2018-03-28, Version 4.9.0 'Argon' (Maintenance)

This is a security release. All Node.js users should consult the
security release summary at:

https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/

for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

* CVE-2018-7158
* CVE-2018-7159

Notable Changes:

* Upgrade to OpenSSL 1.0.2o: Does not contain any security fixes that
  are known to impact Node.js.
* **Fix for `'path'` module regular expression denial of service
  (CVE-2018-7158)**: A regular expression used for parsing POSIX an
  Windows paths could be used to cause a denial of service if an
  attacker were able to have a specially crafted path string passed
  through one of the impacted `'path'` module functions.
* **Reject spaces in HTTP `Content-Length` header values
  (CVE-2018-7159)**: The Node.js HTTP parser allowed for spaces inside
  `Content-Length` header values. Such values now lead to rejected
  connections in the same way as non-numeric values.
* **Update root certificates**: 5 additional root certificates have
  been added to the Node.js binary and 30 have been removed.

PR-URL: https://github.com/nodejs-private/node-private/pull/110

1 files changed, 2 insertions, 1 deletions

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0c038e78cc..a1cb757ddb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -106,7 +106,8 @@ release.
 <a href="doc/changelogs/CHANGELOG_V6.md#6.0.0">6.0.0</a><br/>
   </td>
   <td valign="top">
-<b><a href="doc/changelogs/CHANGELOG_V4.md#4.8.7">4.8.7</a></b><br/>
+<b><a href="doc/changelogs/CHANGELOG_V4.md#4.9.0">4.9.0</a></b><br/>
+<a href="doc/changelogs/CHANGELOG_V4.md#4.8.7">4.8.7</a><br/>
 <a href="doc/changelogs/CHANGELOG_V4.md#4.8.6">4.8.6</a><br/>
 <a href="doc/changelogs/CHANGELOG_V4.md#4.8.5">4.8.5</a><br/>
 <a href="doc/changelogs/CHANGELOG_V4.md#4.8.4">4.8.4</a><br/>