Weekly Update - Feb 15th, 2016

Minwoo Jung (@jmwsoft)

Node.js News

Node v0.10.42 (LTS), Node v0.12.10 (LTS), Node v4.3.0 (LTS) and Node v5.6.0 (Current) are released.

February 2016 Security Release Summary

We had released Node.js v0.10.42 (Maintenance), v0.12.10 (LTS), v4.3.0 "Argon" (LTS) and v5.6.0 (Current) with fixes for the announced vulnerabilities and updates to OpenSSL.

Please note that our LTS "Argon" release line (/oved from v4.2.x to v4.3.x due to the sec(/ fixes enclosed. There will be no further updat(/ v4.2.x. Users are advised to upgrade to v(/ as soon as possible.

For the purpose of understanding the impact that the fixed vulnerabilities have on your Node.js deployment and the urgency of the upgrades for your circumstances we are providing details below.

See /blog/vulnerability/february-2016-security-releases/ for more information.

OpenSSL upgrade summary

Node.js v0.10.42 and v0.12.10 upgrade the bundled version of OpenSSL from 1.0.1q to 1.0.1r. Full details can be found in the OpenSSL 1.0.1 changelog.

Node.js v4.3.0 and v5.6.0 upgrade the bundled version of OpenSSL from 1.0.2e to 1.0.2f. Full details can be found in the OpenSSL 1.0.2 changelog.

Upcoming Events

Have an event about Node.js coming up? You can put your events here through the Evangelism team repo and announce it in the Issues page, specifically the Weekly Updates issue.

Last Updated
Feb 15, 2016
Reading Time
2 min read
Contribute
Edit this page
Table of Contents
  1. Node.js News
  2. February 2016 Security Release Summary
  3. OpenSSL upgrade summary
  4. Upcoming Events