From ffc1395af0d5495be442eaefd9ce4dd6561c6dba Mon Sep 17 00:00:00 2001 From: Rod Vagg Date: Thu, 3 Dec 2015 23:05:52 +1100 Subject: [PATCH] 2015-12-04, Version 0.12.9 (Stable) Security Update Notable items: * http: Fix a bug where an HTTP socket may no longer have a socket but a pipelined request triggers a pause or resume, a potential denial-of-service vector. (Fedor Indutny) * openssl: Upgrade to 1.0.1q, fixes CVE-2015-3194 "Certificate verify crash with missing PSS parameter", a potential denial-of-service vector for Node.js TLS servers; TLS clients are also impacted. Details are available at . (Ben Noordhuis) #4133 PR-URL: https://github.com/nodejs/node-private/pull/13 --- ChangeLog | 14 ++++++++++++++ src/node_version.h | 2 +- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 82e2133ef9d7f5..c85fc3a2dc04ed 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,17 @@ +2015-12-04, Version 0.12.9 (LTS), @rvagg + +Security Update + +Notable items: + +* http: Fix a bug where an HTTP socket may no longer have a socket but a pipelined request triggers a pause or resume, a potential denial-of-service vector. (Fedor Indutny) +* openssl: Upgrade to 1.0.1q, containing fixes CVE-2015-3194 "Certificate verify crash with missing PSS parameter", a potential denial-of-service vector for Node.js TLS servers; TLS clients are also impacted. Details are available at . (Ben Noordhuis) https://github.com/nodejs/node/pull/4133 + +Commits: + +* [8d24a14f2c] - deps: upgrade to openssl 1.0.1q (Ben Noordhuis) https://github.com/nodejs/node/pull/4133 +* [dfc6f4a9af] - http: fix pipeline regression (Fedor Indutny) + 2015.11.25, Version 0.12.8 (LTS) * [d9399569bd] - build: backport tools/release.sh (Rod Vagg) https://github.com/nodejs/node/pull/3642 diff --git a/src/node_version.h b/src/node_version.h index 43c4052047e394..f4cf73619a815b 100644 --- a/src/node_version.h +++ b/src/node_version.h @@ -26,7 +26,7 @@ #define NODE_MINOR_VERSION 12 #define NODE_PATCH_VERSION 9 -#define NODE_VERSION_IS_RELEASE 0 +#define NODE_VERSION_IS_RELEASE 1 #ifndef NODE_STRINGIFY #define NODE_STRINGIFY(n) NODE_STRINGIFY_HELPER(n)