Thu, 09 Jul 2015 23:51:47 UTC - release

In addition to upgrading npm and fixing a couple of bugs, this release upgrades OpenSSL to version 1.0.1p, which fixes a security vulnerability (CVE-2015-1793). More details about the vulnerability can be found on OpenSSL's website.

2015.07.09, Version 0.12.7 (Stable)

  • openssl: upgrade to 1.0.1p (CVE-2015-1793)

  • npm: upgrade to 2.11.3

  • V8: cherry-pick JitCodeEvent patch from upstream (Ben Noordhuis)

  • win,msi: create npm folder in AppData directory (Steven Rockarts)

Source Code: http://nodejs.org/dist/v0.12.7/node-v0.12.7.tar.gz

Macintosh Installer (Universal): http://nodejs.org/dist/v0.12.7/node-v0.12.7.pkg

Windows Installer: http://nodejs.org/dist/v0.12.7/node-v0.12.7-x86.msi

Windows x64 Installer: http://nodejs.org/dist/v0.12.7/x64/node-v0.12.7-x64.msi

Windows x64 Files: http://nodejs.org/dist/v0.12.7/x64/

Linux 32-bit Binary: http://nodejs.org/dist/v0.12.7/node-v0.12.7-linux-x86.tar.gz

Linux 64-bit Binary: http://nodejs.org/dist/v0.12.7/node-v0.12.7-linux-x64.tar.gz

Solaris 32-bit Binary: http://nodejs.org/dist/v0.12.7/node-v0.12.7-sunos-x86.tar.gz

Solaris 64-bit Binary: http://nodejs.org/dist/v0.12.7/node-v0.12.7-sunos-x64.tar.gz

Other release files: http://nodejs.org/dist/v0.12.7/

Website: http://nodejs.org/docs/v0.12.7/

Documentation: http://nodejs.org/docs/v0.12.7/api/

Shasums:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

37af2e7e748a81921f8956f1938dc5977e422ed8  node-v0.12.7-darwin-x64.tar.gz
8bf1caba4d474bfbff75a75c6b3fc1e413e34a8e  node-v0.12.7-darwin-x86.tar.gz
0a861a6ded50c8cda32ac39c3a54699c767742e6  node-v0.12.7-linux-x64.tar.gz
cb2ba2e004fc03f634e56618194e4c2c025cfe22  node-v0.12.7-linux-x86.tar.gz
eb79ed6811ce07743d64b3fb16d762dcbb40a91f  node-v0.12.7-sunos-x64.tar.gz
5a706660fd9392274c8c7d8f21bcebbf7735d1f4  node-v0.12.7-sunos-x86.tar.gz
7aa06c0d54c97e5193bafc927dbe1bede308da97  node-v0.12.7-x86.msi
f6d9b8865905f4f419a9228a960af061f69a6fd5  node-v0.12.7.pkg
6d59007212a964c7a4defc5520aedacdbcb008e1  node-v0.12.7.tar.gz
fac6dbd4b88451228b93d8c217b20de2759cb116  node.exe
05ceb63dce379bc71c9726635efcb95983bac891  node.exp
4b38821ec6ca2dd77637516f11f92637551987ce  node.lib
a7c984b68063571f53bc5782cf30c94f1b32d2ec  node.pdb
cb10067b40b9db47ed1873850ddc96d0c913e985  openssl-cli.exe
bad044c9864ba0181094bbc6d9f6ebe55ceb9e91  openssl-cli.pdb
05cfffda323563c42ff2e461a8e98ee984ad15d1  x64/node-v0.12.7-x64.msi
55e8a906450bf7027808e6cdff259bafd1844306  x64/node.exe
7c04fddb306c69d1701cf2f52cc89c6098894d6f  x64/node.exp
ac2985d01aa77eef104db97d583eef5018430a1b  x64/node.lib
8761ac5ad6074e7c559641572cf19ca2f3e8ea98  x64/node.pdb
6724328166b1e3a2c967023759ee50d0c2d076b3  x64/openssl-cli.exe
e377127c7c2d5eae46228074879c6fa77d9fa221  x64/openssl-cli.pdb
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJVnwkCAAoJEFCjBR+IjGKN48IP/A2aw749kfIzMN5X1x90rTfu
1OoMPFyp5a3Tg4nq9cbiBHQd6oWsMOqiPLiK+cgxtFtPz9cMTvJwDtZlcE6jD+5T
Dbo756zmUGz3euJcpKGVag/Nr+hx8X7ADHLdbaHv5RmJ17aQ/zIRxe9lt+8xrK0g
Ms4my5QfJV5w7+eheDw8/71vHSaUoGbW44PWV98ub74NPdPLnlyvRIFqs//rRahX
VduAq/BepH3CWhTEgMeMu4fEPLiIXgEna5GaFQ1zg5/B4XaJuFNiDP6xede7VQwt
VkwtrTl1yMkH6Guw6f0hrdFalTa3E9SELIQCnZDKj2fT3eJUdtHg82TmrIU/v934
FOFNSU07CJOI8H3cFPEgFtbf05Eyh2axZq/GFvgTMIKpaAtK66RF4/vpoWvezyK0
yIou+59zhL2n3tdO5OUZzZ47843sT2UXH+pOB7xmCu4EYhCve0pPZf30UXzYU46P
RQEsLRIhVPPYszCnStYMWroLBF2zfprbn5pILCYtJbeafFz3U20IbFgPhc7xnWtQ
FiJS0lNdjc8B0yZIiTg59FyudADojWu37gXCYGlD9pyb03GSzG7CIPr206rNwjcR
gW0cbSCtfDdiTo0Za6+ZZdhMW2mf+7MwW2LdXiJiWasj8gAQeIXqXJiWdxQLb2ZV
uAV+X2VgKWk7UCom3i/Y
=fmln
-----END PGP SIGNATURE-----

Thu, 09 Jul 2015 21:57:30 UTC - release

This release upgrades OpenSSL to version 1.0.1p, which fixes a security vulnerability (CVE-2015-1793). More details about the vulnerability can be found on OpenSSL's website.

2015.07.09, Version 0.10.40 (Maintenance)

  • openssl: upgrade to 1.0.1p (CVE-2015-1793)

  • V8: back-port JitCodeEvent patch from upstream (Ben Noordhuis)

  • win,msi: create npm folder in AppData directory (Steven Rockarts)

Source Code: http://nodejs.org/dist/v0.10.40/node-v0.10.40.tar.gz

Macintosh Installer (Universal): http://nodejs.org/dist/v0.10.40/node-v0.10.40.pkg

Windows Installer: http://nodejs.org/dist/v0.10.40/node-v0.10.40-x86.msi

Windows x64 Installer: http://nodejs.org/dist/v0.10.40/x64/node-v0.10.40-x64.msi

Windows x64 Files: http://nodejs.org/dist/v0.10.40/x64/

Linux 32-bit Binary: http://nodejs.org/dist/v0.10.40/node-v0.10.40-linux-x86.tar.gz

Linux 64-bit Binary: http://nodejs.org/dist/v0.10.40/node-v0.10.40-linux-x64.tar.gz

Solaris 32-bit Binary: http://nodejs.org/dist/v0.10.40/node-v0.10.40-sunos-x86.tar.gz

Solaris 64-bit Binary: http://nodejs.org/dist/v0.10.40/node-v0.10.40-sunos-x64.tar.gz

Other release files: http://nodejs.org/dist/v0.10.40/

Website: http://nodejs.org/docs/v0.10.40/

Documentation: http://nodejs.org/docs/v0.10.40/api/

Shasums:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

806f588415bd246fe3ce09f2e5e4058e0340f528  node-v0.10.40-darwin-x64.tar.gz
33bc43201294f4f6bad40c1f24b33ac9134ca279  node-v0.10.40-darwin-x86.tar.gz
b48fdcf8421dc0834d371ab22d9d71f647c5e210  node-v0.10.40-linux-x64.tar.gz
5604060e5a611ecded9516107069dd41511a377d  node-v0.10.40-linux-x86.tar.gz
ab3de94a85d808af84a1c141a2fb6f68f7a7e4c6  node-v0.10.40-sunos-x64.tar.gz
3f8aad4331088f496dbb736f38a53557a0208311  node-v0.10.40-sunos-x86.tar.gz
54912b14b3e6184ee13200257d52bc1447f70c02  node-v0.10.40-x86.msi
fa2100b3ea6ba4bf90a19dae9df95b3d299fc0f2  node-v0.10.40.pkg
b5086ffabd628eb2f76808171cfdf0390f8cd935  node-v0.10.40.tar.gz
43f9cc9ac48298eacc4c5ea06019f741a5a9208e  node.exe
489db10965b9216f38a14a94d43a5ce7430d77f7  node.exp
97d0a62b816465fe11a7df61e0a8b5e9d3ac3cca  node.lib
3211a329e7c0123c0806638a5b3dd813cb6b7b3f  node.pdb
82b08ce94498bd112f07498ad12162db659cb816  openssl-cli.exe
704da37a22d7e1a6addfea8af1f5a41494d74d55  openssl-cli.pdb
037634b6620e04f82c383f037f3787fa55b23085  x64/node-v0.10.40-x64.msi
fff288e67c2e68661b8e7629424c76c879444fd2  x64/node.exe
2f483929469e378a49e62162ea71183b4335e373  x64/node.exp
f163cfc4f8a8db63cb656efb4a034d33ba764750  x64/node.lib
cfc5b981aaabbc8eeed5ae33baf1539365b31d33  x64/node.pdb
c9b822d4bf1848471c58e6206be9e5178bf9ffb7  x64/openssl-cli.exe
2039071281de24a659622afc399d1ecc0bcd67c0  x64/openssl-cli.pdb
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJVnu46AAoJEFCjBR+IjGKNjlAP/2WOSNOzBOrd3JM5Dpr1mWgz
X7s3ldKctDdATJR563USrZ4LpkHqUpbIul8gemU9ncxxpt4DQsjpTWgGjwCl9Zoj
HxuwTnJI+J/9Hqgk8CYEuvPrsLzYgUOmZ0jwGlXg5DQS86amgaxr7Jh6Klq+wTTw
mMsNDI096pPFN3tGGUjNbiVeyaJjsDLwdXkxRkGplH2jyaGa1MEggd2fwmO7WWAS
LJprVMq3SlPWkWmMGIr8xppVwd9SiQMuJ/9ep3G2f6u2T0EFtImGoY6bxGe98yup
RNg2arwl4nl3XkZqUSQUyCsVVrzYQzlvb0gCI+nqqynqpP2tuo7XiELF9DFKnK76
lSoosotLhZTTedWDa/r8B0Ne6Ou8vG4KmnoMt72Xxf9RZafvv2pYy9HyB7FbhSYF
vMPsF/3oF7mmgjv5Eu9xkr98XK2Yxid9SiM7kGTOo2i1kDLpHjN2h0bDVjhAHJ7D
U2FOm3ZxaVvAn4EF+KHqPAKRgOxZjgZ3gZmqShpbxoIWKdIBxxreYSUG6Z5iaCQM
/qlsZj15opKjZIsMtDsLw02dOus+xmVi67pz4wx2/y6xeOkf4DiAzdKL6WSZmC5N
CN7DUXu6Uj68mBGCZFCL5a6jKO//DH6jWEAQEL3PqJH5VSVIpAyvWsuuPetCsKYk
En8uXZ6p+A/Z6+Aofbwu
=vEVE
-----END PGP SIGNATURE-----

Sat, 04 Jul 2015 02:34:23 UTC - release

This release of Node.js fixes a bug that triggers an out-of-band write in V8's utf-8 decoder. This bug impacts all Buffer to String conversions. This is an important security update as this bug can be used to cause a denial of service attack.

2015.07.03, Version 0.12.6 (Stable)

  • V8: fix out-of-band write in utf8 decoder

Source Code: http://nodejs.org/dist/v0.12.6/node-v0.12.6.tar.gz

Macintosh Installer (Universal): http://nodejs.org/dist/v0.12.6/node-v0.12.6.pkg

Windows Installer: http://nodejs.org/dist/v0.12.6/node-v0.12.6-x86.msi

Windows x64 Installer: http://nodejs.org/dist/v0.12.6/x64/node-v0.12.6-x64.msi

Windows x64 Files: http://nodejs.org/dist/v0.12.6/x64/

Linux 32-bit Binary: http://nodejs.org/dist/v0.12.6/node-v0.12.6-linux-x86.tar.gz

Linux 64-bit Binary: http://nodejs.org/dist/v0.12.6/node-v0.12.6-linux-x64.tar.gz

Solaris 32-bit Binary: http://nodejs.org/dist/v0.12.6/node-v0.12.6-sunos-x86.tar.gz

Solaris 64-bit Binary: http://nodejs.org/dist/v0.12.6/node-v0.12.6-sunos-x64.tar.gz

Other release files: http://nodejs.org/dist/v0.12.6/

Website: http://nodejs.org/docs/v0.12.6/

Documentation: http://nodejs.org/docs/v0.12.6/api/

Shasums:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

4c7f2c26ecb37c3faf27413988daa06b2d34d86c  node-v0.12.6-darwin-x64.tar.gz
1cf8e13dc58bae4172f17072183a811473a51f98  node-v0.12.6-darwin-x86.tar.gz
7ac240fc08527328ed295548acdae72495eae4c9  node-v0.12.6-linux-x64.tar.gz
042e30fe3bb89b6e9b16dcbf2d582e23920156d9  node-v0.12.6-linux-x86.tar.gz
e285a0dc4049559adb1712475d425177db718cfe  node-v0.12.6-sunos-x64.tar.gz
0bba5dfe3b253c9dac7fba0b8211da1fb7c66348  node-v0.12.6-sunos-x86.tar.gz
2f2bfca619fe5dec144bc02908e8fbbe7039b7d3  node-v0.12.6-x86.msi
617954505b0e14e97019f93e51805de0c7244809  node-v0.12.6.pkg
a0099d22dc927e18c0e385612afdd14e9173417b  node-v0.12.6.tar.gz
8b7079ff7b07916cc6f8c5773f4fa296b3554ba9  node.exe
3e95afb369b4280d6d80bd8d08d011bc76a99b4d  node.exp
1b0569e1927a0f92399f4e85c8d71c527cc04c86  node.lib
3806b90544b8d36c83fd0939cea939b47a704e17  node.pdb
9a14f0286179b86434e1863a77fdac43b8175511  openssl-cli.exe
8f051e9d75df074a89fb8f317c0ccac62f21c219  openssl-cli.pdb
4c22a0c3860b17f1d7d1338c70723bce6c1f5a73  x64/node-v0.12.6-x64.msi
30b4219fcdd1845915d783b5a390ed7d7a0a7802  x64/node.exe
561dbf27a64932b2d5c74883bd7023c0029ac184  x64/node.exp
424206c71c4bda5fc40b3e189d0be35763afd291  x64/node.lib
d84c6d0e754b2b3380f400f602a8c5db4485822d  x64/node.pdb
3a0ff161d82f3dea3d061862b05fd4b7843f0115  x64/openssl-cli.exe
6de5fc6adb9ebb7ab27da074a8eacf6bcf2f21f8  x64/openssl-cli.pdb
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJVl0YfAAoJEFCjBR+IjGKNm2MP/3d2JyJlA4d+frA5cZhSL22W
KneQKNn4riWDj6OMUsFTw4IEagrec0eHUEWjk20Lk1xsChkTEnC3XT72VGYC61Yh
PEAxllVLR2QdEMV+yqGoPr4PEnkYNYJEf6DVaKWnhy4QwhGxqa1m008eT0aqfBHq
bzaz4wOaWoH9eKo5Hx/9DNaNphxtt5CkPTCbLjMH8X/fVAfXE1vnr+ZYHpyR6qVW
TyFWjwdDwbtfQm2iAIs2mXIUviCrkjSDNsXlrHqlGLVIiBf0isnzXnZMpduDHRU1
Wq2pMGz4m4nHyalHmJriKhf3XG1M3qF59fUC1WteeEBJXvq5nATXV664fbtrRvmp
P/LpU+gnFeX/lj3ut1AyVBcMTSYC99igkPQyU8a5L4d0D0TPHS6X/AkQVQfsjv7p
9YaXCr1tbWf6xRqijt6bP8jeQ5BDZQ2Xr7rpefCRrdSKrCRCQ63chK8iWhf5CtWu
zQNOmitHgshR5RPSdYDSmklrycPQOTraStPD7UfN3GewkahvuGjd3JXHMBskrY/e
WSm6jb7C2xSqL9SrfS+4aQ24Ombh8TyqxgEytZ0vYPpT+BUC91Ifk4lp54CGhmlX
JlPh1rFL07wYUdd5OWRtnJntlvOQaVM1VlUZEUv+ri/enp8Nxzt7A6Y7JfnmdHE2
yqbPp1djFFWrTZ3du0Ed
=jCxm
-----END PGP SIGNATURE-----

Mon, 22 Jun 2015 19:52:51 UTC - release

With this new release, OpenSSL has been upgraded to 1.0.1o to fix several security vulnerabilities. Two of them affect Node.js directly: Logjam and CVE-2015-1788.

Regarding Logjam, OpenSSL has added protection for TLS clients by rejecting handshakes with DH parameters shorter than 768 bits. It means that upgrading to this release of Node.js may prevent TLS clients written in node from connecting to servers using short DH parameters.

Although it is a breaking change in a stable version, the Node.js TSC determined that this is the best path forward to ensure the security of software written with this and future stable versions of node. Should you encounter any issue with this release related to TLS clients not being able to connect to servers using short DH keys, please create an issue at https://github.com/joyent/node/issues.

As for CVE-2015-1788, before this release, TLS programs (including servers) written with Node.js are vulnerable to Denial Of Service attacks.

2015.06.22, Version 0.12.5 (Stable)

  • openssl: upgrade to 1.0.1o (Addressing multiple CVEs)

  • npm: upgrade to 2.11.2

  • uv: upgrade to 1.6.1

  • V8: avoid deadlock when profiling is active (Dmitri Melikyan)

  • install: fix source path for openssl headers (Oguz Bastemur)

  • install: make sure opensslconf.h is overwritten (Oguz Bastemur)

  • timers: fix timeout when added in timer's callback (Julien Gilli)

  • windows: broadcast WM_SETTINGCHANGE after install (Mathias K├╝sel)

Source Code: http://nodejs.org/dist/v0.12.5/node-v0.12.5.tar.gz

Macintosh Installer (Universal): http://nodejs.org/dist/v0.12.5/node-v0.12.5.pkg

Windows Installer: http://nodejs.org/dist/v0.12.5/node-v0.12.5-x86.msi

Windows x64 Installer: http://nodejs.org/dist/v0.12.5/x64/node-v0.12.5-x64.msi

Windows x64 Files: http://nodejs.org/dist/v0.12.5/x64/

Linux 32-bit Binary: http://nodejs.org/dist/v0.12.5/node-v0.12.5-linux-x86.tar.gz

Linux 64-bit Binary: http://nodejs.org/dist/v0.12.5/node-v0.12.5-linux-x64.tar.gz

Solaris 32-bit Binary: http://nodejs.org/dist/v0.12.5/node-v0.12.5-sunos-x86.tar.gz

Solaris 64-bit Binary: http://nodejs.org/dist/v0.12.5/node-v0.12.5-sunos-x64.tar.gz

Other release files: http://nodejs.org/dist/v0.12.5/

Website: http://nodejs.org/docs/v0.12.5/

Documentation: http://nodejs.org/docs/v0.12.5/api/

Shasums:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

a31674f017aa7bfff6d73d2d62501e78e19f2856  node-v0.12.5-darwin-x64.tar.gz
648c4da8bdb6bf0daadfa11a1f59dc5f354179f3  node-v0.12.5-darwin-x86.tar.gz
d06b46e4b9064b12c3cdb65defaf27b968262856  node-v0.12.5-linux-x64.tar.gz
2b5e20fcb362f34df5508b8334d52514701aa15f  node-v0.12.5-linux-x86.tar.gz
2dbc96c33dced5dc4632588035f92afdedaf0ff0  node-v0.12.5-sunos-x64.tar.gz
27eda0e7cd5cd748919055b22683ce0770ce1906  node-v0.12.5-sunos-x86.tar.gz
dd45f1fad6a32686afee6fc9b3353380481a9bec  node-v0.12.5-x86.msi
f5888618555f97c3d67366f11abaf097491ae6f4  node-v0.12.5.pkg
baecde8c2d297aa001a2a8ba2f2d086d970a13eb  node-v0.12.5.tar.gz
f4c8c81c60ed4ad1be2f2df93c0a99c9ba94a1e7  node.exe
2e6912adf6b1cfa3c818770bcd3c09882afcbf7c  node.exp
e88ff96166822f75d31b246358e13e814ddfc2d9  node.lib
9007edd47eeaa4d14329d879f4248ac42869676f  node.pdb
45e946f6ad94e2225c2f2c5081bd6bfa5dad3a5f  openssl-cli.exe
27ea2047ef5ccf0ebdb8b1a9c61e0c35d36c2c6c  openssl-cli.pdb
689e1dbedf5dac5b900584e878024ab3f31111a6  x64/node-v0.12.5-x64.msi
00652c22276b1e7b0b307437219efc3431446100  x64/node.exe
8888e187bfb8dc1f18f6e1284c46014bf97dbadb  x64/node.exp
c9ba1d50d1c962c169a0d47c8ab1f834ab637621  x64/node.lib
149ec0193bef26c57dc420dfe00f928bb4b7a579  x64/node.pdb
5cc07312c39b18ba27229919114b6b09724c9fb3  x64/openssl-cli.exe
590fb71ca72c876bbaad5e5ee6fe85acf406fe40  x64/openssl-cli.pdb
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJViGeDAAoJEFCjBR+IjGKN4OIP/iCxMMLAKTqlrSma5wiztO82
1ff4yE8rCs0jiGZVgTucmaI7j5fGFHJi1sbsBqqAeda3IYAEq+lL180YioHR8KlS
47cTvqeTnjIj1JhzhhRcGxs17IyK7YFJJmEQ+54XdYDB0dHDJM/UXy8ySiCxBdTf
c1Kzi6OGp7qmSAOdIo76q63AxWzKL5jVrxkBBmtyJFr6EW4xTkz98GDLaK+GeBHT
cdpcInYbtJpWNm/8XOfZqAR0tW4HZ6tYHuSxvaZh18YDd+SNsQgLCmR56pLEMkaw
frgfNje37r6jjx1f1GkpbdQHSVjFUZiiwTyKP7eTDMrjttRuYZk+VUCyh/abqZZ3
dfz9Ue22z5ZJyb9L3adrYATrGKBfkhwljcAgYCaGXOokKRZis8BkZJIQUbHI/jZr
/p2hg413EWYoV+ra0a6qjci0JufNJ5Y+02K3XS+qr0lGS4WICEgtni3p0VhWkKO4
ppYgJD4QhQVyH22fi0LklMoX2VO/iyDaNUKHOOHC1QnGQy/5bIGWE4IcSTWFXIpa
hXJT/UmGe7WXup+AQ53E2jzFK2xKX5qnRBGZWjUKQE+nT4o06QNbupZfMckGc8YO
yF1TCguhR+1oglGZbLyvPfCDuD8gJcI76LhDFkoztQbAmiNZql4CbmOw+R5ebDe+
E2abSYUpsCAZCr+Edudl
=Vxgb
-----END PGP SIGNATURE-----

Page 2 →