皇上,还记得我吗?我就是1999年那个Linux伊甸园啊-----24小时滚动更新开源资讯,全年无休!

Node.js 8.11.3 和 10.4.1 发布,JavaScript 运行时

Node.js 8.11.3 和 10.4.1 发布,JavaScript 运行时

Node.js 8.11.3 和 10.4.1 发布了,更新内容如下:

8.11.3

Notable Changes

  • buffer (CVE-2018-7167): Fixes Denial of Service vulnerability where calling Buffer.fill() could hang
  • http2
    • (CVE-2018-7161): Fixes Denial of Service vulnerability by updating the http2 implementation to not crash under certain circumstances during cleanup
    • (CVE-2018-1000168): Fixes Denial of Service vulnerability by upgrading nghttp2 to 1.32.0

Commits

下载地址:

10.4.1

Notable Changes

  • Fixes memory exhaustion DoS (CVE-2018-7164): Fixes a bug introduced in 9.7.0 that increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream.
  • http2
    • (CVE-2018-7161): Fixes Denial of Service vulnerability by updating the http2 implementation to not crash under certain circumstances during cleanup
    • (CVE-2018-1000168): Fixes Denial of Service vulnerability by upgrading nghttp2 to 1.32.0
  • tls (CVE-2018-7162): Fixes Denial of Service vulnerability by updating the TLS implementation to not crash upon receiving
  • n-api: Prevent use-after-free in napi_delete_async_work

Commits

下载地址:

发布公告

转自 https://www.oschina.net/news/97070/nodejs-8-11-3-and-10-4-1-released