Skip to content

Instantly share code, notes, and snippets.

@EduardoRFS

EduardoRFS/node.CHANGELOG.8.9.4.8.16.2.md

Created October 21, 2019 17:47
Show Gist options
  • Save EduardoRFS/5a579bf580acb6428d851983f95eb49f to your computer and use it in GitHub Desktop.
Save EduardoRFS/5a579bf580acb6428d851983f95eb49f to your computer and use it in GitHub Desktop.
Download ZIP
Raw
node.CHANGELOG.8.9.4.8.16.2.md

2019-10-09, Version 8.16.2 'Carbon' (LTS), @BethGriggs

Node.js 8 is due to go End-of-Life on 31st December 2019.

Notable changes

  • deps: upgrade openssl sources to 1.0.2s (Sam Roberts) #28230

Commits

2019-08-15, Version 8.16.1 'Carbon' (LTS), @BethGriggs

Notable changes

This is a security release.

Node.js, as well as many other implementations of HTTP/2, have been found vulnerable to Denial of Service attacks. See https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md for more information.

Vulnerabilities fixed:

  • CVE-2019-9511 “Data Dribble”: The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.
  • CVE-2019-9512 “Ping Flood”: The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.
  • CVE-2019-9513 “Resource Loop”: The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU, potentially leading to a denial of service.
  • CVE-2019-9514 “Reset Flood”: The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both, potentially leading to a denial of service.
  • CVE-2019-9515 “Settings Flood”: The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.
  • CVE-2019-9516 “0-Length Headers Leak”: The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory, potentially leading to a denial of service.
  • CVE-2019-9517 “Internal Data Buffering”: The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both, potentially leading to a denial of service.
  • CVE-2019-9518 “Empty Frames Flood”: The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU, potentially leading to a denial of service. (Discovered by Piotr Sikora of Google)

Commits

  • [6d427378c0] - deps: update nghttp2 to 1.39.2 (Anna Henningsen) #29122
  • [33d4d916d5] - deps: update nghttp2 to 1.39.1 (gengjiawen) #28448
  • [17fad97113] - deps: update nghttp2 to 1.38.0 (gengjiawen) #27295
  • [0b44733695] - deps: update nghttp2 to 1.37.0 (gengjiawen) #26990
  • [5afc77b044] - deps: update nghttp2 to 1.34.0 (James M Snell) #23284
  • [073108c855] - http2: allow security revert for Ping/Settings Flood (Anna Henningsen) #29122
  • [6d687f7af8] - http2: pause input processing if sending output (Anna Henningsen) #29122
  • [854dba649e] - http2: stop reading from socket if writes are in progress (Anna Henningsen) #29122
  • [a3191689dd] - http2: consider 0-length non-end DATA frames an error (Anna Henningsen) #29122
  • [156f2f35df] - http2: shrink default vector::reserve() allocations (Anna Henningsen) #29122
  • [10f05b65c4] - http2: handle 0-length headers better (Anna Henningsen) #29122
  • [ac28a628a5] - http2: limit number of invalid incoming frames (Anna Henningsen) #29122
  • [11b4e2c0db] - http2: limit number of rejected stream openings (Anna Henningsen) #29122
  • [7de642b6f9] - http2: do not create ArrayBuffers when no DATA received (Anna Henningsen) #29122
  • [dd60d3561a] - http2: only call into JS when necessary for session events (Anna Henningsen) #29122
  • [00f6846b73] - http2: improve JS-side debug logging (Anna Henningsen) #29122
  • [b095e35f1f] - http2: improve http2 code a bit (James M Snell) #23984

2019-04-16, Version 8.16.0 'Carbon' (LTS), @MylesBorins

Notable Changes

  • n-api:
    • add API for asynchronous functions (Gabriel Schulhof) #17887
    • mark thread-safe function as stable (Gabriel Schulhof) #25556

Commits

2019-02-28, Version 8.15.1 'Carbon' (LTS), @rvagg

This is a security release. All Node.js users should consult the security release summary at:

https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/

for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

  • Node.js: Slowloris HTTP Denial of Service with keep-alive (CVE-2019-5737)
  • OpenSSL: 0-byte record padding oracle (CVE-2019-1559)

Notable Changes

  • deps: OpenSSL has been upgraded to 1.0.2r which contains a fix for CVE-2019-1559. Under certain circumstances, a TLS server can be forced to respond differently to a client if a zero-byte record is received with an invalid padding compared to a zero-byte record with an invalid MAC. This can be used as the basis of a padding oracle attack to decrypt data.
  • http: Further prevention of "Slowloris" attacks on HTTP and HTTPS connections by consistently applying the receive timeout set by server.headersTimeout to connections in keep-alive mode. Reported by Marco Pracucci (Voxnest). (CVE-2019-5737 / Matteo Collina)

Commits

2018-12-26, Version 8.15.0 'Carbon' (LTS), @MylesBorins

The 8.14.0 security release introduced some unexpected breakages on the 8.x release line. This is a special release to fix a regression in the HTTP binary upgrade response body and add a missing CLI flag to adjust the max header size of the http parser.

Notable Changes

  • cli:
    • add --max-http-header-size flag (cjihrig) #24811
  • http:
    • add maxHeaderSize property (cjihrig) #24860

Commits

  • [693e362175] - (SEMVER-MINOR) cli: add --max-http-header-size flag (cjihrig) #24811
  • [4fb5a1be2f] - (SEMVER-MINOR) deps: cherry-pick http_parser_set_max_header_size (cjihrig) #24811
  • [446f8b54e5] - (SEMVER-MINOR) http: add maxHeaderSize property (cjihrig) #24860
  • [215ecfe4de] - http: fix regression of binary upgrade response body (Matteo Collina) #25037

2018-12-18, Version 8.14.1 'Carbon' (LTS), @MylesBorins prepared by @BethGriggs

Notable changes

  • assert:
    • revert breaking change (Ruben Bridgewater) #24786
  • http2:
    • fix sequence of error/close events (Gerhard Stoebich) #24789

Commits

  • [62fb5dbec5] - assert: revert breaking change (Ruben Bridgewater) #24786
  • [a8402fe1c8] - build: only check REPLACEME & DEP...X for releases (Rod Vagg) #24575
  • [26743369d3] - build: improve Travis CI settings (Timothy Gu) #21459
  • [1da04c208d] - build: install markdown linter for travis (Richard Lau) #21215
  • [7612024939] - build: initial .travis.yml implementation (Anna Henningsen) #21059
  • [f70e79a7b2] - build: allow for overwriting of use_openssl_def (Shelley Vohr) #23763
  • [15d1f67c60] - build,doc: remove outdated lint-md-build (Michaël Zasso) #22991
  • [85a6daeaef] - build,meta: switch to gcc-4.9 on travis (Refael Ackermann) #23778
  • [313ef6fa73] - build,tools: tweak the travis config (Refael Ackermann) #22417
  • [22b41495ea] - child_process: handle undefined/null for fork() args (Shobhit Chittora) #22416
  • [499605618b] - crypto: add SET_INTEGER_CONSANT macro (Daniel Bevenius) #23687
  • [34d91296df] - deps: icu: apply workaround patch (Steven R. Loomis) #23764
  • [50347297a1] - deps: cherry-pick d2e0166 from V8 upstream (Vasili Skurydzin) #23958
  • [9bedae5266] - deps: cherry-pick 6bc4bfe from V8 upstream (Vasili Skurydzin) #23958
  • [4f3c9e6aab] - deps,v8: fix gyp build on Aix platform (Vasili Skurydzin) #23958
  • [4c24a82a65] - http2: fix sequence of error/close events (Gerhard Stoebich) #24789
  • [8afbd5ce41] - lib: fix a typo in lib/timers "read through" (wangzengdi) #19666
  • [fa12532000] - lib: remove useless cwd in posix.resolve (ZYSzys) #23902
  • [e8dbd09414] - src: use "constants" string instead of creating new one (Ouyang Yadong) #23894
  • [e84c01d1f3] - tools: update alternative docs versions (Richard Lau) #23980
  • [02209c5fa7] - tools: clarify commit message linting (Rich Trott) #23742
  • [22043ccb84] - tools: do not lint commit message if var undefined (Rich Trott) #23725
  • [2a8a28c436] - tools: make Travis commit linting more robust (Rich Trott) #23397
  • [c15d236545] - tools: apply linting to first commit in PRs (Rich Trott) #22452

2018-11-27, Version 8.14.0 'Carbon' (LTS), @rvagg

This is a security release. All Node.js users should consult the security release summary at:

https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/

for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

  • Node.js: Denial of Service with large HTTP headers (CVE-2018-12121)
  • Node.js: Slowloris HTTP Denial of Service (CVE-2018-12122 / Node.js)
  • Node.js: Hostname spoofing in URL parser for javascript protocol (CVE-2018-12123)
  • Node.js: HTTP request splitting (CVE-2018-12116)
  • OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734)
  • OpenSSL: Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407)

Notable Changes

  • deps: Upgrade to OpenSSL 1.0.2q, fixing CVE-2018-0734 and CVE-2018-5407
  • http:
    • Headers received by HTTP servers must not exceed 8192 bytes in total to prevent possible Denial of Service attacks. Reported by Trevor Norris. (CVE-2018-12121 / Matteo Collina)
    • A timeout of 40 seconds now applies to servers receiving HTTP headers. This value can be adjusted with server.headersTimeout. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with server.setTimeout(), this aids in protecting against excessive resource retention and possible Denial of Service. Reported by Jan Maybach (liebdich.com). (CVE-2018-12122 / Matteo Collina)
    • Two-byte characters are now strictly disallowed for the path option in HTTP client requests. Paths containing characters outside of the range \u0021 - \u00ff will now be rejected with a TypeError. This behavior can be reverted if necessary by supplying the --security-revert=CVE-2018-12116 command line argument (this is not recommended). Reported as security concern for Node.js 6 and 8 by Arkadiy Tetelman (Lob), fixed by backporting a change by Benno Fünfstück applied to Node.js 10 and later. (CVE-2018-12116 / Matteo Collina)
  • url: Fix a bug that would allow a hostname being spoofed when parsing URLs with url.parse() with the 'javascript:' protocol. Reported by Martin Bajanik (Kentico). (CVE-2018-12123 / Matteo Collina)

Commits

2018-11-20, Version 8.13.0 'Carbon' (LTS), @MylesBorins prepared by @BethGriggs

Notable changes

  • assert:
    • backport some assert commits (Ruben Bridgewater) #23223
  • deps:
    • upgrade to libuv 1.23.2 (cjihrig) #23336
    • V8: cherry-pick 64-bit hash seed commits (Yang Guo) #23274
  • http:
    • added aborted property to request (Robert Nagy) #20094
  • http2:
    • graduate from experimental (James M Snell) #22466

Commits

  • [0d241ba385] - assert: ensure .rejects() disallows sync throws (Teddy Katz) #19650
  • [3babc5bb53] - (SEMVER-MINOR) assert: add rejects() and doesNotReject() (feugy) #18023
  • [18071db274] - assert: fix throws trace (Ruben Bridgewater) #18595
  • [562787efb2] - assert: fix strict regression (Ruben Bridgewater) #17903
  • [f2af930ebb] - (SEMVER-MINOR) assert: .throws accept objects (Ruben Bridgewater) #17584
  • [147aeedc8d] - (SEMVER-MINOR) assert: improve assert.throws (Ruben Bridgewater) #17585
  • [c9d84b6d4f] - assert: fix throws and doesNotThrow stack frames (Ruben Bridgewater) #17703
  • [a42d0726ac] - assert: use object argument in innerFail (Ruben Bridgewater) #17582
  • [84948cf14f] - assert: fix .throws operator (Ruben Bridgewater) #17575
  • [c6d94f8fa5] - (SEMVER-MINOR) assert: add strict functionality export (Ruben Bridgewater) #17002
  • [26d145a77f] - async_hooks: add missing async_hooks destroys in AsyncReset (Bastian Krol) #23272
  • [104fbc64ed] - build: update arm64 minimum supported platform (Gibson Fahnestock) #19164
  • [afcf059898] - build: do not cd on vcbuild help (Vse Mozhet Byt) #19291
  • [ca8d4e3450] - build: define NOMINMAX on windows (Ben Noordhuis) #22731
  • [5245d6ac97] - deps: V8: partially revert d868eb7 (Ali Ijaz Sheikh) #24499
  • [62dd1d7bd4] - deps: upgrade to libuv 1.23.2 (cjihrig) #23336
  • [b38190ebb0] - deps: upgrade to libuv 1.23.1 (cjihrig) #22997
  • [d9d541c415] - deps: upgrade to libuv 1.23.0 (cjihrig) #22365
  • [e3d08af7c1] - deps: upgrade to libuv 1.22.0 (cjihrig) #21731
  • [11cb09b25a] - deps: upgrade to libuv 1.21.0 (cjihrig) #21466
  • [c54f4bc8e8] - deps: upgrade to libuv 1.20.3 (cjihrig) #20585
  • [2307653abf] - deps: upgrade to libuv 1.20.2 (cjihrig) #20129
  • [a1b94d35e7] - deps: upgrade libuv to 1.20.0 (cjihrig) #19758
  • [ce65d84537] - deps: backport a8f6869 from upstream V8 (Ben Newman) #22714
  • [7ab253f62e] - deps: V8: cherry-pick 64-bit hash seed commits (Yang Guo) #23274
  • [60f7bfa4d7] - deps: update to nghttp2 1.33.0 (Anna Henningsen) #22649
  • [48f31bdf20] - deps: V8: backport 20 CPU profiler commits from upstream (Peter Marshall) #21558
  • [9e2077afee] - deps: backport 9a23bdd from upstream V8 (Daniel Beckert) #22418
  • [af5cebb326] - doc,http2: add parameters for Http2Session:connect event (Ujjwal Sharma) #20193
  • [57618aae0a] - errors: fix undefined HTTP2 and tls errors (Shailesh Shekhawat) #21564
  • [e3bddeec18] - http: fix undefined error in parser event (Anatoli Papirovski) #20029
  • [1edd7f6393] - (SEMVER-MINOR) http: added aborted property to request (Robert Nagy) #20094
  • [7f34c277ac] - http2: simplify timeout tracking (Anna Henningsen) #19206
  • [18a2b3dc8e] - (SEMVER-MINOR) http2: graduate from experimental (James M Snell) #22466
  • [10576d6e77] - (SEMVER-MINOR) http2: add ping event (James M Snell) #23009
  • [ca933ce577] - http2: do not falsely emit 'aborted' on push (Anatoli Papirovski) #22878
  • [49f44f3b44] - (SEMVER-MINOR) http2: add origin frame support (James M Snell) #22956
  • [9f7934159e] - http2: check if stream is not destroyed before sending trailers (Matteo Collina) #22896
  • [2de17ead89] - (SEMVER-MINOR) http2: add http2stream.endAfterHeaders property (James M Snell) #22843
  • [805bf40bfd] - http2: don't expose the original socket through the socket proxy (Szymon Marczak) #22650
  • [6a396ff911] - http2: throw better error when accessing unbound socket proxy (James M Snell) #22486
  • [348cde07fd] - http2: emit timeout on compat request and response (James M Snell) #22252
  • [cc561cc5a7] - http2: explicitly disallow nested push streams (James M Snell) #22245
  • [5c3edd3479] - http2: avoid race condition in OnHeaderCallback (James M Snell) #22256
  • [f2f66b4cfb] - http2: remove streamError from docs (James M Snell) #22246
  • [d602c7a2ed] - http2: release request()'s "connect" event listener after it runs (James Ide) #21916
  • [745e1e6192] - http2: remove unused nghttp2 error list (Anna Henningsen) #21827
  • [e5175e6596] - http2: remove waitTrailers listener after closing a stream (RidgeA) #21764
  • [071a022dbc] - http2: order declarations in core.js (Rich Trott) #21689
  • [1cdf93ecdc] - http2: pass incoming set-cookie header as array (Gerhard Stoebich) #21360
  • [20b72fc94d] - http2: track memory allocated by nghttp2 (Anna Henningsen) #21374
  • [e9e4f434b3] - http2: fix memory leak when headers are not emitted (Anna Henningsen) #21373
  • [0f3e65099d] - http2: fix memory leak for uncommon headers (Anna Henningsen) #21336
  • [0a8d0861f2] - http2: safer Http2Session destructor (Anatoli Papirovski) #21194
  • [3c8c53f4f4] - http2: fix premature destroy (Anatoli Papirovski) #21051
  • [b22266cc97] - http2: force through RST_STREAM in destroy (Anatoli Papirovski) #21016
  • [91be1dc2a5] - http2: delay closing stream (Anatoli Papirovski) #20997
  • [0a6672fbcf] - http2: fix several serious bugs (Anatoli Papirovski) #20772
  • [b0c92cadfa] - http2: fix end without read (Anatoli Papirovski) #20621
  • [d1b78252b1] - http2: avoid bind and properly clean up in compat (Robert Nagy) #20374
  • [395ce845da] - http2: rename http2_state class to Http2State (Daniel Bevenius) #20423
  • [74192ddb66] - http2: reduce require calls in http2/core (Daniel Bevenius) #20422
  • [28a6e59bd3] - http2: fix ping callback (Ruben Bridgewater) #20311
  • [41dca9e851] - http2: fix responses to long payload reqs (Anatoli Papirovski) #20084
  • [fa5a3809a3] - http2: refactor how trailers are done (James M Snell) #19959
  • [5862d0372c] - http2: fix ping duration calculation (James M Snell) #19956
  • [2ae98ce7cb] - lib: define printErr() in script string (cjihrig) #19285
  • [b0e3ce9c4b] - net,http2: refactor _write and _writev (Ujjwal Sharma) #20643
  • [0187e3bef8] - process: avoid using the same fd for ipc and stdio (cjihrig) #21466
  • [5b2f6508f9] - src: make AsyncWrap constructors delegate (Daniel Bevenius) #19366
  • [9e8f4e5047] - src: remove unused uv.h include from async_wrap.cc (Daniel Bevenius) #19342
  • [042434f9af] - src: fix indenting of wrap->EmitTraceEventBefore (Daniel Bevenius) #19340
  • [3ad10e5789] - src: add extractPromiseWrap function (Daniel Bevenius) #19340
  • [b67bf38f31] - src: fix fs.write() externalized string handling (Ben Noordhuis) #18216
  • [0157e3ebca] - src,deps: add ABI safe use of CheckMemoryPressure (Ali Ijaz Sheikh) #24499
  • [f5985c734c] - tls,http2: handle writes after SSL destroy more gracefully (Anna Henningsen) #18987

2018-09-11, Version 8.12.0 'Carbon' (LTS), @MylesBorins

Notable Changes

  • async_hooks:
    • rename PromiseWrap.parentId (Ali Ijaz Sheikh) #18633
    • remove runtime deprecation (Ali Ijaz Sheikh) #19517
    • deprecate unsafe emit{Before,After} (Ali Ijaz Sheikh) #18513
  • cluster:
    • add cwd to cluster.settings (cjihrig) #18399
    • support windowsHide option for workers (Todd Wong) #17412
  • crypto:
    • allow passing null as IV unless required (Tobias Nießen) #18644
  • deps:
    • upgrade npm to 6.4.1 (Kat Marchán) #22591
    • upgrade libuv to 1.19.2 (cjihrig) #18918
    • Upgrade node-inspect to 1.11.5 (Jan Krems) #21055
  • fs,net:
    • support as and as+ flags in stringToFlags() (Sarat Addepalli) #18801
    • emit 'ready' for fs streams and sockets (Sameer Srivastava) #19408
  • http, http2:
    • add options to http.createServer() (Peter Marton) #15752-
    • add 103 Early Hints status code (Yosuke Furukawa) #16644
    • add http fallback options to .createServer (Peter Marton) #15752
  • n-api:
    • take n-api out of experimental (Michael Dawson) #19262
  • perf_hooks:
    • add warning when too many entries in the timeline (James M Snell) #18087
  • src:
    • add public API for managing NodePlatform (Cheng Zhao) #16981
    • allow --perf-(basic-)?prof in NODE_OPTIONS (Leko) #17600
    • node internals' postmortem metadata (Matheus Marchini) #14901
  • tls:
    • expose Finished messages in TLSSocket (Anton Salikhmetov) #19102
  • trace_events:
    • add file pattern cli option (Andreas Madsen) #18480
  • util:
    • implement util.getSystemErrorName() (Joyee Cheung) #18186

Commits

  • [b7f9334454] - (SEMVER-MINOR) async_hooks: rename PromiseWrap.parentId (Ali Ijaz Sheikh) #18633
  • [373f4d6225] - (SEMVER-MINOR) async_hooks: remove runtime deprecation (Ali Ijaz Sheikh) #19517
  • [daacff8584] - (SEMVER-MINOR) async_hooks: deprecate unsafe emit{Before,After} (Ali Ijaz Sheikh) #18513
  • [8f5e9916d1] - async_wrap: fix memory leak in AsyncResource (Michael Dawson) #20668
  • [0a3ebb030e] - benchmark: add JSStreamWrap benchmark (Anna Henningsen) #17983
  • [4009e3f245] - buffer: fix typo in lib/buffer.js (Ujjwal Sharma) #19126
  • [20d805e4bc] - build: disable openssl build warnings on macos (Ben Noordhuis) #19046
  • [abcc9119d2] - build: fix rm commands in tarball rule (Ben Noordhuis) #18332
  • [0bef96094e] - build: include the libuv and zlib into node (Yihong Wang) #18383
  • [2ec7dd4edc] - build: fix configure script for double-digits (Misty De Meo) #21183
  • [020057ade7] - build: make lint-ci work properly on Linux make (Rod Vagg) #19746
  • [18fd620606] - build: add node_lib_target_name to cctest deps (Daniel Bevenius) #18576
  • [9bd5fc2b34] - build: make gyp user defined variables lowercase (Daniel Bevenius) #16238
  • [1d90700514] - child_process: fix stdio sockets creation (Santiago Gimeno) #18701
  • [dc000a55d3] - (SEMVER-MINOR) cluster: add cwd to cluster.settings (cjihrig) #18399
  • [76805f0043] - (SEMVER-MINOR) cluster: support windowsHide option for workers (Todd Wong) #17412
  • [4d5cb4c8b5] - crypto: use bool over int consistently (Tobias Nießen) #19238
  • [5a3dc37bc8] - crypto: Use math.h definitions of isnan and isinf (Jeroen Roovers) #19196
  • [fc34f5cae2] - (SEMVER-MINOR) crypto: allow passing null as IV unless required (Tobias Nießen) #18644
  • [4f3bf0449c] - crypto: use non-deprecated v8::Object::Set (Daniel Bevenius) #17482
  • [c491ac424b] - crypto: remove BIO_set_shutdown (Daniel Bevenius) #17542
  • [f82d58db4c] - (SEMVER-MINOR) deps: upgrade npm to 6.4.1 (Kat Marchán) #22591
  • [5294919d05] - deps: V8: cherry-pick 9040405 from upstream (Junliang Yan) #22375
  • [ae63db8624] - deps: backport 804a693 from upstream V8 (Matheus Marchini) #21855
  • [bf2daab673] - deps: Upgrade node-inspect to 1.11.5 (Jan Krems) #21055
  • [d9ab189f55] - deps: cherry-pick b767cde1e7 from upstream V8 (Ben Noordhuis) #19710
  • [812b97c826] - deps: fix typo in openssl upgrading doc (Daniel Bevenius) #19789
  • [60733a7a78] - deps: upgrade libuv to 1.19.2 (cjihrig) #18918
  • [31883368c7] - deps: cherry-pick 0c35b72 from upstream V8 (Gus Caplan) #18038
  • [74ca456af0] - (SEMVER-MINOR) deps: upgrade npm to 6.2.0 (Kat Marchán) #21592
  • [ffb72f810e] - deps: cherry-pick 09b53ee from upstream V8 (Anna Henningsen) #21767
  • [8e0f28b8f0] - deps: V8: backport 49712d8a from upstream (Ali Ijaz Sheikh) #21334
  • [efe28b8581] - deps: V8: fix bug in InternalPerformPromiseThen (Ali Ijaz Sheikh) #21426
  • [9aeffab452] - deps: V8: cherry-pick 8361fa58 from upstream (Ali Ijaz Sheikh) #21294
  • [f987a512d4] - deps: V8: backport b49206d from upstream (Ali Ijaz Sheikh) #20727
  • [185aca054e] - deps: float fix on node-gyp in npm tree (Myles Borins) #21448
  • [677236494b] - (SEMVER-MINOR) deps: upgrade npm to 6.1.0 (Rebecca Turner) #20190
  • [e6cd7e57b3] - deps: V8: cherry-pick 5ebd6fcd from upstream (Ali Ijaz Sheikh) #21269
  • [d868eb784c] - deps: V8: cherry-pick 502c6ae6 from upstream (Ali Ijaz Sheikh) #21269
  • [656ceea393] - deps: cherry-pick dbfe4a49d8 from upstream V8 (Jan Krems) #16889
  • [50316e2021] - doc,tools: formalize, unify, codify default values (Vse Mozhet Byt) #19737
  • [98f5b17ee1] - errors: make message non-enumerable (Ruben Bridgewater) #19719
  • [9dc1f509f1] - errors: move error creation helpers to errors.js (Joyee Cheung) #18546
  • [9696bf920f] - errors: lazy load util in internal/errors.js (Joyee Cheung) #18358
  • [e25d5d077d] - (SEMVER-MINOR) fs: support as and as+ flags in stringToFlags() (Sarat Addepalli) #18801
  • [35a1bd97ba] - (SEMVER-MINOR) fs,net: emit 'ready' for fs streams and sockets (Sameer Srivastava) #19408
  • [68a810cd85] - http: prevent aborted event when already completed (Andrew Johnston) #18999
  • [c4fa1f72a2] - http: prevent aborted event when already completed (Andrew Johnston) #18999
  • [1fc00f0821] - http: do not rely on the 'agentRemove' event (Luigi Pinca) #20786
  • [e094275799] - http: simplify parser lifetime tracking (Anna Henningsen) #18135
  • [01dc646382] - (SEMVER-MINOR) http: add options to http.createServer() (Peter Marton) #15752
  • [7c43099d1e] - (SEMVER-MINOR) http, http2: add 103 Early Hints status code (Yosuke Furukawa) #16644
  • [87818dc8bc] - http2: destroy the socket properly and add tests (Mathias Buus) #19852
  • [de51a83e58] - http2: remove unused using declarations node_http2 (Daniel Bevenius) #20420
  • [a29cd25b41] - http2: refer to stream errors by name (Anna Henningsen) #18966
  • [06329a8eaf] - http2: remove duplicate words in comments (Tobias Nießen) #17939
  • [955080f7ee] - http2: pass session to DEBUG_HTTP2SESSION2 (Daniel Bevenius) #20815
  • [b1b0486049] - http2: add req and res options to server creation (Peter Marton) #15560
  • [3f78847e0e] - (SEMVER-MINOR) http2: add http fallback options to .createServer (Peter Marton) #15752
  • [cf833e4901] - lib: change hook -> hooks in code comment (Daniel Bevenius) #19053
  • [29b5d3999e] - lib: re-fix v8_prof_processor (Anna Henningsen) #19059
  • [2702fd779e] - lib: replace eval with vm.runInThisContext (Myles Borins) #18623
  • [7e23946c87] - lib: provide proper deprecation code (Ruben Bridgewater) #18694
  • [7c6e391419] - lib, src: use process.config instead of regex (Jon Moss) #17814
  • [0f83f251fe] - module: enable dynamic import flag for esmodules (Myles Borins) #18387
  • [d7192c4e6a] - module: Set dynamic import callback (Jan Krems) #15713
  • [35a8ff7e55] - n-api: create functions directly (Gabriel Schulhof) #21688
  • [7033bbaa01] - n-api: throw when entry point is null (Gabriel Schulhof) #20779
  • [4911c4e9fa] - n-api: improve runtime perf of n-api func call (Kenny Yuan) #21072
  • [0b2f52706d] - (SEMVER-MINOR) n-api: take n-api out of experimental (Michael Dawson) #19262
  • [4a267f0e3c] - net: simplify net.Socket#end() (Anna Henningsen) #18708
  • [3d38bab64e] - net: use _final instead of on('finish') (Anna Henningsen) #18608
  • [1a1288d03c] - perf_hooks: fix timing (Timothy Gu) #18993
  • [b4192b007b] - (SEMVER-MINOR) perf_hooks: add warning when too many entries in the timeline (James M Snell) #18087
  • [68d33c692e] - perf_hooks: fix scheduling regression (Anatoli Papirovski) #18051
  • [711098e88c] - (SEMVER-MINOR) process: Send signal name to signal handlers (Robert Rossmann) #15606
  • [2ec981b078] - process: use more direct sync I/O for stdio (Anna Henningsen) #18019
  • [a6fca750be] - repl: better handling of recoverable errors (Prince J Wesley) #18915
  • [66343c546c] - (SEMVER-MINOR) src: add environment cleanup hooks (Anna Henningsen) #19377
  • [f33f3238f9] - src: #include <stdio.h>" to iculslocs (Steven R. Loomis) #19150
  • [02ea033e05] - src: fix error message in async_hooks constructor (Daniel Bevenius) #19000
  • [d478bc7375] - src: fix bootstrap_node on bsd (sylkat) #22663
  • [cbe92390c1] - src: use DoTryWrite() for not-all-Buffer writev()s too (Anna Henningsen) #18019
  • [69efa9f6b3] - src: remove node namespace qualifiers (Daniel Bevenius) #18962
  • [8af6b75e10] - (SEMVER-MINOR) src: add public API for managing NodePlatform (Cheng Zhao) #16981
  • [e194c3782b] - src: fix deprecation warning in node_perf.cc (Daniel Bevenius) #18877
  • [161869ece0] - (SEMVER-MINOR) src: allow --perf-(basic-)?prof in NODE_OPTIONS (Leko) #17600
  • [eaf99d9393] - src: add node_encoding.cc (James M Snell) #21112
  • [0321afed4c] - src: add node_process.cc (James M Snell) #21105
  • [54ea1ccf2d] - src: refactor bootstrap to use bootstrap object (James M Snell) #20917
  • [6f545d1902] - src: fix compiler warning in process.ppid (cjihrig) #16958
  • [9125e2b6fa] - src: add convenience ctor for async trigger id scope (Anna Henningsen) #19204
  • [2ee4bb7826] - src: move Environment ctor/dtor into env.cc (Anna Henningsen) #19202
  • [342dbff852] - src: make AsyncResource destructor virtual (Anna Henningsen) #20633
  • [b916620bf5] - src: fix typo in util.h comment (Anna Henningsen) #20656
  • [8076a793ed] - src: fix nullptr dereference for signal during startup (Anna Henningsen) #20637
  • [1cb9772a40] - src: remove unused freelist.h header (Anna Henningsen) #20544
  • [e17f05a817] - src: create per-isolate strings after platform setup (Ulan Degenbaev) #20175
  • [d38ccbb07f] - src: use unordered_map for perf marks (Anna Henningsen) #19558
  • [553e34ef9c] - src: simplify http2 perf tracking code (Anna Henningsen) #19470
  • [67182912d7] - src: add "icu::" prefix before ICU symbols (Steven R. Loomis)
  • [2cf263519a] - src: use unique_ptr for scheduled delayed tasks (Franziska Hinkelmann) #17083
  • [2148b1921e] - src: use unique_ptr in platform implementation (Franziska Hinkelmann) #16970
  • [e9327541e1] - src: cancel pending delayed platform tasks on exit (Anna Henningsen) #16700
  • [bf8068e6f9] - src: prepare v8 platform for multi-isolate support (Anna Henningsen) #16700
  • [59f13304e1] - src: refactor callback #defines into C++ templates (Anna Henningsen) #18133
  • [a8d2ab50fc] - src: rename On* -> Emit* for stream callbacks (Anna Henningsen) #17701
  • [15c4717e0a] - src: harden JSStream callbacks (Anna Henningsen) #18028
  • [5ea1492b74] - src: fix code coverage cleanup (Michael Dawson) #18081
  • [0d2a720c70] - src: update make for new code coverage locations (Michael Dawson) #17987
  • [2c6f482ba2] - src: remove duplicate words in comments (Tobias Nießen) #17939
  • [7fa97d4f09] - src: make FSEventWrap/StatWatcher::Start more robust (Timothy Gu) #17432
  • [c39b0020b5] - src: expose uv.errmap to binding (Joyee Cheung) #17338
  • [75b456d0b8] - src: do not redefine private for GenDebugSymbols (Joyee Cheung) #18653
  • [7cf26e5813] - src: remove superfluous check in backtrace_posix.cc (Anna Henningsen) #16950
  • [0564454b75] - (SEMVER-MINOR) src, test: node internals' postmortem metadata (Matheus Marchini) #14901
  • [c92d66a749] - stream: delete redundant code (陈刚) #18145
  • [af27768df4] - stream: delete redundant code (陈刚) #18145
  • [d55e4adc3d] - test,benchmark,doc: enable dot-notation rule (Ruben Bridgewater) #18749
  • [1f49de4b24] - (SEMVER-MINOR) tls: expose Finished messages in TLSSocket (Anton Salikhmetov) #19102
  • [1cf17df769] - tls: accept array of protocols in TLSSocket (Mark S. Everitt) #16655
  • [8292bc3892] - tls: use correct class name in deprecation message (Anna Henningsen) #17561
  • [c56aafd645] - tools: add log output to crashes (Ruben Bridgewater) #20295
  • [422b6e8b9f] - tools: show stdout/stderr for timed out tests (Rich Trott) #20260
  • [f8c5042454] - tools: include exit code in TAP log (Refael Ackermann) #19855
  • [11e53cd323] - tools: include exit code in test failures (Rich Trott) #19855
  • [246c2d18cb] - tools: fix TypeError from test.py --time (Richard Lau) #20368
  • [1241b90a13] - tools: simplify HTML generation (Vse Mozhet Byt) #20307
  • [ac05c2b226] - tools: modernize and optimize doc/addon-verify.js (Vse Mozhet Byt) #20188
  • [fc41817f97] - tools: don’t emit illegal utf-8 from icutrim/iculslocs (Steven R. Loomis) #19756
  • [cf2a7e9ce6] - tools: apply editorconfig rules to tools also (Tobias Nießen) #19521
  • [36ffc3b69b] - tools: remove src dir from JS editorconfig rule (Tobias Nießen) #19521
  • [ff4c30e9bb] - tools: dry utility function in tools/doc/json.js (Vse Mozhet Byt) #19692
  • [59b99e88fb] - tools: fix comment nits in tools/doc/*.js files (Vse Mozhet Byt) #19696
  • [eb5f08546e] - tools: fix nits in tools/doc/type-parser.js (Vse Mozhet Byt) #19612
  • [4a1b064cdc] - tools: simplify tools/doc/preprocess.js (Vse Mozhet Byt) #19539
  • [fe4e511ae8] - tools: fix nits in tools/doc/common.js (Vse Mozhet Byt) #19599
  • [11b8d4793f] - tools: shorten metadata parsing (Tobias Nießen) #19512
  • [aa3be00b08] - tools: make metadata parsing less permissive (Tobias Nießen) #19512
  • [2fb47a5cbf] - tools: fix nits in tools/doc/preprocess.js (Vse Mozhet Byt) #19473
  • [e1c28b6f46] - tools: fix logic nit in tools/doc/generate.js (Vse Mozhet Byt) #19475
  • [7d4d96b63d] - tools: bump remark-cli to 4.0 (Refael Ackermann) #17028
  • [814021182e] - tools: fix custom eslint rule errors (Ruben Bridgewater) #18853
  • [ce62e142b3] - tools: ignore VS compiler output in deps/v8 (Michaël Zasso) #18952
  • [817f43637b] - tools: custom eslint autofix for inspector-check.js (Shobhit Chittora) #16646
  • [c32b087161] - tools: auto fix custom crypto-check eslint rule (Shobhit Chittora) #16647
  • [7f1a9421c0] - tools: fix eslint isRequired (Ruben Bridgewater) #18729
  • [bf09b7a155] - tools: treat SIGABRT as crash (Anna Henningsen) #19990
  • [79919a3a9a] - tools: ensure doc-only doesn't update package-lock (Myles Borins) #21015
  • [c5eb1f83d0] - tools: update tooling to work with new macOS CLI … (Rich Trott) #21173
  • [5362e2fbb3] - tools: fix test-npm-package (Michaël Zasso) #19293
  • [ab967b725e] - tools: fix icu readme lint error (Anatoli Papirovski) #18445
  • [f2506d46b5] - tools: don't lint-md as part of main lint target (Refael Ackermann) #17587
  • [3857e108ca] - tools: speed up lint-md-build (Refael Ackermann) #16945
  • [c4716dc711] - tools, test: fix prof polyfill readline (killagu) #18641
  • [4df93dc8ac] - tools,bootstrap: preprocess gypi files to json (Gus Caplan) #19140
  • [7a35e18177] - tools,gyp: fix regex for version matching (Rich Trott) #21216
  • [e602726c68] - (SEMVER-MINOR) trace_events: add file pattern cli option (Andreas Madsen) #18480
  • [9fdba04e5e] - tty: fix console printing on Windows (Anna Henningsen) #18214
  • [40a36b3af8] - url: added url fragment lookup table (Hakan Kimeiga) #17627
  • [654ce4ba17] - url: added space to class string of iterator objects (Haejin Jo) #17558
  • [66520afdb8] - util: skip type checks in internal getSystemErrorName (Joyee Cheung) #18546
  • [58b5a610d8] - (SEMVER-MINOR) util: implement util.getSystemErrorName() (Joyee Cheung) #18186
  • [ec1828c2b6] - (SEMVER-MAJOR) v8: add new to the throw statement (Ruben Bridgewater) #13857
  • [8a5c100793] - win, tools: add nasm to boxstarter script (Bartosz Sosnowski) #19950

2018-08-15, Version 8.11.4 'Carbon' (LTS), @rvagg

This is a security release. All Node.js users should consult the security release summary at:

https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/

for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

  • CVE-2018-0732 (OpenSSL)
  • CVE-2018-12115 (Node.js)

Notable Changes

  • buffer: Fix out-of-bounds (OOB) write in Buffer.write() for UCS-2 encoding (CVE-2018-12115)
  • deps: Upgrade to OpenSSL 1.0.2p, fixing:
    • Client DoS due to large DH parameter (CVE-2018-0732)
    • ECDSA key extraction via local side-channel (CVE not assigned)

Commits

2018-06-12, Version 8.11.3 'Carbon' (LTS), @evanlucas

Notable Changes

  • buffer (CVE-2018-7167): Fixes Denial of Service vulnerability where calling Buffer.fill() could hang
  • http2
    • (CVE-2018-7161): Fixes Denial of Service vulnerability by updating the http2 implementation to not crash under certain circumstances during cleanup
    • (CVE-2018-1000168): Fixes Denial of Service vulnerability by upgrading nghttp2 to 1.32.0

Commits

2018-05-15, Version 8.11.2 'Carbon' (LTS), @MylesBorins

Notable Changes

  • deps:
    • update node-inspect to 1.11.3 (Jan Krems) #18354
    • update nghttp2 to 1.29.0 (James M Snell) #17908
  • http2:
    • Sync with current release stream
  • n-api:
    • Sync with current release stream

Commits

  • [ce3866bdcc] - async_hooks: clean up comments (Ali Ijaz Sheikh) #18467
  • [86e3c89ea4] - benchmark: improve compare output (Ruben Bridgewater) #18597
  • [18be476116] - benchmark: fix punycode test for --without-intl (Timothy Gu) #16251
  • [88d3028e22] - build: no longer have v8-debug.h as dependency. (Yang Guo) #18677
  • [7b6d93c145] - build: add doc linting when runnning make lint (Camilo Gonzalez) #18472
  • [9bce14172a] - build: do not suppress output in make doc-only (Joyee Cheung) #18507
  • [333d7dda84] - build: make lint-js independent of local node (Joyee Cheung) #18272
  • [d537f45aaa] - build: make lint-md independent of local node (Joyee Cheung) #18272
  • [658dd409fd] - build: refine static and shared lib build (Yihong Wang) #17604
  • [659b2a1821] - build: allow x86_64 as a dest_cpu alias for x64 (Rod Vagg) #18052
  • [424703a556] - build: add cflags for OpenBSD, remove stray comma. (Aaron Bieber) #18448
  • [ab4809f195] - build,win: restore vcbuild TAG functionality (Rod Vagg) #18031
  • [bf4d0743be] - cluster: fix inspector port assignment (Santiago Gimeno) #18696
  • [16bf5fed69] - crypto: reuse variable instead of reevaluation (Tobias Nießen) #17735
  • [9acc7f3fbb] - deps: update nghttp2 to 1.29.0 (James M Snell) #17908
  • [ab005592be] - deps: V8: backport 76c3ac5 from upstream (Ali Ijaz Sheikh) #18298
  • [f12db24947] - deps: cherry-pick a803fad from upstream V8 (Michaël Zasso) #19824
  • [09f5e252bf] - deps: cherry-pick 7abdadc from upstream V8 (Michaël Zasso) #19824
  • [c97237bc10] - deps: cherry-pick a4bddba from upstream V8 (Michaël Zasso) #19824
  • [d02b72e799] - deps: V8: backport 596d55a from upstream (Myles Borins) #19477
  • [79a7a17312] - deps: update node-inspect to 1.11.3 (Jan Krems) #18354
  • [5394bc5c42] - deps,src: align ssize_t ABI between Node & nghttp2 (Anna Henningsen) #18565
  • [84fa6eb173] - doc, http2: add sections for server.close() (Chris Miller) #19802
  • [cbc8561949] - errors: remove ERR_OUTOFMEMORY (Tobias Nießen) #17877
  • [2995506bbf] - fs: fix stack overflow in fs.readdirSync (Joyee Cheung) #18647
  • [a653f23dfc] - fs: fix createReadStream(…, {end: n}) for non-seekable fds (Anna Henningsen) #19329
  • [6bfdba125f] - http: remove default 'drain' listener on upgrade (Luigi Pinca) #18866
  • [29c395d975] - http: allow _httpMessage to be GC'ed (Luigi Pinca) #18865
  • [d2a884edf9] - http: fix parsing of binary upgrade response body (Ben Noordhuis) #17806
  • [1d88266543] - http: free the parser before emitting 'upgrade' (Luigi Pinca) #18209
  • [1455b1dec2] - http2: emit session connect on next tick (Pieter Mees) #19842
  • [6d6e2e2454] - http2: callback valid check before closing request (Trivikram) #19061
  • [eddf3a6c70] - http2: destroy() stream, upon errnoException (Sarat Addepalli) #19389
  • [e4c10e1201] - http2: remove some unnecessary next ticks (James M Snell) #19451
  • [c976cb5be5] - http2: no stream destroy while its data is on the wire (Anna Henningsen) #19002
  • [bfd7d6d0de] - http2: fix flaky test-http2-https-fallback (Matteo Collina) #19093
  • [b75897f982] - http2: fix endless loop when writing empty string (Anna Henningsen) #18924
  • [7e4a9c9fe2] - http2: use original error for cancelling pending streams (Anna Henningsen) #18988
  • [2a04f57444] - http2: send error text in case of ALPN mismatch (Anna Henningsen) #18986
  • [f366373ad8] - http2: fix condition where data is lost (Matteo Collina) #18895
  • [20fb59fdc4] - http2: use _final instead of on('finish') (Anna Henningsen) #18609
  • [ac64b4f6a7] - http2: add checks for server close callback (James M Snell) #18182
  • [8b0a1b32de] - http2: refactor read mechanism (Anna Henningsen) #18030
  • [a4d910c644] - http2: remember sent headers (James M Snell) #18045
  • [3cd205431b] - http2: use aliased buffer for perf stats, add stats (James M Snell) #18020
  • [46d1b331e0] - http2: verify flood error and unsolicited frames (James M Snell) #17969
  • [a85518ed22] - http2: verify that a dependency cycle may exist (James M Snell) #17968
  • [9c85ada4e3] - http2: implement maxSessionMemory (James M Snell) #17967
  • [9a6ea7eb02] - http2: properly handle already closed stream error (James M Snell) #17942
  • [0078a97793] - http2: add aligned padding strategy (James M Snell) #17938
  • [1c313e09d6] - http2: add initial support for originSet (James M Snell) #17935
  • [1a24feccb5] - http2: add altsvc support (James M Snell) #17917
  • [c915bc54d4] - http2: strictly limit number on concurrent streams (James M Snell) #16766
  • [dcc7f4d84c] - http2: perf_hooks integration (James M Snell) #17906
  • [72b42de33a] - http2: implement ref() and unref() on client sessions (Kelvin Jin) #17620
  • [55f6bdb698] - http2: keep session objects alive during Http2Scope (Anna Henningsen) #17863
  • [c61a54ec3d] - http2: fix compiling with --debug-http2 (Anna Henningsen) #17863
  • [04632214c1] - http2: convert Http2Settings to an AsyncWrap (James M Snell) #17763
  • [ea98fd573e] - http2: refactor outgoing write mechanism (Anna Henningsen) #17718
  • [05b823d4ad] - http2: remove redundant write indirection (Anna Henningsen) #17718
  • [fc40b7de46] - http2: cleanup Http2Stream/Http2Session destroy (James M Snell) #17406
  • [1d65f2b879] - http2: be sure to destroy the Http2Stream (James M Snell) #17406
  • [8431b4297c] - http2: only schedule write when necessary (Anna Henningsen) #17183
  • [38cfb707bd] - http2: don't call into JS from GC (Anna Henningsen) #17183
  • [a1539e5731] - http2: simplify onSelectPadding (Anna Henningsen) #17717
  • [9a4bac2081] - http2,perf_hooks: perf state using AliasedBuffer (Kyle Farnung) #18300
  • [9129bc4fde] - lib: set process.execPath on OpenBSD (Aaron Bieber) #18543
  • [2019b023a7] - lib: refactor ES module loader for readability (Anna Henningsen) #16579
  • [3df0570c90] - lib: fix spelling in comments (Tobias Nießen) #18018
  • [20844d1716] - lib: remove debugger dead code (Qingyan Li) #18426
  • [07a6770614] - n-api: add more int64_t tests (Kyle Farnung) #19402
  • [8b3ef4660a] - n-api: back up env before finalize (Gabriel Schulhof) #19718
  • [92f699e021] - n-api: ensure in-module exceptions are propagated (Gabriel Schulhof) #19537
  • [367113f5d7] - n-api: bump version of n-api supported (Michael Dawson) #19497
  • [24b8bb6708] - n-api: re-write test_make_callback (Gabriel Schulhof) #19448
  • [3a6b7e610d] - n-api: add napi_fatal_exception (Mathias Buus) #19337
  • [9949d55ae9] - n-api: separate out async_hooks test (Gabriel Schulhof) #19392
  • [f29d8e0e8d] - n-api: add missing exception checking (Michael Dawson) #19362
  • [faf94b1c49] - n-api: resolve promise in test (Gabriel Schulhof) #19245
  • [df63adf7aa] - n-api: update documentation (Gabriel Schulhof) #19078
  • [b26410e86f] - n-api: update reference test (Gabriel Schulhof) #19086
  • [cb3f90a1a9] - n-api: fix object test (Gabriel Schulhof) #19039
  • [9244e1d234] - n-api: remove extra reference from test (Gabriel Schulhof) #18542
  • [927fc0b19f] - n-api: add methods to open/close callback scope (Michael Dawson) #18089
  • [969a520990] - n-api: wrap control flow macro in do/while (Ben Noordhuis) #18532
  • [d89f5937eb] - n-api: implement wrapping using private properties (Gabriel Schulhof) #18311
  • [af655f586c] - n-api: change assert ok check to notStrictEqual. (Aaron Kau) #18414
  • [ca10fda064] - n-api: throw RangeError napi_create_typedarray() (Jinho Bang) #18037
  • [853b4d593c] - n-api: expose n-api version in process.versions (Michael Dawson) #18067
  • [48be8a4793] - n-api: throw RangeError in napi_create_dataview() with invalid range (Jinho Bang) #17869
  • [a744535f99] - n-api: fix memory leak in napi_async_destroy() (alnyan) #17714
  • [584fadc605] - n-api,test: add int64 bounds tests (Kyle Farnung) #19309
  • [4c1181dc02] - n-api,test: add a new.target test to addons-napi (Taylor Woll) #19236
  • [3225601ffc] - net: remove Socket.prototoype.read (Anna Henningsen) #18568
  • [35aaee1059] - net: remove redundant code from _writeGeneric() (Luigi Pinca) #18429
  • [54442efcd2] - perf_hooks: refactor internals (James M Snell) #17822
  • [6bdfb1f8f0] - perf_hooks,http2: add performance.clear() (James M Snell) #18046
  • [1faae90b74] - readline: use Date.now() and move test to parallel (Anatoli Papirovski) #18563
  • [965b56a34e] - readline: update references to archived repository (Tobias Nießen) #17924
  • [801a49935b] - src: add nullptr check for session in DEBUG macro (Daniel Bevenius) #18815
  • [4e807d648e] - src: introduce internal buffer slice constructor (Anna Henningsen) #18030
  • [0b828e5125] - src: remove declarations for missing functions (Anna Henningsen) #18134
  • [3766e04f31] - src: silence http2 -Wunused-result warnings (cjihrig) #17954
  • [2b7732788a] - src: add optional keep-alive object to SetImmediate (Anna Henningsen) #17183
  • [f3e082c4ea] - src: replace SetAccessor w/ SetAccessorProperty (Jure Triglav) #17665
  • [45e28a8628] - src: minor refactoring to StreamBase writes (Anna Henningsen) #17564
  • [42b4f3ce0b] - src: fix abort when taking a heap snapshot (Ben Noordhuis) #18898
  • [b48ca0a140] - src: fix crypto.pbkdf2 callback error argument (BufoViridis) #18458
  • [973488b77b] - src: replace var for let / const. (alejandro estrada) #18649
  • [9ac91b14de] - src: fix util abort (Ruben Bridgewater) #19224
  • [c0f40be23b] - src: free memory before re-setting URLHost value (Ivan Filenko) #18357
  • [5e4f9b37ba] - src,doc,test: Fix common misspellings (Roman Reiss) #18151
  • [10231a9e44] - stream: cleanup() when unpiping all streams. (陈刚) #18266
  • [bf523822ba] - stream: simplify src._readableState to state (陈刚) #18264
  • [37e594ed4a] - stream: remove unreachable code (Luigi Pinca) #18239
  • [f96b0bf494] - string_decoder: reset decoder on end (Justin Ridgewell) #18494
  • [a52f15efae] - timers: fix a bug in error handling (Anatoli Papirovski) #20497
  • [e15f57745d] - timers: allow Immediates to be unrefed (Anatoli Papirovski) #18139
  • [95c1e2d606] - tls: set servername on client side too (James M Snell) #17935
  • [d4bccccf23] - tools: add fixer for prefer-assert-iferror.js (Shobhit Chittora) #16648
  • [016a28ac08] - tools: non-Ascii linter for /lib only (Sarat Addepalli) #18043
  • [a0a45fc3b6] - tools: add .mjs linting for Windows (Vse Mozhet Byt) #18569
  • [e0d2842b29] - tools: add check for using process.binding crypto (Daniel Bevenius) #17867
  • [a8b5a96d15] - tools: auto fix custom eslint rule (Shobhit Chittora) #16652
  • [5d03c8219a] - url: simplify loop in parser (Tobias Nießen) #18468
  • [e0e0ef7bab] - util: escaping object keys in util.inspect() (buji) #16986
  • [8ac69c457b] - v8: add missing ',' in OpenBSD's 'sources' section. (Aaron Bieber) #18448
  • [c61754fad9] - win, build: fix intl-none option (Birunthan Mohanathas) #18292

2018-03-29, Version 8.11.1 'Carbon' (LTS), @MylesBorins

Notable Changes

No additional commits.

Due to incorrect staging of the upgrade to the GCC 4.9.X compiler, the latest releases for PPC little endian were built using GCC 4.9.X instead of GCC 4.8.X. This caused an ABI breakage on PPCLE based environments. This has been fixed in our infrastructure and we are doing this release to ensure that the hosted binaries are adhering to our platform support contract.

Note that Node.js versions 10.X and later will be built with version 4.9.X or later of the GCC compiler, and it is possible that Node.js version 8.X may be built on the 4.9.X compiler at a later time as the stated minimum compiler requirement for Node.js version 8.X is 4.9.4.

2018-03-28, Version 8.11.0 'Carbon' (LTS), @MylesBorins

This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/ for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

  • CVE-2018-7158
  • CVE-2018-7159
  • CVE-2018-7160

Notable Changes

  • Upgrade to OpenSSL 1.0.2o: Does not contain any security fixes that are known to impact Node.js.
  • Fix for inspector DNS rebinding vulnerability (CVE-2018-7160): A malicious website could use a DNS rebinding attack to trick a web browser to bypass same-origin-policy checks and allow HTTP connections to localhost or to hosts on the local network, potentially to an open inspector port as a debugger, therefore gaining full code execution access. The inspector now only allows connections that have a browser Host value of localhost or localhost6.
  • Fix for 'path' module regular expression denial of service (CVE-2018-7158): A regular expression used for parsing POSIX paths could be used to cause a denial of service if an attacker were able to have a specially crafted path string passed through one of the impacted 'path' module functions.
  • Reject spaces in HTTP Content-Length header values (CVE-2018-7159): The Node.js HTTP parser allowed for spaces inside Content-Length header values. Such values now lead to rejected connections in the same way as non-numeric values.
  • Update root certificates: 5 additional root certificates have been added to the Node.js binary and 30 have been removed.

Commits

2018-03-06, Version 8.10.0 'Carbon' (LTS), @gibfahn

Notable Changes

  • deps:
    • update V8 to 6.2.414.46 (Michaël Zasso) #16413
    • revert ABI breaking changes in V8 6.2 (Anna Henningsen) #16413
    • upgrade libuv to 1.19.1 (cjihrig) #18260
    • re land npm 5.6.0 (Myles Borins) #18625
    • ICU 60 bump (Steven R. Loomis) #16876
  • crypto:
    • Support both OpenSSL 1.1.0 and 1.0.2 (David Benjamin) #16130
    • warn on invalid authentication tag length (Tobias Nießen) #17566
  • async_hooks:
    • update defaultTriggerAsyncIdScope for perf (Anatoli Papirovski) #18004
    • use typed array stack as fast path (Anna Henningsen) #17780
    • use scope for defaultTriggerAsyncId (Andreas Madsen) #17273
    • separate missing from default context (Andreas Madsen) #17273
    • rename initTriggerId (Andreas Madsen) #17273
    • deprecate undocumented API (Andreas Madsen) #16972
    • add destroy event for gced AsyncResources (Sebastian Mayr) #16998
    • add trace events to async_hooks (Andreas Madsen) #15538
    • set HTTPParser trigger to socket (Andreas Madsen) #18003
    • add provider types for net server (Andreas Madsen) #17157
  • n-api:
    • add helper for addons to get the event loop (Anna Henningsen) #17109
  • cli:
    • add --stack-trace-limit to NODE_OPTIONS (Anna Henningsen) #16495
  • console:
    • add support for console.debug (Benjamin Zaslavsky) #17033
  • module:
    • add builtinModules (Jon Moss) #16386
    • replace default paths in require.resolve() (cjihrig) #17113
  • src:
    • add helper for addons to get the event loop (Anna Henningsen) #17109
    • add process.ppid (cjihrig) #16839
  • http:
    • support generic Duplex streams (Anna Henningsen) #16267
    • add rawPacket in err of clientError event (XadillaX) #17672
    • better support for IPv6 addresses (Mattias Holmlund) #14772
  • net:
    • remove ADDRCONFIG DNS hint on Windows (Bartosz Sosnowski) #17662
  • process:
    • fix reading zero-length env vars on win32 (Anna Henningsen) #18463
  • tls:
    • unconsume stream on destroy (Anna Henningsen) #17478
  • process:
    • improve unhandled rejection message (Madara Uchiha) #17158
  • stream:
    • remove usage of *State.highWaterMark (Calvin Metcalf) #12860
  • trace_events:
    • add executionAsyncId to init events (Andreas Madsen) #17196

Commits

  • [5dab90b8bb] - async_hooks: update defaultTriggerAsyncIdScope for perf (Anatoli Papirovski) #18004
  • [086af68c19] - async_hooks: use typed array stack as fast path (Anna Henningsen) #17780
  • [0f7c8984af] - async_hooks: use CHECK instead of throwing error (Jon Moss) #17832
  • [5a199a905b] - async_hooks: use scope for defaultTriggerAsyncId (Andreas Madsen) #17273
  • [03873db4d0] - async_hooks: separate missing from default context (Andreas Madsen) #17273
  • [cce92ccfa8] - async_hooks: rename initTriggerId (Andreas Madsen) #17273
  • [025b9f208f] - (SEMVER-MINOR) async_hooks: deprecate undocumented API (Andreas Madsen) #16972
  • [36dbd1181a] - (SEMVER-MINOR) async_hooks: add destroy event for gced AsyncResources (Sebastian Mayr) #16998
  • [331b175af2] - (SEMVER-MINOR) async_hooks: add trace events to async_hooks (Andreas Madsen) #15538
  • [91d4eb5ff8] - (SEMVER-MINOR) async_hooks,http: set HTTPParser trigger to socket (Andreas Madsen) #18003
  • [0211175bc7] - async_hooks,test: only use IPv6 in http test (Andreas Madsen) #18143
  • [6d55a4c941] - (SEMVER-MINOR) async_wrap: add provider types for net server (Andreas Madsen) #17157
  • [8143a95c1f] - benchmark: implement duration in http test double (Joyee Cheung) #18380
  • [f779a8b5a4] - benchmark: make compare.R easier to understand (Andreas Madsen) #18373
  • [deb70417cd] - benchmark: remove redundant + (sreepurnajasti) #17803
  • [452d2c561a] - benchmark: fix timeout in write-stream-throughput (Anatoli Papirovski) #17958
  • [1e3ea5023b] - benchmark: make temp file path configurable (Rich Trott) #17811
  • [91135b9bd2] - build: fix Makefile wrt finding node executable (Yang Guo) #18040
  • [f07bb16255] - build: fix cctest target with --enable-static (Qingyan Li) #17992
  • [e61344a9e9] - build: remove cctest extension (Yihong Wang) #16680
  • [fd845d80eb] - build,win: update lint-cpp on Windows (Kyle Farnung) #18012
  • [44ab4f09a2] - build,win,msi: support WiX with VS2017 (João Reis) #17101
  • [ec7996ca15] - (SEMVER-MINOR) cli: add --stack-trace-limit to NODE_OPTIONS (Anna Henningsen) #16495
  • [087cdaf871] - cluster: resolve relative unix socket paths (laino) #16749
  • [162ff56439] - (SEMVER-MINOR) console: add support for console.debug (Benjamin Zaslavsky) #17033
  • [8cc0ea78d7] - crypto: do not reach into OpenSSL internals for ThrowCryptoError (David Benjamin) #16701
  • [072902a258] - crypto: remove leftover initialization (Myles Borins) #18622
  • [b0526ba7f1] - (SEMVER-MINOR) crypto: clear some SSL_METHOD deprecation warnings (David Benjamin) #16130
  • [78738266d6] - (SEMVER-MINOR) crypto: make ALPN the same for OpenSSL 1.0.2 & 1.1.0 (David Benjamin) #16130
  • [f1d458be58] - (SEMVER-MINOR) crypto: remove deprecated ECDH calls w/ OpenSSL 1.1 (David Benjamin) #16130
  • [f9a597a1d3] - (SEMVER-MINOR) crypto: emulate OpenSSL 1.0 ticket scheme in 1.1 (David Benjamin) #16130
  • [eb377f38f6] - (SEMVER-MINOR) crypto: hard-code tlsSocket.getCipher().version (David Benjamin) #16130
  • [2efb16b7d7] - (SEMVER-MINOR) crypto: add compat logic for "DSS1" and "dss1" (David Benjamin) #16130
  • [5e9e4e5bf9] - (SEMVER-MINOR) crypto: Make Hmac 1.1.0-compatible (David Benjamin) #16130
  • [2419b8613a] - (SEMVER-MINOR) crypto: make SignBase compatible with OpenSSL 1.1.0 (David Benjamin) #16130
  • [0ef35a137f] - (SEMVER-MINOR) crypto: make Hash 1.1.0-compatible (David Benjamin) #16130
  • [e0cbc39668] - (SEMVER-MINOR) crypto: make CipherBase 1.1.0-compatible (David Benjamin) #16130
  • [e21079851f] - (SEMVER-MINOR) crypto: remove locking callbacks for OpenSSL 1.1.0 (David Benjamin) #16130
  • [c2106e4037] - (SEMVER-MINOR) crypto: use RSA and DH accessors (David Benjamin) #16130
  • [f518238c2e] - (SEMVER-MINOR) crypto: test DH keys work without a public half (David Benjamin) #16130
  • [f00d758067] - (SEMVER-MINOR) crypto: account for new 1.1.0 SSL APIs (David Benjamin) #16130
  • [335bbff96d] - (SEMVER-MINOR) crypto: remove unnecessary SSLerr calls (David Benjamin) #16130
  • [0f909a87a6] - (SEMVER-MINOR) crypto: estimate kExternalSize (David Benjamin) #16130
  • [ec349b4640] - (SEMVER-MINOR) crypto: make node_crypto_bio compat w/ OpenSSL 1.1 (David Benjamin) #16130
  • [e28e80d5b8] - (SEMVER-MINOR) crypto: use X509_STORE_CTX_new (David Benjamin) #16130
  • [1279893a46] - crypto: add ocsp_request ClientHelloParser::Reset (Daniel Bevenius) #17753
  • [964850a24c] - crypto: warn on invalid authentication tag length (Tobias Nießen) #17566
  • [2f3d91dc58] - crypto: remove unused header in clienthello.h (Daniel Bevenius) #17752
  • [1331a2a504] - (SEMVER-MINOR) deps: upgrade libuv to 1.19.1 (cjihrig) #18260
  • [cae489657b] - (SEMVER-MINOR) deps: upgrade libuv to 1.18.0 (cjihrig) #17282
  • [1e316826ff] - (SEMVER-MINOR) deps: revert ABI breaking changes in V8 6.1 (Anna Henningsen) #15393
  • [758b730139] - (SEMVER-MINOR) deps: revert ABI breaking changes in V8 6.2 (Anna Henningsen) #16413
  • [2b84fa9514] - deps: cherry-pick c3458a8 from upstream V8 (Michaël Zasso) #18060
  • [aae68d3ef0] - deps: V8: cherry-pick ac0fe8ec from upstream (Ali Ijaz Sheikh) #17695
  • [51ad36a901] - deps: V8: backport 14ac02c from upstream (Ali Ijaz Sheikh) #17512
  • [0a064c4b68] - deps: backport 3c8195d from V8 upstream (Myles Borins) #17383
  • [0ee645510d] - deps: cherry-pick 1420e44db0 from upstream V8 (Timothy Gu) #17344
  • [be734c513c] - deps: cherry-pick cc55747 from V8 upstream (Franziska Hinkelmann) #16890
  • [0e30ca942e] - deps: cherry-pick b8331cc030 from upstream V8 (Daniel Bevenius) #16900
  • [711f344c2e] - deps: V8: backport b1cd96e from upstream (Ali Ijaz Sheikh) #16308
  • [ae8c838339] - deps: cherry-pick e0d64dc from upstream V8 (Michaël Zasso) #16490
  • [5d80b0edd9] - deps: cherry-pick 676c413 from upstream V8 (Michaël Zasso) #16490
  • [16a980b4c4] - deps: cherry-pick 2c75616 from upstream V8 (Michaël Zasso) #16490
  • [0b690a9ce3] - deps: cherry-pick 37a3a15c3 from V8 upstream (Franziska Hinkelmann) #16294
  • [b71a33c2bf] - (SEMVER-MAJOR) deps: backport 0f1dfae from V8 upstream (Tobias Tebbi) #15362
  • [ebee8edca2] - deps: v8: fix potential segfault in profiler (Ali Ijaz Sheikh) #15498
  • [a7fc12772d] - deps: cherry-pick 9b21865822243 from V8 upstream (Anna Henningsen) #15391
  • [bede7a3cfa] - (SEMVER-MINOR) deps: update V8 to 6.2.414.46 (Michaël Zasso) #16413
  • [96f85e4d8b] - deps: re land npm 5.6.0 (Myles Borins) #18625
  • [3a648b7e62] - deps: cherry-pick c3458a8 from upstream V8 (Michaël Zasso) #18059
  • [ce245810fa] - (SEMVER-MINOR) deps: ICU 60 bump (Steven R. Loomis) #16876
  • [09c1f21746] - (SEMVER-MINOR) deps: upgrade libuv to 1.16.1 (cjihrig) #16835
  • [35887306f1] - dns: fix crash while setting server during query (XadillaX) #14891
  • [5422767039] - doc,test: mention Duplex support for TLS (Anna Henningsen) #17599
  • [577933a7c6] - fs: cleanup fd lchown and lchownSync (James M Snell) #18329
  • [b343cb60e1] - fs: fix options.end of fs.ReadStream() (陈刚) #18121
  • [a7f9e12aee] - gitignore: ignore *.VC.db files (Tobias Nießen) #17898
  • [56401a45dc] - (SEMVER-MINOR) http: add rawPacket in err of clientError event (XadillaX) #17672
  • [bc982f650f] - http: remove duplicate export (Evan Lucas) #17982
  • [8da41434cf] - http: remove adapter frame from onParserExecute (Ben Noordhuis) #17693
  • [949ace9524] - (SEMVER-MINOR) http: support generic Duplex streams (Anna Henningsen) #16267
  • [0fd051888a] - http, stream: writeHWM -> writableHighWaterMark (Matteo Collina) #17050
  • [6aa0adc26f] - http, tls: better support for IPv6 addresses (Mattias Holmlund) #14772
  • [dea44b9697] - http2,perf_hooks: perf state using AliasedBuffer (Kyle Farnung) #18300
  • [1cfc67c003] - lib: fix typo in trace_events_async_hooks.js (Gilles De Mey) #18280
  • [92defcc996] - lib: enable dot-notation eslint rule (Anatoli Papirovski) #18007
  • [c5093fceb5] - (SEMVER-MINOR) module: add builtinModules (Jon Moss) #16386
  • [aaca447333] - module: replace default paths in require.resolve() (cjihrig) #17113
  • [3d2d051ed0] - (SEMVER-MINOR) n-api: add helper for addons to get the event loop (Anna Henningsen) #17109
  • [80468cc5dd] - net: remove ADDRCONFIG DNS hint on Windows (Bartosz Sosnowski) #17662
  • [fea710e36a] - path: fix path.normalize for relative paths (Weijia Wang) #17974
  • [f99aba1f80] - process: fix reading zero-length env vars on win32 (Anna Henningsen) #18463
  • [3705e0e01c] - process: improve unhandled rejection message (Madara Uchiha) #17158
  • [bb5cafef55] - repl: fix coloring of process.versions (Ben Noordhuis) #17861
  • [d47cb9ab63] - src: use uv_os_getpid() to get process id (cjihrig) #17415
  • [8a000e8f81] - (SEMVER-MINOR) src: add openssl-system-ca-path configure option (Daniel Bevenius) #16790
  • [fed8d30702] - (SEMVER-MINOR) Revert "src: update NODE_MODULE_VERSION to 59" (Myles Borins) #16413
  • [aa4f58a9a5] - (SEMVER-MAJOR) src: fix rename of entry frame in v8abbr.h (geek) #15362
  • [805084b59d] - (SEMVER-MAJOR) src: update ustack offset identifiers (geek) #15362
  • [d3aa9eeb1d] - (SEMVER-MINOR) src: update NODE_MODULE_VERSION to 59 (Michaël Zasso) #16413
  • [35a51d4a78] - src: remove nonexistent method from header file (Anna Henningsen) #17748
  • [0e204433f6] - src: fix inspector nullptr deref on abrupt exit (Ben Noordhuis) #17577
  • [068d52d667] - src: use correct OOB check for IPv6 parsing (Anna Henningsen) #17470
  • [c2028fab23] - src: make url host a proper C++ class (Anna Henningsen) #17470
  • [6c9bdc1652] - src: move url internals into anonymous namespace (Anna Henningsen) #17470
  • [2c70965e82] - src: minor cleanups to node_url.cc (Anna Henningsen) #17470
  • [089f18e3a1] - src: remove unused async hooks methods (Anna Henningsen) #17757
  • [e67448813f] - src: remove async_hooks destroy timer handle (Anna Henningsen) #17117
  • [bd47272bc9] - src: introduce internal C++ SetImmediate() mechanism (Anna Henningsen) #17117
  • [f276cd954e] - src: rename async-wrap -> async_wrap (Daniel Bevenius) #17022
  • [aa63e021d2] - src: use NODE_BUILTIN_MODULE_CONTEXT_AWARE() macro (Ben Noordhuis) #17071
  • [ace2c2fade] - src: use unique pointer for tracing_agent (Franziska Hinkelmann) #17012
  • [e71beba14f] - src: explicitly register built-in modules (Yihong Wang) #16565
  • [fdd84c403e] - (SEMVER-MINOR) src: add helper for addons to get the event loop (Anna Henningsen) #17109
  • [22d4fef247] - (SEMVER-MINOR) src: add process.ppid (cjihrig) #16839
  • [f52c2b9bce] - src: use nullptr instead of NULL (Daniel Bevenius) #17373
  • [fdf9601a91] - (SEMVER-MINOR) stream: remove usage of *State.highWaterMark (Calvin Metcalf) #12860
  • [92a93c02c4] - (SEMVER-MAJOR) test: fix message test after V8 upgrade (Michaël Zasso) #15362
  • [92ec6f69c3] - (SEMVER-MINOR) test: fix test-https-agent-session-eviction for 1.1 (David Benjamin) #16130
  • [f883458270] - (SEMVER-MINOR) test: configure certs in tests (David Benjamin) #16130
  • [20cc0cfe5f] - (SEMVER-MINOR) test: revise test-tls-econnreset for OpenSSL 1.1.0 (David Benjamin) #16130
  • [a6a41d89e6] - (SEMVER-MINOR) test: test with a larger RSA key (David Benjamin) #16130
  • [4b90576e5e] - (SEMVER-MINOR) test: remove sha from test expectations (David Benjamin) #16130
  • [de37b993e8] - (SEMVER-MINOR) test: update test expectations for OpenSSL 1.1.0 (David Benjamin) #16130
  • [b5bc3f8eb8] - timers: cross JS/C++ border less frequently (Anna Henningsen) #17064
  • [d2138b205c] - tls: comment about old-style errors (xortiz) #17759
  • [30c607600b] - tls: unconsume stream on destroy (Anna Henningsen) #17478
  • [8250a5a8ba] - tools: do not override V8's gitignore (Yang Guo) #18010
  • [990d22e073] - tools: fix AttributeError: __exit__ on Python 2.6 (Dmitriy Kasyanov) #17663
  • [f88afb42f3] - tools: autofixer for lowercase-name-for-primitive (Shobhit Chittora) #17715
  • [90fe1692e2] - tools: fix man pages linking regex (Diego Rodríguez Baquero) #17724
  • [0e37054c96] - tools: add number-isnan rule (Jon Moss) #17556
  • [59def2a9f1] - tools: simplify lowercase-name-for-primitive rule (cjihrig) #17653
  • [dc480f84f9] - tools: add lowercase-name-for-primitive eslint rule (Weijia Wang) #17568
  • [47322e67c4] - tools: add cpplint rule for NULL usage (Daniel Bevenius) #17373
  • [1d3d1ddce7] - trace_events: stop tracing agent in process.exit() (Andreas Madsen) #18005
  • [ae4428e967] - (SEMVER-MINOR) trace_events: add executionAsyncId to init events (Andreas Madsen) #17196
  • [2a2c881df3] - (SEMVER-MINOR) v8: make building addons with VS2013 work again (Ben Noordhuis) #16413
  • [6df169c409] - win, build: fix without-intl option (Bartosz Sosnowski) #17614
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment