhparams') must now be 1024 bits or longer or an error will be thrown. A warning will also be printed to the console if you supply less than 2048 bits. See https://weakdh.org/ for further context on this security concern (Shigeki Ohtsu) #1739.
- node: A new
--trace-sync-iocommand line flag will print a warning and a stack trace whenever a synchronous API is used. This can be used to track down synchronous calls that may be slowing down an application (Trevor Norris) #1707.
- node: To allow for chaining of methods, the
unref()methods used in
'tls'now return the current instance instead of
undefined(Roman Reiss & Evan Lucas) #1699 #1768 #1779.
- npm: Upgraded to v2.10.1, release notes can be found in https://github.com/npm/npm/releases/tag/v2.10.1 and https://github.com/npm/npm/releases/tag/v2.10.0.
- util: A significant speed-up (in the order of 35%) for the common-case of a single string argument to
util.format(), used by
console.log()(Сковорода Никита Андреевич) #1749.
See https://github.com/nodejs/node/labels/confirmed-bug for complete and current list of known issues.
- Some problems with unreferenced timers running during
beforeExitare still to be resolved. See #1264.
- Surrogate pair in REPL can freeze terminal #690
process.send()is not synchronous as the docs suggest, a regression introduced in 1.0.2, see #760 and fix in #774
dns.setServers()while a DNS query is in progress can cause the process to crash on a failed assertion #894
url.resolvemay transfer the auth portion of the url when resolving between two full hosts, see #1435.
- Mikeal Rogers post about Promise errors in io.js on Modulus.io
- NodeSchool International Day has been held for the first time. 40 cities joined.
- Logjam attack vulnerability detected on Diffie-Hellman Key exchange. io.js fixed the vulnerability on v2.1.0.
- NodeConf Adventure tickets are on sale, June 11th - 14th at Walker Creek Ranch, CA
- CascadiaJS tickets are on sale, July 8th - 10th at Washington State
- BrazilJS Conf tickets are on sale, August 21st - 22nd at Shopping Center BarraShoppingSul
- NodeConf EU tickets are on sale, September 6th - 9th at Waterford, Ireland