摘要: Node v5.1.1 (Stable),该版本是重要安全更新发布,主要更新内容如下:http: Fix a bug where an HTTP socket may no longer have an associated parser but a pipelined request triggers a pause or resume, a pot ...
Node v5.1.1 (Stable),该版本是重要安全更新发布,主要更新内容如下:
http: Fix a bug where an HTTP socket may no longer
have an associated parser but a pipelined request triggers a pause or
resume, a potential denial-of-service vector. (Fedor Indutny)
openssl: Upgrade to 1.0.2e, containing fixes for:
CVE-2015-3193 "BN_mod_exp may produce incorrect results on x86_64",
an attack may be feasible against a Node.js TLS server using DHE key
exchange. Details are available at http://openssl.org/news/secadv/20151203.txt.
CVE-2015-3194 "Certificate verify crash with missing PSS parameter",
a potential denial-of-service vector for Node.js TLS servers using
client authentication; TLS clients are also impacted. Details are
available at http://openssl.org/news/secadv/20151203.txt.
(Shigeki Ohtsu) #4134
v8: Backport fixes for a bug in JSON.stringify() that can result in out-of-bounds reads for arrays. (Ben Noordhuis)
