Node.js 8.11.3 和 10.4.1 发布,JavaScript 运行时

Node.js 8.11.3 和 10.4.1 发布,JavaScript 运行时

淡漠悠然
淡漠悠然
发布于2018年06月14日
收藏 1

Node.js 8.11.3 和 10.4.1 发布了,更新内容如下:

8.11.3

Notable Changes

  • buffer (CVE-2018-7167): Fixes Denial of Service vulnerability where calling Buffer.fill() could hang

  • http2

    • (CVE-2018-7161): Fixes Denial of Service vulnerability by updating the http2 implementation to not crash under certain circumstances during cleanup

    • (CVE-2018-1000168): Fixes Denial of Service vulnerability by upgrading nghttp2 to 1.32.0

Commits

下载地址:

10.4.1

Notable Changes

  • Fixes memory exhaustion DoS (CVE-2018-7164): Fixes a bug introduced in 9.7.0 that increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream.

  • http2

    • (CVE-2018-7161): Fixes Denial of Service vulnerability by updating the http2 implementation to not crash under certain circumstances during cleanup

    • (CVE-2018-1000168): Fixes Denial of Service vulnerability by upgrading nghttp2 to 1.32.0

  • tls (CVE-2018-7162): Fixes Denial of Service vulnerability by updating the TLS implementation to not crash upon receiving

  • n-api: Prevent use-after-free in napi_delete_async_work

Commits

下载地址:

发布公告