From 98060a43f475b5effbdae55ece6306eb5472a52d Mon Sep 17 00:00:00 2001 From: Rod Vagg Date: Thu, 31 Mar 2016 16:29:41 -0700 Subject: [PATCH] Working on v0.12.14 --- ChangeLog | 2 +- src/node_version.h | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 58aac5ea7b4617..dc8a66f22060b9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,7 +2,7 @@ Notable changes: -* npm: Upgrade to v2.15.1. (Forrest L Norvell) +* npm: Upgrade to v2.15.1. Fixes a security flaw in the use of authentication tokens in HTTP requests that would allow an attacker to set up a server that could collect tokens from users of the command-line interface. Authentication tokens have previously been sent with every request made by the CLI for logged-in users, regardless of the destination of the request. This update fixes this by only including those tokens for requests made against the registry or registries used for the current install. (Forrest L Norvell) https://github.com/nodejs/node/pull/5967 * openssl: OpenSSL v1.0.1s disables the EXPORT and LOW ciphers as they are obsolete and not considered safe. This release of Node.js turns on `OPENSSL_NO_WEAK_SSL_CIPHERS` to fully disable the 27 ciphers included in these lists which can be used in SSLv3 and higher. Full details can be found in our LTS discussion on the matter (https://github.com/nodejs/LTS/issues/85). (Shigeki Ohtsu) https://github.com/nodejs/node/pull/5712 Commits: diff --git a/src/node_version.h b/src/node_version.h index ed584258fb2e5f..b852751f77c533 100644 --- a/src/node_version.h +++ b/src/node_version.h @@ -24,9 +24,9 @@ #define NODE_MAJOR_VERSION 0 #define NODE_MINOR_VERSION 12 -#define NODE_PATCH_VERSION 13 +#define NODE_PATCH_VERSION 14 -#define NODE_VERSION_IS_RELEASE 1 +#define NODE_VERSION_IS_RELEASE 0 #ifndef NODE_STRINGIFY #define NODE_STRINGIFY(n) NODE_STRINGIFY_HELPER(n)