Skip to content

Roadmap

Taylor Woll edited this page Nov 12, 2019 · 116 revisions

This is a living document containing ChakraCore team's current priorities as well as release notes for previous releases. Future roadmap last updated 2/26/18.

All the changes done in the public repository flow into Chakra and Microsoft Edge on a regular basis as described in the Contribution guidelines.

(Scroll to Release Notes)

Future

The following is a summary of the ChakraCore team's backlog for the next 6 months. Some completed items (either in a release or master branch) are included to provide the context and progress of the work.

Language Innovation & Standards

  • Complete module implementation (ES6)
  • Complete Shared Memory and Atomics implementation
  • Migrate JS Intl APIs to use ICU/CLDR on Windows
  • ES2018+ features
    • Implement promise.prototype.finally
    • Implement async generators & iterators
    • Implement object rest and spread
    • Implement new RegEx APIs
    • Implement new Intl APIs
  • WebAssembly
    • Enable WebAssembly MVP on by default
    • Enable post-MVP WebAssembly features

Performance - Staying Fast and Lean

  • Optimize Object.assign/create
  • Optimize JSON.stringify/parse
  • Optimize ES6 for..of
    • Enable inlining for try/catch/finally
  • Improve performance for real-world sites
  • Improve performance for ES2015+ features
  • Reduce script parsing time
  • Reduce GC fragmentation
  • More type sharing

Enhancing Host & Platform Support

  • Node.js

    • Enable Node-ChakraCore on Mac and Linux.
    • Support Chrome Debug Protocol in Node-ChakraCore.
    • Enable Time Travel Debugging over Chrome Debug Protocol using VSCode
    • Support N-API
    • Maintain Node-ChakraCore releases
    • Improve Node-ChakraCore performance based on benchmarks and real-world scenarios
  • Embedding

    • Provide better debugging experience for ChakraCore embedders
      • Factor CrDP debugging shim in NodeChakraCore as a library to help enable debugging in applications embedding ChakraCore
    • Enable profiling

Engineering Improvements

  • Enable easier authoring of JavaScript built-ins in JavaScript.

Release Notes

ChakraCore 1.11

This patch release of ChakraCore 1.11 includes the following security fixes:

Security

  • Changes to address CVE-2019-1426, CVE-2019-1427, CVE-2019-1428 #6328

This patch release of ChakraCore 1.11 includes the following security fixes:

Security

  • Changes to address CVE--2019-1307, CVE-2019-1308, CVE-2019-1335, CVE-2019-1366 #6302

This patch release of ChakraCore 1.11 includes the following security fixes:

Security

  • Changes to address CVE-2019-1138, CVE-2019-1217, CVE-2019-1237, CVE-2019-1298, CVE-2019-1300 #6279

This patch release of ChakraCore 1.11 includes the following security fixes:

Security

  • Changes to address CVE-2019-1197, CVE-2019-1141, CVE-2019-1196, CVE-2019-1139, CVE-2019-1131, CVE-2019-1195 #6243

This patch release of ChakraCore 1.11 includes the following security fixes:

Security

  • Changes to address CVE-2019-1001, CVE-2019-1062, CVE-2019-1092, CVE-2019-1103, CVE-2019-1106, CVE-2019-1107 #6196

This patch release of ChakraCore 1.11 includes the following security fixes:

Security

  • Changes to address CVE-2019-0989 CVE-2019-0990, CVE-2019-0991, CVE-2019-0992, CVE-2019-0993, CVE-2019-1003, CVE-2019-1023, CVE-2019-1024, CVE-2019-1051, CVE-2019-1052 #6155

This patch release of ChakraCore 1.11 includes the following security fixes:

Security

  • Changes to address CVE-2019-0911, CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937 #6122

This patch release of ChakraCore 1.11 includes the following security fixes:

Security

  • Changes to address CVE-2019-0739, CVE-2019-0806, CVE-2019-0810, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860, CVE-2019-0861 #6087

This patch release of ChakraCore 1.11 includes the following security fixes:

Security

  • Changes to address CVE-2019-0592, CVE-2019-0609, CVE-2019-0611, CVE-2019-0639, CVE-2019-0746, CVE-2019-0769, CVE-2019-0773, CVE-2019-0771 #6016

This patch release of ChakraCore 1.11 includes the following security fixes:

Security

  • Changes to address CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0648, CVE-2019-0649, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655, CVE-2019-0658 #5936 #5940

This patch release of ChakraCore 1.11 includes security fixes, performance improvements, and bugfixes.

Security

  • Changes to address CVE-2019-0539, CVE-2019-0567, CVE-2018-0568 #5899

This patch release of ChakraCore 1.11 includes security fixes, performance improvements, and bugfixes.

Security

  • Changes to address CVE-2018-8583, CVE-2018-8624, CVE-2018-8618, CVE-2018-8629, CVE-2018-8617 #5869

This patch release of ChakraCore 1.11 includes security fixes, performance improvements, and bugfixes.

Security

  • Changes to address CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557 and CVE-2018-8588 #5827

This patch release of ChakraCore 1.11 includes security fixes, performance improvements, and bugfixes.

Security

  • Changes to address CVE-2018-8473, CVE-2018-8500, CVE-2018-8503, CVE-2018-8505, CVE-2018-8510, CVE-2018-8511, and CVE-2018-8513 #5764

This patch release of ChakraCore 1.11 includes security fixes, performance improvements, and bugfixes.

Security

  • Changes to address CVE-2018-8315, CVE-2018-8354, CVE-2018-8367, CVE-2018-8452, CVE-2018-8456, CVE-2018-8459, CVE-2018-8465, CVE-2018-8466 and CVE-2018-8467 #5688

ChakraCore 1.11.0 includes bug fixes, including a reliability fix relating to ETW tracing #5632

ChakraCore 1.10

This patch release of ChakraCore 1.10 includes security fixes, performance improvements, and bugfixes.

Security

  • Changes to address CVE-2018-8380, CVE-2018-8359, CVE-2018-8385, CVE-2018-8390, CVE-2018-8266, CVE-2018-8384, CVE-2018-8372, CVE-2018-8355 and CVE-2018-8381 #5596

This patch release of ChakraCore 1.10 includes security fixes, performance improvements, and bugfixes.

Security

  • Changes to address CVE-2018-8275, CVE-2018-8276, CVE-2018-8279, CVE-2018-8280, CVE-2018-8283, CVE-2018-8286, CVE-2018-8287, CVE-2018-8288, CVE-2018-8290, CVE-2018-8291, CVE-2018-8294, CVE-2018-8298 #5444

ChakraCore 1.10.0 includes more JavaScript and WebAssembly feature updates, performance enhancements, and JSRT APIs. See notable changes below.

Also shout-out to @rhuanjl, @fatcerberus, OSS-Fuzz, and Google Project Zero for their contributions during this release!

Language

  • Improved support for Intl/ICU (see use ICU on Windows)
  • Implement Intl.NumberFormat.prototype.formatToParts #5105
  • Implement Intl.PluralRules #4940
  • Implement Promise.prototype.finally #3520
  • Demote Dynamic Import support to behind a flag f7bcf68cf

WebAssembly

  • Enable sign extension operators on by default #5136
  • Implement non-trapping float to int conversions #5129 #5014
  • Implement atomic load/store #4470
  • Implement WebAssembly SIMD support behind experimental flag #4200
  • Implement WebAssembly Shared Memory (only available with SharedArrayBuffer on) #4762

Performance

  • Improved type-sharing for objects with getters/setters #4283 and for function objects #4748 #4818
  • Enable inlining for callback functions #5081
  • Improved performance for Array.prototype.filter #5137, Object.assign #4852 #4817, Map/Set #4816, and JSON.Stringify #4907 #4831
  • Improved optimizations for property access in loops #5110
  • Optimizations to minimize performance impact from Spectre mitigations

JSRT

  • Add JsGetPromiseState and JsGetPromiseResult #5138 #5131
  • Add JsGetProxyProperties #4806
  • Add JsRuntimeAttributeDisableExecutablePageAllocation attribute #4797
  • Add JsGetModuleNamespace #4707
  • Add JsSetHostPromiseRejectionTracker to process unhandled promise rejections #4608
  • Add JsCreateEnhancedFunction for native callbacks with new.target #4529
  • Add JsCreateExternalObjectWithPrototype #4267
  • Add Symbol support in JsObject[Has/Get/Set/....] APIs #4209

Diagnostics

  • Enable support for ETW events on xplat via LTTng #4314

ChakraCore 1.8

This patch release of ChakraCore 1.8 includes security fixes, performance improvements, and bugfixes.

Security

  • Changes to address CVE-2018-8227, CVE-2018-8229 and CVE-2018-8236 #5298

This patch release of ChakraCore 1.8 includes security fixes, performance improvements, and bugfixes.

Security

  • Changes to address CVE-2018-0954, CVE-2018-1022, CVE-2018-8133, CVE-2018-0943, CVE-2018-0953, CVE-2018-8130, CVE-2018-0946, CVE-2018-8177, CVE-2018-8128, CVE-2018-8178, CVE-2018-8137, CVE-2018-8139, CVE-2018-0945 and Spectre #5116

This patch release of ChakraCore 1.8 includes security fixes, performance improvements, and bugfixes.

Security

  • Change to address CVE-2018-0980, CVE-2018-1019, CVE-2018-0995, CVE-2018-0993, CVE-2018-0979, CVE-2018-0990 and CVE-2018-0994 #4963

This patch release of ChakraCore 1.8 includes security fixes, performance improvements, and bugfixes.

Security

  • Change to address CVE-2018-0930, CVE-2018-0891, CVE-2018-0873, CVE-2018-0874, CVE-2018-0937, CVE-2018-0872, CVE-2018-0936, CVE-2018-0939, CVE-2018-0876, CVE-2018-0931, CVE-2018-0934, CVE-2018-0933, and an ACG bypass #4812

This patch release of ChakraCore 1.8 includes security fixes, performance improvements, and bugfixes.

Security

  • Change to address CVE-2018-0857, CVE-2018-0860, CVE-2018-0859, CVE-2018-0840, CVE-2018-0834, CVE-2018-0837, CVE-2018-0838, CVE-2018-0856, CVE-2018-0836, CVE-2018-0835, CVE-2018-0866, CVE-2018-0858, and Spectre #4676

ChakraCore 1.8.0 includes more JavaScript and WebAssembly feature updates and performance enhancements. See notable changes below.

  • #3855 Removed support for building with VS2013
  • Several improvements to regex performance
  • Performance improvements to Object.assign, Object.create and Object.hasOwnProperty
  • Adding support for Arm64
  • #3553 Experimental: Introduce "lite" ChakraCore build
  • #3594 Byte code size and serialized byte code size optimizations (15-20% serialized byte code size reduction)
  • #3681 add inlining support for asm.js/wasm
  • #3832 Enable inlining into functions which have try-catch/try-finally
  • #3846 Add support for a Recycler-managed "Host Heap" to facilitate tracing of objects which relate to scriptable types
  • #3931 Add JSRT API JsLessThan
  • #4077 Optimized JSON.stringify and JSON.parse
  • #4118 Share types (i.e., allow PathTypeHandlers) for properties with non-standard attributes (non-writable, etc.).
  • #3875 jsrt: added JsObject Delete/Get/Has/OwnP../Set Property methods
  • #4531 Fix and enable wasm on xplat

ChakraCore 1.7

This patch release of ChakraCore 1.7 includes security fixes, performance improvements, and bugfixes.

Security

  • Change to address CVE-2018-0758, CVE-2018-0762, CVE-2018-0767, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, CVE-2018-0780, CVE-2018-0781 #4503

This patch release of ChakraCore 1.7 includes security fixes, performance improvements, and bugfixes.

Security

  • Change to address CVE-2017-11889, CVE-2017-11893, CVE-2017-11894, CVE-2017-11905, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, CVE-2017-11919, CVE-2017-11930 #4411

This patch release of ChakraCore 1.7 includes security fixes, performance improvements, and bugfixes.

Security

  • Change to address CVE-2017-11791, CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11861, CVE-2017-11862, CVE-2017-11870, CVE-2017-11871, CVE-2017-11873, CVE-2017-11874, CVE-2017-11866, CVE-2017-11859 #4226

This patch release of ChakraCore 1.7 includes security fixes, performance improvements, and bugfixes.

Security

  • Change to address CVE-2017-11792, CVE-2017-11796, CVE-2017-11797, CVE-2017-11799, CVE-2017-11801, CVE-2017-11802, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11811, CVE-2017-11812, CVE-2017-11821 #3917

This patch release of ChakraCore 1.7 includes security fixes, performance improvements, and bugfixes.

Security

  • Change to address CVE-2017-8741, CVE-2017-8748, CVE-2017-11767, CVE-2017-8756, CVE-2017-8753, CVE-2017-8729, CVE-2017-8739, CVE-2017-8751, CVE-2017-8757, CVE-2017-11764, CVE-2017-8660, CVE-2017-8755, CVE-2017-8649, CVE-2017-8740, CVE-2017-8752 #3729

This patch release of ChakraCore 1.7 includes security fixes, performance improvements and JSRT API changes. See notable changes below.

Security

  • Change to address CVE-2017-0228, CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8637, CVE-2017-8638, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8658, CVE-2017-8659, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, CVE-2017-8674 #3509

Performance

  • Remove tzdata sync calls on xplat #3420

JSRT

ChakraCore 1.7.0 includes performance improvements and support for building Node-ChakraCore with link-time optimizations. It adds the following new JSRT APIs:

ChakraCore 1.6

This patch release of ChakraCore 1.6 includes the following security fixes:

Security

  • Change to address CVE-2017-8741, CVE-2017-8748, CVE-2017-11767, CVE-2017-8756, CVE-2017-8753, CVE-2017-8729, CVE-2017-8739, CVE-2017-8751, CVE-2017-8757, CVE-2017-11764, CVE-2017-8660, CVE-2017-8755, CVE-2017-8649, CVE-2017-8740, CVE-2017-8752 #3729

This patch release of ChakraCore 1.6 includes security fixes and bug fixes. See notable changes below.

Security

  • Change to address CVE-2017-0228, CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8637, CVE-2017-8638, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8658, CVE-2017-8659, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, CVE-2017-8674 #3509

ChakraCore 1.6.0 includes more JavaScript and WebAssembly feature updates and performance enhancements. See notable changes below.

Language

Performance

  • Support function body (re-)deferral in lexical scopes and parameter scopes #2666
  • Use PolymorphicInlineCache for obj[string] pattern #2883
  • Enable optimizer on functions with try/finally #2954

ChakraCore 1.5

This patch release of ChakraCore 1.5 includes the following security fixes:

  • Change to address CVE-2017-8598, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8609, CVE-2017-8610, CVE-2017-8619 #3341

This patch release of ChakraCore 1.5 includes the following security fixes:

  • Change to address CVE-2017-0228, CVE-2017-8499, CVE-2017-8518, CVE-2017-8520, CVE-2017-8522, CVE-2017-8524, CVE-2017-8548 #3166

This patch release of ChakraCore 1.5 includes a fix for a handle leak when creating multiple runtimes #3092

ChakraCore 1.5.0 includes cross-platform concurrent/partial GC support and a set of new JSRT APIs among other changes. See notable changes below.

ChakraCore 1.4

This patch release of ChakraCore 1.4 includes a fix for a handle leak when creating multiple runtimes #3092.

This patch release of ChakraCore 1.4 includes the following security fixes:

  • Change to address CVE-2017-0229, CVE-2017-0223, CVE-2017-0224, CVE-2017-0252, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, CVE-2017-0228, CVE-2017-0238, CVE-2017-0266 #2959

This patch release of ChakraCore 1.4 includes the following fixes:

  • Change to address CVE-2017-0093 and CVE-2017-0208 #2834
  • Internal fixes in Windows 10 Creators Update #2826

This patch release of ChakraCore 1.4 includes the following security fixes:

  • Change to address CVE-2017-0067, CVE-2017-0150, CVE-2017-0138, CVE-2017-0094, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0137, CVE-2017-0071, CVE-2017-0151, CVE-2017-0141, CVE-2017-0196, CVE-2017-0136, CVE-2017-0152, CVE-2017-0010, CVE-2017-0035, CVE-2017-0015, CVE-2017-0028 #2697

This patch release of ChakraCore 1.4 enables using ChakraCore NuGet packages for developing .NET and native applications (#2266, #85) and includes other bug fixes.

ChakraCore 1.4.0 includes cross-platform JIT support and experimental WebAssembly support along with other language, performance and JSRT updates. See notable changes below.

ChakraCore 1.3

This patch release of ChakraCore 1.3 includes the following security fixes:

  • Change to address bad binding of async arrow function parameters #2219
  • All fixes included in v1.2.3

This patch release of ChakraCore 1.3 includes the following security fixes:

  • Change to address CVE-2016-7207 #1979
  • All fixes included in v1.2.2

Release 1.3.0 includes experimental support on x64 Linux/OSX, experimental JSRT debugging APIs, and other language and performance updates. See notable changes below.

Cross-platform

  • ChakraCore interpreter and runtime on x64 Linux (still working on JIT or concurrent/partial GC)
  • ChakraCore interpreter and runtime on x64 OSX (still working on JIT or concurrent/partial GC) #1134

Language

Performance

  • Optimize creation of Heap arguments object (91e0e91)
  • Add fastpath for when Object.hasOwnProperty returns true #1449
  • Enable script function inlining in jitted loop bodies #1182

JSRT

  • JSRT Debugging APIs (experimental) #926
  • JSRT Module API (experimental) #1254

Test

  • Introduce C++ unit testing mechanism using Catch #1224

ChakraCore 1.2

This patch release of ChakraCore 1.2 includes the following security fixes:

  • Change to address CVE-2016-7287,CVE-2016-7286,CVE-2016-7288,CVE-2016-7296 #2230

This patch release of ChakraCore 1.2 includes the following security fixes:

  • Change to address CVE-2016-7200, CVE-2016-7201, CVE-2016-720, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7241, CVE-2016-7242, CVE-2016-7243 #1942

This patch release of ChakraCore 1.2 includes the following security fixes:

  • Fixed Address deref issue #1530
  • Combined fixes for CVE-2016-3350, CVE-2016-3377 and a defense in depth change in the CustomHeap (24c4d7d)
  • Changes addressing CVE_2016-3382, CVE-2016-3385, CVE-2016-3386, CVE-2016-3389, CVE-2016-3390, CVE-2016-7189, and a mitigation of a CFG bypass. (f05c42e)
Clone this wiki locally