diff options
| author | Rod Vagg <rod@vagg.org> | 2018-12-03 23:14:18 +1100 |
|---|---|---|
| committer | Rod Vagg <rod@vagg.org> | 2018-12-03 23:33:57 +1100 |
| commit | cde64500277d7697743e772575738c8415c7d6ab (patch) | |
| tree | 5dd8fd4d9a670472542c7a84f73ef8f4abe718a6 | |
| parent | 5d9005c35963c3fefc93b607dff75c1471e819d7 (diff) | |
| download | node-new-cde64500277d7697743e772575738c8415c7d6ab.tar.gz | |
2018-12-03, Version 6.15.1 'Boron' (LTS)v6.15.1
Notable Changes:
This is a patch release to address a bad backport of the fix for "Slowloris
HTTP Denial of Service" (CVE-2018-12122). Node.js 6.15.0 misapplies the headers
timeout to an entire keep-alive HTTP session, resulting in prematurely
disconnected sockets.
PR-URL: https://github.com/nodejs/node/pull/24803
Refs: https://github.com/nodejs/node/pull/24796
Refs: https://github.com/nodejs/node/issues/24760
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
| -rw-r--r-- | CHANGELOG.md | 3 | ||||
| -rw-r--r-- | doc/changelogs/CHANGELOG_V6.md | 12 | ||||
| -rw-r--r-- | src/node_version.h | 2 |
3 files changed, 15 insertions, 2 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index a5eb8df109..adac1878c3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,7 +26,8 @@ release. </tr> <tr> <td valign="top"> -<b><a href="doc/changelogs/CHANGELOG_V6.md#6.15.0">6.15.0</a></b><br/> +<b><a href="doc/changelogs/CHANGELOG_V6.md#6.15.1">6.15.1</a></b><br/> +<a href="doc/changelogs/CHANGELOG_V6.md#6.15.0">6.15.0</a><br/> <a href="doc/changelogs/CHANGELOG_V6.md#6.14.4">6.14.4</a><br/> <a href="doc/changelogs/CHANGELOG_V6.md#6.14.3">6.14.3</a><br/> <a href="doc/changelogs/CHANGELOG_V6.md#6.14.2">6.14.2</a><br/> diff --git a/doc/changelogs/CHANGELOG_V6.md b/doc/changelogs/CHANGELOG_V6.md index 9e5ff731f2..aeaaff1d07 100644 --- a/doc/changelogs/CHANGELOG_V6.md +++ b/doc/changelogs/CHANGELOG_V6.md @@ -7,6 +7,7 @@ </tr> <tr> <td valign="top"> +<a href="#6.15.1">6.15.1</a><br/> <a href="#6.15.0">6.15.0</a><br/> <a href="#6.14.4">6.14.4</a><br/> <a href="#6.14.3">6.14.3</a><br/> @@ -66,6 +67,17 @@ [Node.js Long Term Support Plan](https://github.com/nodejs/LTS) and will be supported actively until April 2018 and maintained until April 2019. +<a id="6.15.1"></a> +## 2018-12-03, Version 6.15.1 'Boron' (LTS), @rvagg + +### Notable Changes + +This is a patch release to address a bad backport of the fix for "Slowloris HTTP Denial of Service" (CVE-2018-12122). Node.js 6.15.0 misapplies the headers timeout to an entire keep-alive HTTP session, resulting in prematurely disconnected sockets. + +### Commits + +* [[`5d9005c359`](https://github.com/nodejs/node/commit/5d9005c359)] - **http**: fix backport of Slowloris headers (Matteo Collina) [#24796](https://github.com/nodejs/node/pull/24796) + <a id="6.15.0"></a> ## 2018-11-27, Version 6.15.0 'Boron' (LTS), @rvagg diff --git a/src/node_version.h b/src/node_version.h index f474399fbf..601cc3711a 100644 --- a/src/node_version.h +++ b/src/node_version.h @@ -8,7 +8,7 @@ #define NODE_VERSION_IS_LTS 1 #define NODE_VERSION_LTS_CODENAME "Boron" -#define NODE_VERSION_IS_RELEASE 0 +#define NODE_VERSION_IS_RELEASE 1 #ifndef NODE_STRINGIFY #define NODE_STRINGIFY(n) NODE_STRINGIFY_HELPER(n) |