diff options
| author | Rod Vagg <rod@vagg.org> | 2016-03-31 03:30:15 -0700 |
|---|---|---|
| committer | Rod Vagg <rod@vagg.org> | 2016-03-31 22:20:21 -0700 |
| commit | 5fc6938cff48f978642d7d83e257de36660977d3 (patch) | |
| tree | 731ff76b540a18271cdc97372f7a21ac5345accf /CHANGELOG.md | |
| parent | 4882ec4e362968d87c5f9023255db677420d8e5d (diff) | |
| download | android-node-v8-5fc6938cff48f978642d7d83e257de36660977d3.tar.gz android-node-v8-5fc6938cff48f978642d7d83e257de36660977d3.tar.bz2 android-node-v8-5fc6938cff48f978642d7d83e257de36660977d3.zip | |
2016-03-31 Version 0.10.44 (Maintenance) Release
Notable changes:
* npm: Upgrade to v2.15.1. IMPORTANT: This is a major upgrade to npm
v2 LTS from the previously deprecated npm v1. (Forrest L Norvell)
* npm: Upgrade to v2.15.1. Fixes a security flaw in the use of
authentication tokens in HTTP requests that would allow an attacker
to set up a server that could collect tokens from users of the
command-line interface. Authentication tokens have previously been
sent with every request made by the CLI for logged-in users,
regardless of the destination of the request. This update fixes this
by only including those tokens for requests made against the
registry or registries used for the current install. IMPORTANT:
This is a major upgrade to npm v2 LTS from the previously deprecated
npm v1. (Forrest L Norvell) https://github.com/nodejs/node/pull/5967
* openssl: OpenSSL v1.0.1s disables the EXPORT and LOW ciphers as they
are obsolete and not considered safe. This release of Node.js turns
on `OPENSSL_NO_WEAK_SSL_CIPHERS` to fully disable the 27 ciphers
included in these lists which can be used in SSLv3 and higher. Full
details can be found in our LTS discussion on the matter
(https://github.com/nodejs/LTS/issues/85).
(Shigeki Ohtsu) https://github.com/nodejs/node/pull/5712
PR-URL: https://github.com/nodejs/node/pull/5968
Diffstat (limited to 'CHANGELOG.md')
| -rw-r--r-- | CHANGELOG.md | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index ec6fbe9f8e..784372e2b2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,19 @@ # Node.js ChangeLog +## 2016-03-31, Version 0.10.44 (Maintenance), @rvagg + +### Notable changes + +* npm: Upgrade to v2.15.1. Fixes a security flaw in the use of authentication tokens in HTTP requests that would allow an attacker to set up a server that could collect tokens from users of the command-line interface. Authentication tokens have previously been sent with every request made by the CLI for logged-in users, regardless of the destination of the request. This update fixes this by only including those tokens for requests made against the registry or registries used for the current install. IMPORTANT: This is a major upgrade to npm v2 LTS from the previously deprecated npm v1. (Forrest L Norvell) https://github.com/nodejs/node/pull/5967 +* openssl: OpenSSL v1.0.1s disables the EXPORT and LOW ciphers as they are obsolete and not considered safe. This release of Node.js turns on `OPENSSL_NO_WEAK_SSL_CIPHERS` to fully disable the 27 ciphers included in these lists which can be used in SSLv3 and higher. Full details can be found in our LTS discussion on the matter (https://github.com/nodejs/LTS/issues/85). (Shigeki Ohtsu) https://github.com/nodejs/node/pull/5712 + +### Commits + +* [feceb77d7e] - deps: upgrade npm in LTS to 2.15.1 (Forrest L Norvell) https://github.com/nodejs/node/pull/5968 +* [0847954331] - deps: Disable EXPORT and LOW ciphers in openssl (Shigeki Ohtsu) https://github.com/nodejs/node/pull/5712 +* [6bb86e727a] - test: change tls tests not to use LOW cipher (Shigeki Ohtsu) https://github.com/nodejs/node/pull/5712 +* [905bec29ad] - win,build: support Visual C++ Build Tools 2015 (João Reis) https://github.com/nodejs/node/pull/5627 + ## 2016-03-31, Version 5.10.0 (Stable), @evanlucas ### Notable changes |