Skip to content

Commit

Permalink
2017-12-08 Version 9.2.1 (Current)
Browse files Browse the repository at this point in the history
Notable changes:

* **buffer**:
  * buffer allocated with an invalid content will now be zero filled (Anna Henningsen) #17428
* **deps**:
  * openssl updated to 1.0.2n (Shigeki Ohtsu) #17526

PR-URL: #17531
  • Loading branch information
evanlucas authored and MylesBorins committed Dec 8, 2017
1 parent f0f9e1a commit 6e5f96e
Show file tree
Hide file tree
Showing 5 changed files with 43 additions and 7 deletions.
3 changes: 2 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,8 @@ release.
</tr>
<tr>
<td valign="top">
<b><a href="doc/changelogs/CHANGELOG_V9.md#9.2.0">9.2.0</a></b><br/>
<b><a href="doc/changelogs/CHANGELOG_V9.md#9.2.1">9.2.1</a></b><br/>
<a href="doc/changelogs/CHANGELOG_V9.md#9.2.0">9.2.0</a><br/>
<a href="doc/changelogs/CHANGELOG_V9.md#9.1.0">9.1.0</a><br/>
<a href="doc/changelogs/CHANGELOG_V9.md#9.0.0">9.0.0</a><br/>
</td>
Expand Down
2 changes: 1 addition & 1 deletion doc/api/buffer.md
Original file line number Diff line number Diff line change
Expand Up @@ -511,7 +511,7 @@ console.log(buf2.toString());
<!-- YAML
added: v5.10.0
changes:
- version: REPLACEME
- version: v9.2.1
pr-url: https://github.com/nodejs/node/pull/17428
description: Specifying an invalid string for `fill` now results in a
zero-filled buffer.
Expand Down
8 changes: 4 additions & 4 deletions doc/api/http2.md
Original file line number Diff line number Diff line change
Expand Up @@ -344,7 +344,7 @@ frames have been acknowledged.

#### http2session.ping([payload, ]callback)
<!-- YAML
added: REPLACEME
added: v9.2.1
-->

* `payload` {Buffer|TypedArray|DataView} Optional ping payload.
Expand Down Expand Up @@ -1473,7 +1473,7 @@ not be emitted.
<!-- YAML
added: v8.4.0
changes:
- version: REPLACEME
- version: v9.2.1
pr-url: https://github.com/nodejs/node/pull/17105
description: Added the `maxOutstandingPings` option with a default limit of
10.
Expand Down Expand Up @@ -1541,7 +1541,7 @@ server.listen(80);
<!-- YAML
added: v8.4.0
changes:
- version: REPLACEME
- version: v9.2.1
pr-url: https://github.com/nodejs/node/pull/17105
description: Added the `maxOutstandingPings` option with a default limit of
10.
Expand Down Expand Up @@ -1619,7 +1619,7 @@ server.listen(80);
<!-- YAML
added: v8.4.0
changes:
- version: REPLACEME
- version: v9.2.1
pr-url: https://github.com/nodejs/node/pull/17105
description: Added the `maxOutstandingPings` option with a default limit of
10.
Expand Down
35 changes: 35 additions & 0 deletions doc/changelogs/CHANGELOG_V9.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
</tr>
<tr>
<td>
<a href="#9.2.1">9.2.1</a><br/>
<a href="#9.2.0">9.2.0</a><br/>
<a href="#9.1.0">9.1.0</a><br/>
<a href="#9.0.0">9.0.0</a><br/>
Expand All @@ -24,6 +25,40 @@
* [io.js](CHANGELOG_IOJS.md)
* [Archive](CHANGELOG_ARCHIVE.md)

<a id="9.2.1"></a>
## 2017-12-08, Version 9.2.1 (Current), @evanlucas

This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/ for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

* CVE-2017-15896
* CVE-2017-15897
* CVE-2017-3738 (from the openssl project)

### Notable Changes

* **buffer**:
* buffer allocated with an invalid content will now be zero filled (Anna Henningsen) [#17428](https://github.com/nodejs/node/pull/17428)
* **deps**:
* openssl updated to 1.0.2n (Shigeki Ohtsu) [#17526](https://github.com/nodejs/node/pull/17526)

### Commits

* [[`15bf640668`](https://github.com/nodejs/node/commit/15bf640668)] - **buffer**: zero-fill buffer allocated with invalid content (Anna Henningsen) [#17428](https://github.com/nodejs/node/pull/17428)
* [[`c0954f4ba1`](https://github.com/nodejs/node/commit/c0954f4ba1)] - **deps**: update openssl asm and asm_obsolete files (Shigeki Ohtsu) [#17526](https://github.com/nodejs/node/pull/17526)
* [[`dfd7cd3038`](https://github.com/nodejs/node/commit/dfd7cd3038)] - **deps**: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) [nodejs/io.js#1836](https://github.com/nodejs/io.js/pull/1836)
* [[`76e7ff2915`](https://github.com/nodejs/node/commit/76e7ff2915)] - **deps**: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) [iojs/io.js#1389](https://github.com/iojs/io.js/pull/1389)
* [[`593f21ee9c`](https://github.com/nodejs/node/commit/593f21ee9c)] - **deps**: fix openssl assembly error on ia32 win32 (Fedor Indutny) [iojs/io.js#1389](https://github.com/iojs/io.js/pull/1389)
* [[`235c78f968`](https://github.com/nodejs/node/commit/235c78f968)] - **deps**: copy all openssl header files to include dir (Shigeki Ohtsu) [#17526](https://github.com/nodejs/node/pull/17526)
* [[`b0ebe5cb4b`](https://github.com/nodejs/node/commit/b0ebe5cb4b)] - **deps**: upgrade openssl sources to 1.0.2n (Shigeki Ohtsu) [#17526](https://github.com/nodejs/node/pull/17526)
* [[`99fc75e9bc`](https://github.com/nodejs/node/commit/99fc75e9bc)] - **doc**: warn against filling buffer with invalid data (Anna Henningsen) [#17428](https://github.com/nodejs/node/pull/17428)
* [[`f0f9e1abf0`](https://github.com/nodejs/node/commit/f0f9e1abf0)] - **http2**: use correct connect event for TLS Socket (James M Snell) [#17328](https://github.com/nodejs/node/pull/17328)
* [[`65f209ccf1`](https://github.com/nodejs/node/commit/65f209ccf1)] - **http2**: use 'close' event instead of 'streamClosed' (James M Snell) [#17328](https://github.com/nodejs/node/pull/17328)
* [[`d3e2bf0c8d`](https://github.com/nodejs/node/commit/d3e2bf0c8d)] - **http2**: general cleanups in core.js (James M Snell) [#17209](https://github.com/nodejs/node/pull/17209)
* [[`6a76097fad`](https://github.com/nodejs/node/commit/6a76097fad)] - **http2**: major update to internals (James M Snell) [#17105](https://github.com/nodejs/node/pull/17105)
* [[`e14c0babe0`](https://github.com/nodejs/node/commit/e14c0babe0)] - **openssl**: fix keypress requirement in apps on win32 (Shigeki Ohtsu) [iojs/io.js#1389](https://github.com/iojs/io.js/pull/1389)

<a id="9.2.0"></a>
## 2017-11-14, Version 9.2.0 (Current), @evanlucas

Expand Down
2 changes: 1 addition & 1 deletion src/node_version.h
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
#define NODE_MINOR_VERSION 2
#define NODE_PATCH_VERSION 1

#define NODE_VERSION_IS_RELEASE 0
#define NODE_VERSION_IS_RELEASE 1

#ifndef NODE_STRINGIFY
#define NODE_STRINGIFY(n) NODE_STRINGIFY_HELPER(n)
Expand Down

0 comments on commit 6e5f96e

Please sign in to comment.