Node 同时更新了 3 个版本。
Node v8.8.0 (Current) 主要更新包括:
- crypto:
- expose ECDH class #8188
- http2:
- module:
- resolve and instantiate loader pipeline hooks have been added to the ESM lifecycle #15445
- zlib:
- CVE-2017-14919 – In zlib v1.2.9, a change was made that causes an error to be raised when a raw deflate stream is initialized with windowBits set to 8. On some versions this crashes Node and you cannot recover from it, while on some versions it throws an exception. Node.js will now gracefully set windowBits to 9 replicating the legacy behavior to avoid a DOS vector. nodejs-private/node-private#95
Node v6.11.5 (LTS) 和 Node v4.8.5 (Maintenance) 主要更新包括:
zlib:
- CVE-2017-14919 – In zlib v1.2.9, a change was made that causes an error to be raised when a raw deflate stream is initialized with windowBits set to 8. On some versions this crashes Node and you cannot recover from it, while on some versions it throws an exception. Node.js will now gracefully set windowBits to 9 replicating the legacy behavior to avoid a DOS vector. nodejs-private/node-private#95
下载地址:
https://nodejs.org/en/download/
转自 http://www.oschina.net/news/89918/node-8-8-0-and-4-8-5