diff options
author | Rod Vagg <rod@vagg.org> | 2015-09-22 16:51:58 +1000 |
---|---|---|
committer | Rod Vagg <rod@vagg.org> | 2015-09-23 11:33:13 +1000 |
commit | 4a6f1feecb5411dc425cc3514a4e439c90c09c45 (patch) | |
tree | 646363e4c7f688dc5abeaf25aac5355d61bb63d6 /LICENSE | |
parent | f32a606e373ad57f684b0e511d6d6e4cbd48a812 (diff) | |
download | android-node-v8-4a6f1feecb5411dc425cc3514a4e439c90c09c45.tar.gz android-node-v8-4a6f1feecb5411dc425cc3514a4e439c90c09c45.tar.bz2 android-node-v8-4a6f1feecb5411dc425cc3514a4e439c90c09c45.zip |
2015-09-22, Version 4.1.1 (Stable) Release
Notable changes
* buffer: Fixed a bug introduced in v4.1.0 where allocating a new
zero-length buffer can result in the next allocation of a TypedArray
in JavaScript not being zero-filled. In certain circumstances this
could result in data leakage via reuse of memory space in
TypedArrays, breaking the normally safe assumption that TypedArrays
should be always zero-filled. (Trevor Norris) #2931.
* http: Guard against response-splitting of HTTP trailing headers
added via response.addTrailers() by removing new-line ([\r\n])
characters from values. Note that standard header values are already
stripped of new-line characters. The expected security impact is low
because trailing headers are rarely used. (Ben Noordhuis) #2945.
* npm: Upgrade to npm 2.14.4 from 2.14.3, see release notes for full
details (Kat Marchán) #2958
- Upgrades graceful-fs on multiple dependencies to no longer rely on
monkey-patching fs
- Fix npm link for pre-release / RC builds of Node
* v8: Update post-mortem metadata to allow post-mortem debugging tools
to find and inspect:
- JavaScript objects that use dictionary properties
(Julien Gilli) #2959
- ScopeInfo and thus closures (Julien Gilli) #2974
PR-URL: https://github.com/nodejs/node/pull/2995
Diffstat (limited to 'LICENSE')
0 files changed, 0 insertions, 0 deletions