diff options
author | Myles Borins <mylesborins@google.com> | 2017-12-07 15:24:08 -0500 |
---|---|---|
committer | Myles Borins <mylesborins@google.com> | 2017-12-08 10:52:15 -0500 |
commit | e832743f72229053f6c6e0dcefb41170e60cf301 (patch) | |
tree | 376586dcbda4cadc022f12186754debb287cb364 | |
parent | 07549c6a91f8901b69bfc430b1a552deca9763b8 (diff) | |
download | android-node-v8-e832743f72229053f6c6e0dcefb41170e60cf301.tar.gz android-node-v8-e832743f72229053f6c6e0dcefb41170e60cf301.tar.bz2 android-node-v8-e832743f72229053f6c6e0dcefb41170e60cf301.zip |
2017-12-08, Version 4.8.7 'Argon' (LTS)
This is a security release. All Node.js users should consult the
security release summary at
https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/
for details on patched vulnerabilities.
Fixes for the following CVEs are included in this release:
* CVE-2017-15896
* CVE-2017-3738 (from the openssl project)
Notable Changes:
* deps:
* openssl updated to 1.0.2n (Shigeki Ohtsu)
https://github.com/nodejs/node/pull/17526
PR-URL: https://github.com/nodejs/node/pull/17534
-rw-r--r-- | CHANGELOG.md | 3 | ||||
-rw-r--r-- | doc/changelogs/CHANGELOG_V4.md | 26 |
2 files changed, 28 insertions, 1 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index d08edb4956..1c30dfe9f1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -87,7 +87,8 @@ release. <a href="doc/changelogs/CHANGELOG_V6.md#6.0.0">6.0.0</a><br/> </td> <td valign="top"> -<b><a href="doc/changelogs/CHANGELOG_V4.md#4.8.6">4.8.6</a></b><br/> +<b><a href="doc/changelogs/CHANGELOG_V4.md#4.8.7">4.8.7</a></b><br/> +<a href="doc/changelogs/CHANGELOG_V4.md#4.8.6">4.8.6</a><br/> <a href="doc/changelogs/CHANGELOG_V4.md#4.8.5">4.8.5</a><br/> <a href="doc/changelogs/CHANGELOG_V4.md#4.8.4">4.8.4</a><br/> <a href="doc/changelogs/CHANGELOG_V4.md#4.8.3">4.8.3</a><br/> diff --git a/doc/changelogs/CHANGELOG_V4.md b/doc/changelogs/CHANGELOG_V4.md index 64c5150f5e..b6cc901131 100644 --- a/doc/changelogs/CHANGELOG_V4.md +++ b/doc/changelogs/CHANGELOG_V4.md @@ -9,6 +9,7 @@ </tr> <tr> <td valign="top"> +<a href="#4.8.7">4.8.7</a><br/> <a href="#4.8.6">4.8.6</a><br/> <a href="#4.8.5">4.8.5</a><br/> <a href="#4.8.4">4.8.4</a><br/> @@ -68,6 +69,31 @@ [Node.js Long Term Support Plan](https://github.com/nodejs/LTS) and will be supported actively until April 2017 and maintained until April 2018. +<a id="4.8.7"></a> +## 2017-12-08, Version 4.8.7 'Argon' (Maintenance), @MylesBorins + +This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/ for details on patched vulnerabilities. + +Fixes for the following CVEs are included in this release: + +* CVE-2017-15896 +* CVE-2017-3738 (from the openssl project) + +### Notable Changes + +* **deps**: + * openssl updated to 1.0.2n (Shigeki Ohtsu) [#17526](https://github.com/nodejs/node/pull/17526) + +### Commits + +* [[`4f8fae3493`](https://github.com/nodejs/node/commit/4f8fae3493)] - **deps**: update openssl asm and asm_obsolete files (Shigeki Ohtsu) [#17526](https://github.com/nodejs/node/pull/17526) +* [[`eacd090e7b`](https://github.com/nodejs/node/commit/eacd090e7b)] - **deps**: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) [nodejs/io.js#1836](https://github.com/nodejs/io.js/pull/1836) +* [[`3e6b0b0d13`](https://github.com/nodejs/node/commit/3e6b0b0d13)] - **deps**: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) [iojs/io.js#1389](https://github.com/iojs/io.js/pull/1389) +* [[`b0ed4c52af`](https://github.com/nodejs/node/commit/b0ed4c52af)] - **deps**: fix openssl assembly error on ia32 win32 (Fedor Indutny) [iojs/io.js#1389](https://github.com/iojs/io.js/pull/1389) +* [[`dd6a2dff1e`](https://github.com/nodejs/node/commit/dd6a2dff1e)] - **deps**: copy all openssl header files to include dir (Shigeki Ohtsu) [#17526](https://github.com/nodejs/node/pull/17526) +* [[`b3afedfbe9`](https://github.com/nodejs/node/commit/b3afedfbe9)] - **deps**: upgrade openssl sources to 1.0.2n (Shigeki Ohtsu) [#17526](https://github.com/nodejs/node/pull/17526) +* [[`f7eb162d0d`](https://github.com/nodejs/node/commit/f7eb162d0d)] - **openssl**: fix keypress requirement in apps on win32 (Shigeki Ohtsu) [iojs/io.js#1389](https://github.com/iojs/io.js/pull/1389) + <a id="4.8.6"></a> ## 2017-11-07, Version 4.8.6 'Argon' (Maintenance), @MylesBorins |