Node.js 8.11.3 和 10.4.1 发布了,更新内容如下: 8.11.3Notable ChangesCommits下载地址: 10.4.1Notable ChangesFixes memory exhaustion DoS (CVE-2018-7164):
Fixes a bug introduced in 9.7.0 that increases the memory consumed when
reading from the network into JavaScript using the net.Socket object
directly as a stream. http2 (CVE-2018-7161):
Fixes Denial of Service vulnerability by updating the http2
implementation to not crash under certain circumstances during cleanup (CVE-2018-1000168): Fixes Denial of Service vulnerability by upgrading nghttp2 to 1.32.0
tls (CVE-2018-7162): Fixes Denial of Service vulnerability by updating the TLS implementation to not crash upon receiving n-api: Prevent use-after-free in napi_delete_async_work
Commits下载地址: 发布公告 |