Weekly Update - Jul 10th, 2015
Security patches for io.js 1.8 and 2.3 and upcoming events.
- openssl: Upgrade to 1.0.2d, fixes CVE-2015-1793 (Alternate Chains Certificate Forgery) #2141.
- openssl: Upgrade to 1.0.2d, fixes CVE-2015-1793 (Alternate Chains Certificate Forgery) (Shigeki Ohtsu) #2141.
- npm: Upgraded to v2.12.1, release notes can be found in https://github.com/npm/npm/releases/tag/v2.12.0 and https://github.com/npm/npm/releases/tag/v2.12.1 (Kat Marchán) #2112.
See https://github.com/nodejs/node/labels/confirmed-bug for complete and current list of known issues.
- Some problems with unreferenced timers running during
beforeExitare still to be resolved. See #1264.
- Surrogate pair in REPL can freeze terminal. #690
process.send()is not synchronous as the docs suggest, a regression introduced in 1.0.2, see #760.
dns.setServers()while a DNS query is in progress can cause the process to crash on a failed assertion. #894
url.resolvemay transfer the auth portion of the url when resolving between two full hosts, see #1435.
- OpenSSL published a high severity security issue, io.js and Node.js have upgraded OpenSSL version and fixed the problem on latest version.
- Node.js LTS WG has updated their proposed LTS plan. They need some feedbacks from Noders.
- ReactNative required io.js as their test platform.
- BrazilJS Conf tickets are on sale, August 21st - 22nd at Shopping Center BarraShoppingSul
- NodeConf EU tickets are on sale, September 6th - 9th at Waterford, Ireland
- Node.js Italian Conference tickets are on sale, October 10th at Desenzano - Brescia, Italy
- JSConf CO, October 16th - 17th at Ruta N, Medellin