From 97c1fa3d3b98bf1b28cf3362e197ae91093cf68f Mon Sep 17 00:00:00 2001
From: Rod Vagg <rod@vagg.org>
Date: Mon, 13 Aug 2018 19:02:06 +1000
Subject: 2018-08-15, Version 10.9.0 (Current)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Notable changes:

* buffer:
  * Fix out-of-bounds (OOB) write in `Buffer.write()` for UCS-2 encoding
    (CVE-2018-12115)
  * Fix unintentional exposure of uninitialized memory in `Buffer.alloc()`
    (CVE-2018-7166)
* deps:
  * Upgrade to OpenSSL 1.1.0i, fixing:
    - Client DoS due to large DH parameter (CVE-2018-0732)
    - ECDSA key extraction via local side-channel (CVE not assigned)
  * Upgrade V8 from 6.7 to 6.8 (Michaël Zasso) #21079
    - Memory reduction and performance improvements, details at:
      https://v8project.blogspot.com/2018/06/v8-release-68.html
* http: `http.get()` and `http.request()` (and `https` variants) can now accept
  three arguments to allow for a `URL` _and_ an `options` object
  (Sam Ruby) #21616
* Added new collaborators
  * Sam Ruby (https://github.com/rubys)
  * George Adams (https://github.com/gdams)
---
 doc/api/https.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'doc/api/https.md')

diff --git a/doc/api/https.md b/doc/api/https.md
index d36cfe927f..ce6da9ae81 100644
--- a/doc/api/https.md
+++ b/doc/api/https.md
@@ -116,7 +116,7 @@ https.createServer(options, (req, res) => {
 <!-- YAML
 added: v0.3.6
 changes:
-  - version: REPLACEME
+  - version: v10.9.0
     pr-url: https://github.com/nodejs/node/pull/21616
     description: allow both url and options to be passed to `https.get()`
   - version: v7.5.0
@@ -164,7 +164,7 @@ Global instance of [`https.Agent`][] for all HTTPS client requests.
 <!-- YAML
 added: v0.3.6
 changes:
-  - version: REPLACEME
+  - version: v10.9.0
     pr-url: https://github.com/nodejs/node/pull/21616
     description: allow both url and options to be passed to `https.request()`
   - version: v9.3.0
-- 
cgit v1.2.3