diff options
| author | Nick Schonning <nschonni@gmail.com> | 2019-09-01 02:18:32 -0400 |
|---|---|---|
| committer | Rich Trott <rtrott@gmail.com> | 2019-09-03 20:55:39 -0700 |
| commit | a3307eac0e6fb276274e4e9bbaab1aa4433e795f (patch) | |
| tree | 8f28047c28dc917181c068c768afc1bb870bed6b /doc/changelogs/CHANGELOG_V10.md | |
| parent | 27a57d3a3449e4d6b9c07ef3bb56c4b0b43c133d (diff) | |
| download | android-node-v8-a3307eac0e6fb276274e4e9bbaab1aa4433e795f.tar.gz android-node-v8-a3307eac0e6fb276274e4e9bbaab1aa4433e795f.tar.bz2 android-node-v8-a3307eac0e6fb276274e4e9bbaab1aa4433e795f.zip | |
doc: use consistent indenting for unordered list items
Address Markdownlint MD007 rule.
Default suggestion is 2 space indenting for unordered list items.
PR-URL: https://github.com/nodejs/node/pull/29390
Reviewed-By: David Carlier <devnexen@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Diffstat (limited to 'doc/changelogs/CHANGELOG_V10.md')
| -rw-r--r-- | doc/changelogs/CHANGELOG_V10.md | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/doc/changelogs/CHANGELOG_V10.md b/doc/changelogs/CHANGELOG_V10.md index 5626904065..3b9ab8a153 100644 --- a/doc/changelogs/CHANGELOG_V10.md +++ b/doc/changelogs/CHANGELOG_V10.md @@ -1459,8 +1459,8 @@ Fixes for the following CVEs are included in this release: * **deps**: Upgrade to OpenSSL 1.1.0j, fixing CVE-2018-0734 and CVE-2019-0735 * **http**: - * Headers received by HTTP servers must not exceed 8192 bytes in total to prevent possible Denial of Service attacks. Reported by Trevor Norris. (CVE-2018-12121 / Matteo Collina) - * A timeout of 40 seconds now applies to servers receiving HTTP headers. This value can be adjusted with `server.headersTimeout`. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with `server.setTimeout()`, this aids in protecting against excessive resource retention and possible Denial of Service. Reported by Jan Maybach ([liebdich.com](https://liebdich.com)). (CVE-2018-12122 / Matteo Collina) + * Headers received by HTTP servers must not exceed 8192 bytes in total to prevent possible Denial of Service attacks. Reported by Trevor Norris. (CVE-2018-12121 / Matteo Collina) + * A timeout of 40 seconds now applies to servers receiving HTTP headers. This value can be adjusted with `server.headersTimeout`. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with `server.setTimeout()`, this aids in protecting against excessive resource retention and possible Denial of Service. Reported by Jan Maybach ([liebdich.com](https://liebdich.com)). (CVE-2018-12122 / Matteo Collina) * **url**: Fix a bug that would allow a hostname being spoofed when parsing URLs with `url.parse()` with the `'javascript:'` protocol. Reported by [Martin Bajanik](https://twitter.com/_bayotop) ([Kentico](https://kenticocloud.com/)). (CVE-2018-12123 / Matteo Collina) ### Commits |