diff options
author | Beth Griggs <Bethany.Griggs@uk.ibm.com> | 2020-02-04 21:17:22 +0000 |
---|---|---|
committer | Beth Griggs <Bethany.Griggs@uk.ibm.com> | 2020-02-06 02:55:47 +0000 |
commit | e65ae4278578e51761bf9253a7c68ade0f9b897c (patch) | |
tree | 65d3dce5bd983da73da196fb50df9f95e190ed4b /CHANGELOG.md | |
parent | f0f2583c912d4c7abf6fb5a9ccd380976f1ab092 (diff) | |
download | node-new-e65ae4278578e51761bf9253a7c68ade0f9b897c.tar.gz |
2020-02-06, Version 12.15.0 'Erbium' (LTS)
This is a security release.
Vulnerabilities fixed:
* **CVE-2019-15606**:
HTTP header values do not have trailing OWS trimmed.
* **CVE-2019-15605**:
HTTP request smuggling using malformed Transfer-Encoding header.
* **CVE-2019-15604**:
Remotely trigger an assertion on a TLS server with a malformed
certificate string.
Also, HTTP parsing is more strict to be more secure. Since this may
cause problems in interoperability with some non-conformant HTTP
implementations, it is possible to disable the strict checks with the
`--insecure-http-parser` command line flag, or the `insecureHTTPParser`
http option. Using the insecure HTTP parser should be avoided.
PR-URL: https://github.com/nodejs-private/node-private/pull/197
Diffstat (limited to 'CHANGELOG.md')
-rw-r--r-- | CHANGELOG.md | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 071d2996b7..974e7f1bad 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -41,7 +41,8 @@ release. <a href="doc/changelogs/CHANGELOG_V13.md#13.0.0">13.0.0</a><br/> </td> <td valign="top"> -<b><a href="doc/changelogs/CHANGELOG_V12.md#12.14.1">12.14.1</a></b><br/> +<b><a href="doc/changelogs/CHANGELOG_V12.md#12.15.0">12.15.0</a></b><br/> +<a href="doc/changelogs/CHANGELOG_V12.md#12.14.1">12.14.1</a><br/> <a href="doc/changelogs/CHANGELOG_V12.md#12.14.0">12.14.0</a><br/> <a href="doc/changelogs/CHANGELOG_V12.md#12.13.1">12.13.1</a><br/> <a href="doc/changelogs/CHANGELOG_V12.md#12.13.0">12.13.0</a><br/> |