v4.8.2 proposal #12129
Merged
v4.8.2 proposal #12129
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The additional validity checks applied to StartCom and WoSign certificates failed to free memory before returning. Refs: #9469 Fixes: #12033 PR-URL: #12089 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Myles Borins <myles.borins@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
PR-URL: #10980 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Apply unreleased (as of zlib v1.2.11) patch from upstream: - madler/zlib@38e8ce3 Original commit message: Fix CLEAR_HASH macro to be usable as a single statement. As it is used in deflateParams(). PR-URL: #11616 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
nodejs-github-bot
added
meta
|
CI: https://ci.nodejs.org/job/node-test-pull-request/7095/ rc.1: https://nodejs.org/download/rc/v4.8.2-rc.1/ edit: ci failures appear infra related. CITGM failures are all either timeouts or issues with phantomJS |
addaleax
approved these changes
Mar 29, 2017
|
Should we draw attention to Argon entering Maintenance? |
jasnell
approved these changes
Mar 30, 2017
This is a maintenance release to fix a memory leak that was introduced in 4.8.1. It also includes an upgrade to zlib 1.2.11 to fix a number of low severity CVEs that were present in zlib 1.2.8. http://seclists.org/oss-sec/2016/q4/602 Notable changes: * crypto: - fix memory leak if certificate is revoked (Tom Atkinson) #12089 * deps: - upgrade zlib to 1.2.11 (Sam Roberts) #10980
MylesBorins
force-pushed
the
v4.8.2-proposal
branch
from
006622b
to
ea2ceac
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
2017-04-04, Version 4.8.2 'Argon' (LTS), @MylesBorins
This is a special LTS to fix a memory leak that was introduced in 4.8.1.
It also includes an upgrade to zlib 1.2.11 to fix a number of low severity CVEs
that were present in zlib 1.2.8.
Notable Changes
Commits
9d7fba4de2] - crypto: fix memory leak if certificate is revoked (Tom Atkinson) #12089253980ff38] - deps: fix CLEAR_HASH macro to be usable as a single statement (Sam Roberts) #116162e52a2699b] - deps: upgrade zlib to 1.2.11 (Sam Roberts) #10980