Weekly Update - Feb 15th, 2016

By Minwoo Jung (@jmwsoft),

Node.js News

Node v0.10.42 (LTS), Node v0.12.10 (LTS), Node v4.3.0 (LTS) and Node v5.6.0 (Current) are released.

February 2016 Security Release Summary

We had released Node.js v0.10.42 (Maintenance), v0.12.10 (LTS), v4.3.0 "Argon" (LTS) and v5.6.0 (Current) with fixes for the announced vulnerabilities and updates to OpenSSL.

Please note that our LTS "Argon" release line has moved from v4.2.x to v4.3.x due to the security fixes enclosed. There will be no further updates to v4.2.x. Users are advised to upgrade to v4.3.0 as soon as possible.

For the purpose of understanding the impact that the fixed vulnerabilities have on your Node.js deployment and the urgency of the upgrades for your circumstances we are providing details below.

See https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/ for more information.

OpenSSL upgrade summary

Node.js v0.10.42 and v0.12.10 upgrade the bundled version of OpenSSL from 1.0.1q to 1.0.1r. Full details can be found in the OpenSSL 1.0.1 changelog.

Node.js v4.3.0 and v5.6.0 upgrade the bundled version of OpenSSL from 1.0.2e to 1.0.2f. Full details can be found in the OpenSSL 1.0.2 changelog.

Upcoming Events

Have an event about Node.js coming up? You can put your events here through the Evangelism team repo and announce it in the Issues page, specifically the Weekly Updates issue.

Scroll to top