Weekly Update - Oct 2nd, 2015
Node.js v4.1.2 release proposal
- http: Guard against response-splitting of HTTP trailing headers added via
response.addTrailers()by removing new-line (
[\r\n]) characters from values. Note that standard header values are already stripped of new-line characters. The expected security impact is low because trailing headers are rarely used. (Ben Noordhuis) #2945.
- npm: Upgrade to npm 2.14.4 from 2.14.3, see release notes for full details (Kat Marchán) #2958
graceful-fson multiple dependencies to no longer rely on monkey-patching
npm linkfor pre-release / RC builds of Node
- v8: Update post-mortem metadata to allow post-mortem debugging tools to find and inspect:
Node.js Help is open. Need help with Node? Please feel free to ask. Want to help others with issues? You can start simply, by answering open questions.
Please do come over to our Node.js Help to create a new issue if you have any questions.
See https://github.com/nodejs/node/labels/confirmed-bug for complete and current list of known issues.
- Some problems with unreferenced timers running during
beforeExitare still to be resolved. See #1264.
- Surrogate pair in REPL can freeze terminal. #690
dns.setServers()while a DNS query is in progress can cause the process to crash on a failed assertion. #894
url.resolvemay transfer the auth portion of the url when resolving between two full hosts, see #1435.
- CVE-2015-7384 Denial of Service Vulnerability, "A new v4.x release on Monday the 5th of October 2015 will be made available with appropriate fixes for this vulnerability along with disclosure of the details of the bug to allow for complete impact assessment by users"
- Please subscribe to the low-volume announcement-only nodejs-sec mailing list at https://groups.google.com/forum/#!forum/nodejs-sec to stay up to date with security vulnerabilities in Node.js and the projects maintained in the nodejs GitHub organization.
Please contact [email protected] if you wish to report a vulnerability in Node.js.
- StrongLoop introduces Arrow functions, "Arrow functions serve two main purposes: more concise syntax and sharing lexical this with the parent scope."
- Node.js Italian Conference tickets are on sale, October 10th at Desenzano - Brescia, Italy
- JSConf CO, October 16th - 17th at Ruta N, Medellin, Colombia
- EmpireNode, October 23rd at New York, US.
- NodeFest, November 7th at Tokyo, Japan
- Nodevember, November 14th - 15th at Nashville, Tennessee, US.
- NodeConf Barcelona, November 21st at Barcelona, Spain
- CampJS VI, November 20 – 23th at Queensland, Australia
- Playnode, call-for-proposals, November, Korea
- Node.js Interactive, December 8-9 at Portland, US.