Weekly Update - Jan 29th, 2016
The Node.js project will be releasing new versions across all of its active release lines early next week (possibly sooner, pending full impact assessment) to incorporate upstream patches from OpenSSL and some additional low-severity fixes relating to HTTP handling. Please read on for full details.
See https://nodejs.org/en/blog/vulnerability/openssl-and-low-severity-fixes-jan-2016/ for more information.
OpenSSL versions 1.0.1r and 1.0.21 have been released, the announcement can be found here: https://mta.openssl.org/pipermail/openssl-announce/2016-January/000061.html
Our team has made an assessment of the impact of the disclosed defects and concluded that there is no urgency in releasing patched versions of Node.js in response to this release. Therefore, we will be proceeding as planned and attempt to release new versions of each of our active release lines on or after Monday the 1st of February, 11pm UTC (Monday the 1st of February, 3pm Pacific Time). Please note that this is simply an approximation of release timing. Please tune in to nodejs-sec (https://groups.google.com/forum/#!topic/nodejs-sec) where we will announce the availability of releases.
Nominations closed for the individual member representative to the Node.js Foundation Board. 12 members put their hands up with nominations:
- @guyellis: nomination post, Q/A thread
- @sup: nomination post, Q/A thread
- @ashleygwilliams: nomination post, Q/A thread
- @contra: nomination post, Q/A thread
- @geek: nomination post, Q/A thread
- @jaredhanson: nomination post, Q/A thread
- @tejasmanohar: nomination post, Q/A thread
- @bnb: nomination post, Q/A thread
- @watson: nomination post, Q/A thread
- @feross: nomination post, Q/A thread
- @pgte: nomination post, Q/A thread
- @ecowden: nomination post, Q/A thread
A ballot was distributed to individual members on January 20th, with the election completed by January 30th.
To be eligible to vote, you must be signed up as an individual member of the Node.js Foundation, more information can be found here: https://nodejs.org/en/blog/community/individual-membership/
- Node by Numbers 2015, "By analyzing the logs for binary and source downloads, we get to discover some interesting patterns."
- ninetyseven, "A Front-end npm Show"
- NodeConf Adventure 2016, "First batch of NodeConf Adventure tickets are up!", June 9th–12th, 2016 - Walker Creek Ranch, Marin, CA, USA
- NationJS Node Day Conference, TICKETS ARE AVAILABLE NOW, March 11, 2016 - Washington, DC