diff options
| author | isaacs <i@izs.me> | 2013-01-09 17:21:16 -0800 |
|---|---|---|
| committer | isaacs <i@izs.me> | 2013-01-09 17:21:16 -0800 |
| commit | 6d9ee4b1843868850d950c037bbf696f72170c0c (patch) | |
| tree | 244e5b216b016fa597ab3c574d7258930f292007 | |
| parent | 1388171d96de037cd897d19e5c40b87685052446 (diff) | |
| download | node-new-6d9ee4b1843868850d950c037bbf696f72170c0c.tar.gz | |
blog: Add security notice to v0.8.17 post
| -rw-r--r-- | doc/blog/release/v0.8.17.md | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/doc/blog/release/v0.8.17.md b/doc/blog/release/v0.8.17.md index abd61ac39d..a1efb50c68 100644 --- a/doc/blog/release/v0.8.17.md +++ b/doc/blog/release/v0.8.17.md @@ -4,6 +4,18 @@ slug: node-v0-8-17-stable category: release version: 0.8.17 +This release addresses a potential security vulnerability. + +If you do not use TypedArrays, then you're fine (but should still +upgrade for other reasons, like better performance and npm +peerDependencies.) + +If you use TypedArrays, you should upgrade to v0.8.17 as soon as +possible. If user input can affect the size parameter in a +TypedArray, an integer overflow vulnerability could allow an attacker +to write to areas of memory outside the intended buffer. Please +upgrade ASAP. + 2012.01.09, Version 0.8.17 (Stable) * npm: Upgrade to v1.2.0 |