Node.js 同时发布了 v11.3.0 (Current)、v10.14.0 (LTS)、v8.14.0 (LTS) 和 v6.15.0 (LTS) 四个版本:
其中,Node v11.3.0 (Current) 和 v10.14.0 (LTS) 除了将 OpenSSL 更新至 1.1.0j ,还修复了以下漏洞:
- Node.js: Denial of Service with large HTTP headers (CVE-2018-12121)
- Node.js: Slowloris HTTP Denial of Service (CVE-2018-12122 / Node.js)
- Node.js: Hostname spoofing in URL parser for javascript protocol (CVE-2018-12123)
- OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734)
- OpenSSL: Timing vulnerability in ECDSA signature generation (CVE-2019-0735)
下载地址:
转自 https://www.oschina.net/news/102209/nodejs-11-3-0-released