Node v0.10.39 (Maintenance)

The Node.js Project

With this new release, OpenSSL has been upgraded to 1.0.1o to fix several security vulnerabilities. Two of them affect Node.js directly: Logjam and CVE-2015-1788.

Regarding Logjam, OpenSSL has added protection for TLS clients by rejecting handshakes with DH parameters shorter than 768 bits. It means that upgrading to this release of Node.js may prevent TLS clients written in node from connecting to servers using short DH parameters.

Although it is a breaking change in a maintenance version, the Node.js TSC determined that this is the best path forward to ensure the security of software written with this and future maintenance versions of node. Should you encounter any issue with this release related to TLS clients not being able to connect to servers using short DH keys, please create an issue at https://github.com/joyent/node/issues.

As for CVE-2015-1788, before this release, TLS programs (including servers) written with Node.js are vulnerable to Denial Of Service attacks.

2015.06.18, Version 0.10.39 (Maintenance)

  • openssl: upgrade to 1.0.1o (Addressing multiple CVEs)

  • install: fix source path for openssl headers (Oguz Bastemur)

  • install: make sure opensslconf.h is overwritten (Oguz Bastemur)

  • timers: fix timeout when added in timer's callback (Julien Gilli)

  • windows: broadcast WM_SETTINGCHANGE after install (Mathias Küsel)

Source Code: https://nodejs.org/dist/v0.10.39/node-v0.10.39.tar.gz

Macintosh Installer (Universal): https://nodejs.org/dist/v0.10.39/node-v0.10.39.pkg

Windows Installer: https://nodejs.org/dist/v0.10.39/node-v0.10.39-x86.msi

Windows x64 Installer: https://nodejs.org/dist/v0.10.39/x64/node-v0.10.39-x64.msi

Windows x64 Files: https://nodejs.org/dist/v0.10.39/x64/

Linux 32-bit Binary: https://nodejs.org/dist/v0.10.39/node-v0.10.39-linux-x86.tar.gz

Linux 64-bit Binary: https://nodejs.org/dist/v0.10.39/node-v0.10.39-linux-x64.tar.gz

Solaris 32-bit Binary: https://nodejs.org/dist/v0.10.39/node-v0.10.39-sunos-x86.tar.gz

Solaris 64-bit Binary: https://nodejs.org/dist/v0.10.39/node-v0.10.39-sunos-x64.tar.gz

Other release files: https://nodejs.org/dist/v0.10.39/

Website: https://nodejs.org/docs/v0.10.39/

Documentation: https://nodejs.org/docs/v0.10.39/api/

Shasums:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

f51855f96e3b69af87112161f155ac270eb5bd33  node-v0.10.39-darwin-x64.tar.gz
8316054cdd8cc482f3c6b89434c1fe224039bd26  node-v0.10.39-darwin-x86.tar.gz
97583ea9daf469bcb1691ac8a34fe5b64a8deaf5  node-v0.10.39-linux-x64.tar.gz
d3038a590e99a6eb877b41b39aba503464766347  node-v0.10.39-linux-x86.tar.gz
7b8d190a2e17ad809c7b892178d5410f99328f76  node-v0.10.39-sunos-x64.tar.gz
de09892495d8f6dec3031142ba47d5d02c8f53e7  node-v0.10.39-sunos-x86.tar.gz
2e019ab13a78fb994a8c6c10e72979b56ddaaf0d  node-v0.10.39-x86.msi
2c1a7c3aea6dac03e49181f20c45b7d1315068a2  node-v0.10.39.pkg
b53d33b5e1b980b2fe9009fec810187eaa6b8144  node-v0.10.39.tar.gz
d556c55a815960e0ab705aa9225da996f47f3ef9  node.exe
75201237f362bb27af9652487fb5e74b90edc1ba  node.exp
16d7d5029a0e9a0e21e04a522493a3d973a7eed0  node.lib
4e95ba82cc3fbd26d7da93549c7222ff941760a5  node.pdb
b779fd3b7a70c688b7ab0313f2a62edac9b4cbe1  openssl-cli.exe
9642c12bbdbb03c163c5d3d9e539243730af0595  openssl-cli.pdb
b1183e7597b9b9724bb1d9892843322afeca95aa  x64/node-v0.10.39-x64.msi
eb76635c7bd9a321ac6f97043226ece73bbc4df4  x64/node.exe
fe6ae97961692d595706665533e23cc4d94d2087  x64/node.exp
9ded23cb299cf5d03e0f7783b5d195b1a3a91ff4  x64/node.lib
11832ff8d3409742a90be94738031ebb51c857ad  x64/node.pdb
438e8cf3732b0116a7bee074afc6fbc48c45f0fb  x64/openssl-cli.exe
1855d0a946882b9a4d39d57893ab4e2e3a3c9f02  x64/openssl-cli.pdb
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJViDuaAAoJEFCjBR+IjGKNff8P/jOOp4smwRKWfpi3stsorvlX
3jk/WNXOIUO/qnx5cJA0XrAxzmL+fOOWXlMaacJfAEiy96EQHryjuCasy1nrT+Ae
7qDoXJCnuCgnconV2RIP0otZmlHyTmxRA7DYwbhpOcScCqJoO4HV6fDo50pU+Bdg
HBb5/M3Pm6Cep2Iuv54I1p0mbGVubZxfxmsjkLoEv4KIzmVFit65pZBSA+9DaomK
QqTCnvWg/lCmnSrQQWTTFC0crqB6eO9PP/v63KUQc3G5K/FjhIfJ6j+PPvlBjOfx
N37bxC6YJgVD0axyrxvh2VEhmsJZ06JiI1PUdp91C8klbOp6jeCLFFi5axA0Gjmr
HN6ES5IfnZH26pUFB5M97Cydug+3tM9YPa9jVHwJUdgzNrSVxSlgdQHi4xVHnrTL
xEESXQQWL7kYE+t9oy6i9B93FphsQvqiuI5i4QXj1WabCOEgywVWyZF741wkC8Lu
Y/97CvcPNWoDHR7H+cbrO3B4iedFpKDaxNb1vrpZRgTHiohrkW8Ec2VB00RgCvJi
pPKGxsv70Wby5V8at120CsPLuGW8xCihMpYRkSEyIZodrq0YCtN87COvPe7GpyFk
PnfMhk0U9ANfeMFMK3qcDT+iQAHuLLmD3/aEN6RHc5b2fwyXc4+SqT55jpyegbb4
TbGw60glPAi+FQhZZoF0
=I4d1
-----END PGP SIGNATURE-----
Dernière Mise à jour
22 juin 2015
Temps de Lecture
2 min read
Contribuer
Edit this page