作者:你有小号我就不能有吗_477 | 来源:互联网 | 2023-01-17 10:58
Node.js 8.11.3 和 10.4.1 发布了,更新内容如下:
8.11.3
Notable Changes
Commits
[e1ff7c3cbc
] - deps: update to nghttp2 1.32.0 (James M Snell) nodejs-private/node-private#125
[c5a2748d8f
] - doc: buffer.fill() can zero-fill on invalid input (Сковорода Никита Андреевич) nodejs-private/node-private#119
[354f2d97ff
] - http2: fixup http2stream cleanup and other nits (James M Snell) nodejs-private/node-private#123
[25c5111ca4
] - src: avoid hanging on Buffer#fill 0-length input (Сковорода Никита Андреевич) nodejs-private/node-private#119
[10c5adf19b
] - test: add Realloc()
shrink after reading stream data test (Anna Henningsen) nodejs-private/node-private#132
[bc91220ca2
] - test: add tls write error regression test (Shigeki Ohtsu) nodejs-private/node-private#131
[acd11b01c4
] - test: add regression test for nghttp2 CVE-2018-1000168 (James M Snell) nodejs-private/node-private#125
下载地址:
Source code (zip)
Source code (tar.gz)
10.4.1
Notable Changes
Fixes memory exhaustion DoS (CVE-2018-7164): Fixes a bug introduced in 9.7.0 that increases the memory consumed when reading from the network into Javascript using the net.Socket object directly as a stream.
http2
(CVE-2018-7161): Fixes Denial of Service vulnerability by updating the http2 implementation to not crash under certain circumstances during cleanup
(CVE-2018-1000168): Fixes Denial of Service vulnerability by upgrading nghttp2 to 1.32.0
tls (CVE-2018-7162): Fixes Denial of Service vulnerability by updating the TLS implementation to not crash upon receiving
n-api: Prevent use-after-free in napi_delete_async_work
Commits
[1bbfe9a72b
] - build: fix configure script for double-digits (Misty De Meo) #21183
[4c90ee8fc6
] - deps: update to nghttp2 1.32.0 (James M Snell) nodejs-private/node-private#117
[e5c2f575b1
] - deps: patch V8 to 6.7.288.45 (Michaël Zasso) #21192
[03ded94ffe
] - deps: patch V8 to 6.7.288.44 (Michaël Zasso) #21146
[4de7e0c96c
] - deps,npm: float node-gyp patch on npm (Rich Trott) #21239
[92d7b6c9a0
] - fs: fix promises reads with pos > 4GB (cjihrig) #21148
[8681402228
] - http2: fixup http2stream cleanup and other nits (James M Snell) nodejs-private/node-private#115
[53f8563353
] - n-api: back up env before async work finalize (Gabriel Schulhof) #21129
[9ba8ed1371
] - src: re-add Realloc()
shrink after reading stream data (Anna Henningsen) nodejs-private/node-private#128
[8e979482fa
] - Revert "src: restore stdio on program exit" (Evan Lucas) #21257
[cb5ec64956
] - src: reset TTY mode before cleaning up resources (Anna Henningsen) #21257
[ae5567eaea
] - test: add regression test for nghttp2 CVE-2018-1000168 (James M Snell) nodejs-private/node-private#117
[e87bf625dd
] - test: add tls write error regression test (Shigeki Ohtsu) nodejs-private/node-private#127
[eea2bce58d
] - tls: fix SSL write error handling (Anna Henningsen) nodejs-private/node-private#127
[1e49eadd68
] - tools,gyp: fix regex for version matching (Rich Trott) #21216
下载地址:
Source code (zip)
Source code (tar.gz)
发布公告
【声明】文章转载自:开源中国社区 [http://www.oschina.net]
以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 我们