Merge remote-tracking branch 'upstream/v0.10'

Conflicts:
	ChangeLog
	deps/uv/ChangeLog
	deps/uv/include/uv-darwin.h
	deps/uv/src/unix/fsevents.c
	deps/uv/src/unix/process.c
	deps/uv/src/version.c
	doc/api/addons.markdown
	doc/api/cluster.markdown
	doc/api/http.markdown
	lib/http.js
	lib/tls.js
	src/node_crypto.cc
	src/node_http_parser.cc
	src/node_version.h
	src/pipe_wrap.cc
	src/v8abbr.h
	src/v8ustack.d
	test/simple/test-http-pipeline-flood.js

13 files changed, 534 insertions, 171 deletions

diff --git a/doc/api/addons.markdown b/doc/api/addons.markdown
index b23b369f02..a7a393db35 100644
--- a/doc/api/addons.markdown
+++ b/doc/api/addons.markdown
@@ -326,12 +326,13 @@ Then in `myobject.h` make your wrapper inherit from `node::ObjectWrap`:
       static void Init(v8::Handle<v8::Object> exports);
 
      private:
-      MyObject();
+      explicit MyObject(double value = 0);
       ~MyObject();
 
       static v8::Handle<v8::Value> New(const v8::Arguments& args);
       static v8::Handle<v8::Value> PlusOne(const v8::Arguments& args);
-      double counter_;
+      static v8::Persistent<v8::Function> constructor;
+      double value_;
     };
 
     #endif
@@ -345,8 +346,13 @@ prototype:
 
     using namespace v8;
 
-    MyObject::MyObject() {};
-    MyObject::~MyObject() {};
+    Persistent<Function> MyObject::constructor;
+
+    MyObject::MyObject(double value) : value_(value) {
+    }
+
+    MyObject::~MyObject() {
+    }
 
     void MyObject::Init(Handle<Object> exports) {
       Isolate* isolate = Isolate::GetCurrent();
@@ -370,11 +376,18 @@ prototype:
       Isolate* isolate = Isolate::GetCurrent();
       HandleScope scope(isolate);
 
-      MyObject* obj = new MyObject();
-      obj->counter_ = args[0]->IsUndefined() ? 0 : args[0]->NumberValue();
-      obj->Wrap(args.This());
-
-      return args.This();
+      if (args.IsConstructCall()) {
+        // Invoked as constructor: `new MyObject(...)`
+        double value = args[0]->IsUndefined() ? 0 : args[0]->NumberValue();
+        MyObject* obj = new MyObject(value);
+        obj->Wrap(args.This());
+        return args.This();
+      } else {
+        // Invoked as plain function `MyObject(...)`, turn into construct call.
+        const int argc = 1;
+        Local<Value> argv[argc] = { args[0] };
+        return scope.Close(constructor->NewInstance(argc, argv));
+      }
     }
 
     Handle<Value> MyObject::PlusOne(const Arguments& args) {
@@ -382,9 +395,9 @@ prototype:
       HandleScope scope(isolate);
 
       MyObject* obj = ObjectWrap::Unwrap<MyObject>(args.This());
-      obj->counter_ += 1;
+      obj->value_ += 1;
 
-      return scope.Close(Number::New(obj->counter_));
+      return scope.Close(Number::New(obj->value_));
     }
 
 Test it with:
@@ -441,13 +454,13 @@ care of instantiating the object (i.e. it does the job of `new` in JavaScript):
       static v8::Handle<v8::Value> NewInstance(const v8::Arguments& args);
 
      private:
-      MyObject();
+      explicit MyObject(double value = 0);
       ~MyObject();
 
-      static v8::Persistent<v8::Function> constructor;
       static v8::Handle<v8::Value> New(const v8::Arguments& args);
       static v8::Handle<v8::Value> PlusOne(const v8::Arguments& args);
-      double counter_;
+      static v8::Persistent<v8::Function> constructor;
+      double value_;
     };
 
     #endif
@@ -459,11 +472,14 @@ The implementation is similar to the above in `myobject.cc`:
 
     using namespace v8;
 
-    MyObject::MyObject() {};
-    MyObject::~MyObject() {};
-
     Persistent<Function> MyObject::constructor;
 
+    MyObject::MyObject(double value) : value_(value) {
+    }
+
+    MyObject::~MyObject() {
+    }
+
     void MyObject::Init() {
       Isolate* isolate = Isolate::GetCurrent();
       // Prepare constructor template
@@ -474,19 +490,30 @@ The implementation is similar to the above in `myobject.cc`:
       // Prototype
       tpl->PrototypeTemplate()->Set(String::NewSymbol("plusOne"),
           FunctionTemplate::New(PlusOne)->GetFunction());
+<<<<<<< HEAD
 
       constructor = Persistent<Function>::New(isolate, tpl->GetFunction());
+=======
+      constructor = Persistent<Function>::New(tpl->GetFunction());
+>>>>>>> upstream/v0.10
     }
 
     Handle<Value> MyObject::New(const Arguments& args) {
       Isolate* isolate = Isolate::GetCurrent();
       HandleScope scope(isolate);
 
-      MyObject* obj = new MyObject();
-      obj->counter_ = args[0]->IsUndefined() ? 0 : args[0]->NumberValue();
-      obj->Wrap(args.This());
-
-      return args.This();
+      if (args.IsConstructCall()) {
+        // Invoked as constructor: `new MyObject(...)`
+        double value = args[0]->IsUndefined() ? 0 : args[0]->NumberValue();
+        MyObject* obj = new MyObject(value);
+        obj->Wrap(args.This());
+        return args.This();
+      } else {
+        // Invoked as plain function `MyObject(...)`, turn into construct call.
+        const int argc = 1;
+        Local<Value> argv[argc] = { args[0] };
+        return scope.Close(constructor->NewInstance(argc, argv));
+      }
     }
 
     Handle<Value> MyObject::NewInstance(const Arguments& args) {
@@ -505,9 +532,9 @@ The implementation is similar to the above in `myobject.cc`:
       HandleScope scope(isolate);
 
       MyObject* obj = ObjectWrap::Unwrap<MyObject>(args.This());
-      obj->counter_ += 1;
+      obj->value_ += 1;
 
-      return scope.Close(Number::New(obj->counter_));
+      return scope.Close(Number::New(obj->value_));
     }
 
 Test it with:
@@ -552,7 +579,7 @@ In the following `addon.cc` we introduce a function `add()` that can take on two
       MyObject* obj2 = node::ObjectWrap::Unwrap<MyObject>(
           args[1]->ToObject());
 
-      double sum = obj1->Val() + obj2->Val();
+      double sum = obj1->Value() + obj2->Value();
       return scope.Close(Number::New(sum));
     }
 
@@ -580,15 +607,15 @@ can probe private values after unwrapping the object:
      public:
       static void Init();
       static v8::Handle<v8::Value> NewInstance(const v8::Arguments& args);
-      double Val() const { return val_; }
+      double Value() const { return value_; }
 
      private:
-      MyObject();
+      explicit MyObject(double value = 0);
       ~MyObject();
 
-      static v8::Persistent<v8::Function> constructor;
       static v8::Handle<v8::Value> New(const v8::Arguments& args);
-      double val_;
+      static v8::Persistent<v8::Function> constructor;
+      double value_;
     };
 
     #endif
@@ -600,11 +627,14 @@ The implementation of `myobject.cc` is similar as before:
 
     using namespace v8;
 
-    MyObject::MyObject() {};
-    MyObject::~MyObject() {};
-
     Persistent<Function> MyObject::constructor;
 
+    MyObject::MyObject(double value) : value_(value) {
+    }
+
+    MyObject::~MyObject() {
+    }
+
     void MyObject::Init() {
       Isolate* isolate = Isolate::GetCurrent();
 
@@ -612,19 +642,30 @@ The implementation of `myobject.cc` is similar as before:
       Local<FunctionTemplate> tpl = FunctionTemplate::New(New);
       tpl->SetClassName(String::NewSymbol("MyObject"));
       tpl->InstanceTemplate()->SetInternalFieldCount(1);
+<<<<<<< HEAD
 
       constructor = Persistent<Function>::New(isolate, tpl->GetFunction());
+=======
+      constructor = Persistent<Function>::New(tpl->GetFunction());
+>>>>>>> upstream/v0.10
     }
 
     Handle<Value> MyObject::New(const Arguments& args) {
       Isolate* isolate = Isolate::GetCurrent();
       HandleScope scope(isolate);
 
-      MyObject* obj = new MyObject();
-      obj->val_ = args[0]->IsUndefined() ? 0 : args[0]->NumberValue();
-      obj->Wrap(args.This());
-
-      return args.This();
+      if (args.IsConstructCall()) {
+        // Invoked as constructor: `new MyObject(...)`
+        double value = args[0]->IsUndefined() ? 0 : args[0]->NumberValue();
+        MyObject* obj = new MyObject(value);
+        obj->Wrap(args.This());
+        return args.This();
+      } else {
+        // Invoked as plain function `MyObject(...)`, turn into construct call.
+        const int argc = 1;
+        Local<Value> argv[argc] = { args[0] };
+        return scope.Close(constructor->NewInstance(argc, argv));
+      }
     }
 
     Handle<Value> MyObject::NewInstance(const Arguments& args) {
diff --git a/doc/api/child_process.markdown b/doc/api/child_process.markdown
index 4aef436371..c9113f4b92 100644
--- a/doc/api/child_process.markdown
+++ b/doc/api/child_process.markdown
@@ -52,6 +52,9 @@ of the signal, otherwise `null`.
 
 Note that the child process stdio streams might still be open.
 
+Also, note that node establishes signal handlers for `'SIGINT'` and `'SIGTERM`',
+so it will not terminate due to receipt of those signals, it will exit.
+
 See `waitpid(2)`.
 
 ### Event: 'close'
@@ -66,10 +69,9 @@ might share the same stdio streams.
 
 ### Event: 'disconnect'
 
-This event is emitted after using the `.disconnect()` method in the parent or
-in the child. After disconnecting it is no longer possible to send messages.
-An alternative way to check if you can send messages is to see if the
-`child.connected` property is `true`.
+This event is emitted after calling the `.disconnect()` method in the parent
+or in the child. After disconnecting it is no longer possible to send messages,
+and the `.connected` property is false.
 
 ### Event: 'message'
 
@@ -121,6 +123,12 @@ Example:
     console.log('Spawned child pid: ' + grep.pid);
     grep.stdin.end();
 
+### child.connected
+
+* {Boolean} Set to false after `.disconnect' is called
+
+If `.connected` is false, it is no longer possible to send messages.
+
 ### child.kill([signal])
 
 * `signal` {String}
@@ -265,12 +273,15 @@ It is also recommended not to use `.maxConnections` in this condition.
 
 ### child.disconnect()
 
-To close the IPC connection between parent and child use the
-`child.disconnect()` method. This allows the child to exit gracefully since
-there is no IPC channel keeping it alive. When calling this method the
-`disconnect` event will be emitted in both parent and child, and the
-`connected` flag will be set to `false`. Please note that you can also call
-`process.disconnect()` in the child process.
+Close the IPC channel between parent and child, allowing the child to exit
+gracefully once there are no other connections keeping it alive. After calling
+this method the `.connected` flag will be set to `false` in both the parent and
+child, and it is no longer possible to send messages.
+
+The 'disconnect' event will be emitted when there are no messages in the process
+of being received, most likely immediately.
+
+Note that you can also call `process.disconnect()` in the child process.
 
 ## child_process.spawn(command, [args], [options])
 
@@ -469,7 +480,7 @@ See also: `child_process.exec()` and `child_process.fork()`
      understand the `-c` switch on UNIX or `/s /c` on Windows. On Windows,
      command line parsing should be compatible with `cmd.exe`.)
   * `timeout` {Number} (Default: 0)
-  * `maxBuffer` {Number} (Default: 200*1024)
+  * `maxBuffer` {Number} (Default: `200*1024`)
   * `killSignal` {String} (Default: 'SIGTERM')
 * `callback` {Function} called with the output when process terminates
   * `error` {Error}
@@ -535,7 +546,7 @@ subshell but rather the specified file directly. This makes it slightly
 leaner than `child_process.exec`. It has the same options.
 
 
-## child\_process.fork(modulePath, [args], [options])
+## child_process.fork(modulePath, [args], [options])
 
 * `modulePath` {String} The module to run in the child
 * `args` {Array} List of string arguments
@@ -544,6 +555,8 @@ leaner than `child_process.exec`. It has the same options.
   * `env` {Object} Environment key-value pairs
   * `encoding` {String} (Default: 'utf8')
   * `execPath` {String} Executable used to create the child process
+  * `silent` {Boolean} If true, prevent stdout and stderr in the spawned node
+    process from being associated with the parent's (default is false)
 * Return: ChildProcess object
 
 This is a special case of the `spawn()` functionality for spawning Node
@@ -551,13 +564,6 @@ processes. In addition to having all the methods in a normal ChildProcess
 instance, the returned object has a communication channel built-in. See
 `child.send(message, [sendHandle])` for details.
 
-By default the spawned Node process will have the stdout, stderr associated
-with the parent's. To change this behavior set the `silent` property in the
-`options` object to `true`.
-
-The child process does not automatically exit once it's done, you need to call
-`process.exit()` explicitly. This limitation may be lifted in the future.
-
 These child Nodes are still whole new instances of V8. Assume at least 30ms
 startup and 10mb memory for each new Node. That is, you cannot create many
 thousands of them.
diff --git a/doc/api/cluster.markdown b/doc/api/cluster.markdown
index c8bccec217..414a00cef0 100644
--- a/doc/api/cluster.markdown
+++ b/doc/api/cluster.markdown
@@ -6,7 +6,7 @@ A single instance of Node runs in a single thread. To take advantage of
 multi-core systems the user will sometimes want to launch a cluster of Node
 processes to handle the load.
 
-The cluster module allows you to easily create a network of processes that
+The cluster module allows you to easily create child processes that
 all share server ports.
 
     var cluster = require('cluster');
@@ -121,13 +121,18 @@ values are `"rr"` and `"none"`.
 ## cluster.settings
 
 * {Object}
-  * `exec` {String} file path to worker file.  (Default=`__filename`)
+  * `exec` {String} file path to worker file.  (Default=`process.argv[1]`)
   * `args` {Array} string arguments passed to worker.
     (Default=`process.argv.slice(2)`)
   * `silent` {Boolean} whether or not to send output to parent's stdio.
     (Default=`false`)
 
-All settings set by the `.setupMaster` is stored in this settings object.
+After calling `.setupMaster()` (or `.fork()`) this settings object will contain
+the settings, including the default values.
+
+It is effectively frozen after being set, because `.setupMaster()` can
+only be called once.
+
 This object is not supposed to be changed or set manually, by you.
 
 ## cluster.isMaster
@@ -142,9 +147,7 @@ undefined, then `isMaster` is `true`.
 
 * {Boolean}
 
-This boolean flag is true if the process is a worker forked from a master.
-If the `process.env.NODE_UNIQUE_ID` is set to a value, then
-`isWorker` is `true`.
+True if the process is not a master (it is the negation of `cluster.isMaster`).
 
 ## Event: 'fork'
 
@@ -173,11 +176,10 @@ This can be used to log worker activity, and create you own timeout.
 
 * `worker` {Worker object}
 
-After forking a new worker, the worker should respond with a online message.
-When the master receives a online message it will emit such event.
+After forking a new worker, the worker should respond with an online message.
+When the master receives an online message it will emit this event.
 The difference between 'fork' and 'online' is that fork is emitted when the
-master tries to fork a worker, and 'online' is emitted when the worker is
-being executed.
+master forks a worker, and 'online' is emitted when the worker is running.
 
     cluster.on('online', function(worker) {
       console.log("Yay, the worker responded after it was forked");
@@ -188,9 +190,8 @@ being executed.
 * `worker` {Worker object}
 * `address` {Object}
 
-When calling `listen()` from a worker, a 'listening' event is automatically assigned
-to the server instance. When the server is listening a message is send to the master
-where the 'listening' event is emitted.
+After calling `listen()` from a worker, when the 'listening' event is emitted on
+the server, a listening event will also be emitted on `cluster` in the master.
 
 The event handler is executed with two arguments, the `worker` contains the worker
 object and the `address` object contains the following connection properties:
@@ -201,18 +202,24 @@ on more than one address.
       console.log("A worker is now connected to " + address.address + ":" + address.port);
     });
 
+The `addressType` is one of:
+
+* `4' (TCPv4)
+* `6` (TCPv6)
+* `-1` (unix domain socket)
+* `"udp4"` or `"udp6"` (UDP v4 or v6)
+
 ## Event: 'disconnect'
 
 * `worker` {Worker object}
 
-When a workers IPC channel has disconnected this event is emitted.
-This will happen when the worker dies, usually after calling
-`.kill()`.
+Emitted after the worker IPC channel has disconnected. This can occur when a
+worker exits gracefully, is killed, or is disconnected manually (such as with
+worker.disconnect()).
 
-When calling `.disconnect()`, there may be a delay between the
-`disconnect` and `exit` events.  This event can be used to detect if
-the process is stuck in a cleanup or if there are long-living
-connections.
+There may be a delay between the `disconnect` and `exit` events.  These events
+can be used to detect if the process is stuck in a cleanup or if there are
+long-living connections.
 
     cluster.on('disconnect', function(worker) {
       console.log('The worker #' + worker.id + ' has disconnected');
@@ -226,33 +233,42 @@ connections.
   the process to be killed.
 
 When any of the workers die the cluster module will emit the 'exit' event.
-This can be used to restart the worker by calling `fork()` again.
+
+This can be used to restart the worker by calling `.fork()` again.
 
     cluster.on('exit', function(worker, code, signal) {
-      var exitCode = worker.process.exitCode;
-      console.log('worker ' + worker.process.pid + ' died ('+exitCode+'). restarting...');
+      console.log('worker %d died (%s). restarting...',
+        worker.process.pid, signal || code);
       cluster.fork();
     });
 
-## Event: 'setup'
+See [child_process event: 'exit'](child_process.html#child_process_event_exit).
 
-* `worker` {Worker object}
+## Event: 'setup'
 
-When the `.setupMaster()` function has been executed this event emits.
-If `.setupMaster()` was not executed before `fork()` this function will
-call `.setupMaster()` with no arguments.
+Emitted the first time that `.setupMaster()` is called.
 
 ## cluster.setupMaster([settings])
 
 * `settings` {Object}
-  * `exec` {String} file path to worker file.  (Default=`__filename`)
+  * `exec` {String} file path to worker file.  (Default=`process.argv[1]`)
   * `args` {Array} string arguments passed to worker.
     (Default=`process.argv.slice(2)`)
   * `silent` {Boolean} whether or not to send output to parent's stdio.
     (Default=`false`)
 
-`setupMaster` is used to change the default 'fork' behavior. The new settings
-are effective immediately and permanently, they cannot be changed later on.
+`setupMaster` is used to change the default 'fork' behavior. Once called,
+the settings will be present in `cluster.settings`.
+
+Note that:
+
+* Only the first call to `.setupMaster()` has any effect, subsequent calls are
+  ignored
+* That because of the above, the *only* attribute of a worker that may be
+  customized per-worker is the `env` passed to `.fork()`
+* `.fork()` calls `.setupMaster()` internally to establish the defaults, so to
+  have any effect, `.setupMaster()` must be called *before* any calls to
+  `.fork()`
 
 Example:
 
@@ -264,23 +280,31 @@ Example:
     });
     cluster.fork();
 
+This can only be called from the master process.
+
 ## cluster.fork([env])
 
-* `env` {Object} Key/value pairs to add to child process environment.
+* `env` {Object} Key/value pairs to add to worker process environment.
 * return {Worker object}
 
-Spawn a new worker process. This can only be called from the master process.
+Spawn a new worker process.
+
+This can only be called from the master process.
 
 ## cluster.disconnect([callback])
 
-* `callback` {Function} called when all workers are disconnected and handlers are closed
+* `callback` {Function} called when all workers are disconnected and handles are
+  closed
 
-When calling this method, all workers will commit a graceful suicide. When they are
-disconnected all internal handlers will be closed, allowing the master process to
-die graceful if no other event is waiting.
+Calls `.disconnect()` on each worker in `cluster.workers`.
+
+When they are disconnected all internal handles will be closed, allowing the
+master process to die gracefully if no other event is waiting.
 
 The method takes an optional callback argument which will be called when finished.
 
+This can only be called from the master process.
+
 ## cluster.worker
 
 * {Object}
@@ -305,6 +329,9 @@ A hash that stores the active worker objects, keyed by `id` field. Makes it
 easy to loop through all the workers. It is only available in the master
 process.
 
+A worker is removed from cluster.workers just before the `'disconnect'` or
+`'exit'` event is emitted.
+
     // Go through all workers
     function eachWorker(callback) {
       for (var id in cluster.workers) {
@@ -343,17 +370,33 @@ cluster.workers
 * {ChildProcess object}
 
 All workers are created using `child_process.fork()`, the returned object
-from this function is stored in process.
+from this function is stored as `.process`. In a worker, the global `process`
+is stored.
 
-See: [Child Process module](child_process.html)
+See: [Child Process module](
+child_process.html#child_process_child_process_fork_modulepath_args_options)
+
+Note that workers will call `process.exit(0)` if the `'disconnect'` event occurs
+on `process` and `.suicide` is not `true`. This protects against accidental
+disconnection.
 
 ### worker.suicide
 
 * {Boolean}
 
-This property is a boolean. It is set when a worker dies after calling
-`.kill()` or immediately after calling the `.disconnect()` method.
-Until then it is `undefined`.
+Set by calling `.kill()` or `.disconnect()`, until then it is `undefined`.
+
+The boolean `worker.suicide` lets you distinguish between voluntary and accidental
+exit, the master may choose not to respawn a worker based on this value.
+
+    cluster.on('exit', function(worker, code, signal) {
+      if (worker.suicide === true) {
+        console.log('Oh, it was just suicide\' – no need to worry').
+      }
+    });
+
+    // kill worker
+    worker.kill();
 
 ### worker.send(message, [sendHandle])
 
@@ -362,8 +405,9 @@ Until then it is `undefined`.
 
 This function is equal to the send methods provided by
 `child_process.fork()`.  In the master you should use this function to
-send a message to a specific worker.  However in a worker you can also use
-`process.send(message)`, since this is the same function.
+send a message to a specific worker.
+
+In a worker you can also use `process.send(message)`, it is the same function.
 
 This example will echo back all messages from the master:
 
@@ -382,44 +426,54 @@ This example will echo back all messages from the master:
 * `signal` {String} Name of the kill signal to send to the worker
   process.
 
-This function will kill the worker, and inform the master to not spawn a
-new worker.  The boolean `suicide` lets you distinguish between voluntary
-and accidental exit.
+This function will kill the worker. In the master, it does this by disconnecting
+the `worker.process`, and once disconnected, killing with `signal`. In the
+worker, it does it by disconnecting the channel, and then exiting with code `0`.
 
-    cluster.on('exit', function(worker, code, signal) {
-      if (worker.suicide === true) {
-        console.log('Oh, it was just suicide\' – no need to worry').
-      }
-    });
+Causes `.suicide` to be set.
 
-    // kill worker
-    worker.kill();
+This method is aliased as `worker.destroy()` for backwards compatibility.
 
-This method is aliased as `worker.destroy()` for backwards
-compatibility.
+Note that in a worker, `process.kill()` exists, but it is not this function,
+it is [kill](process.html#process_process_kill_pid_signal).
 
 ### worker.disconnect()
 
-When calling this function the worker will no longer accept new connections, but
-they will be handled by any other listening worker. Existing connection will be
-allowed to exit as usual. When no more connections exist, the IPC channel to the worker
-will close allowing it to die graceful. When the IPC channel is closed the `disconnect`
-event will emit, this is then followed by the `exit` event, there is emitted when
-the worker finally die.
+In a worker, this function will close all servers, wait for the 'close' event on
+those servers, and then disconnect the IPC channel.
+
+In the master, an internal message is sent to the worker causing it to call
+`.disconnect()` on itself.
+
+Causes `.suicide` to be set.
 
-Because there might be long living connections, it is useful to implement a timeout.
-This example ask the worker to disconnect and after 2 seconds it will destroy the
-server. An alternative would be to execute `worker.kill()` after 2 seconds, but
-that would normally not allow the worker to do any cleanup if needed.
+Note that after a server is closed, it will no longer accept new connections,
+but connections may be accepted by any other listening worker. Existing
+connections will be allowed to close as usual. When no more connections exist,
+see [server.close()](net.html#net_event_close), the IPC channel to the worker
+will close allowing it to die gracefully.
+
+The above applies *only* to server connections, client connections are not
+automatically closed by workers, and disconnect does not wait for them to close
+before exiting.
+
+Note that in a worker, `process.disconnect` exists, but it is not this function,
+it is [disconnect](child_process.html#child_process_child_disconnect).
+
+Because long living server connections may block workers from disconnecting, it
+may be useful to send a message, so application specific actions may be taken to
+close them. It also may be useful to implement a timeout, killing a worker if
+the `disconnect` event has not been emitted after some time.
 
     if (cluster.isMaster) {
       var worker = cluster.fork();
       var timeout;
 
       worker.on('listening', function(address) {
+        worker.send('shutdown');
         worker.disconnect();
         timeout = setTimeout(function() {
-          worker.send('force kill');
+          worker.kill();
         }, 2000);
       });
 
@@ -430,18 +484,14 @@ that would normally not allow the worker to do any cleanup if needed.
     } else if (cluster.isWorker) {
       var net = require('net');
       var server = net.createServer(function(socket) {
-        // connection never end
+        // connections never end
       });
 
       server.listen(8000);
 
-      server.on('close', function() {
-        // cleanup
-      });
-
       process.on('message', function(msg) {
-        if (msg === 'force kill') {
-          server.close();
+        if(msg === 'shutdown') {
+          // initiate graceful close of any connections to server
         }
       });
     }
@@ -451,8 +501,8 @@ that would normally not allow the worker to do any cleanup if needed.
 * `message` {Object}
 
 This event is the same as the one provided by `child_process.fork()`.
-In the master you should use this event, however in a worker you can also use
-`process.on('message')`
+
+In a worker you can also use `process.on('message')`.
 
 As an example, here is a cluster that keeps count of the number of requests
 in the master process using the message system:
@@ -499,28 +549,29 @@ in the master process using the message system:
 
 ### Event: 'online'
 
-Same as the `cluster.on('online')` event, but emits only when the state change
-on the specified worker.
+Similar to the `cluster.on('online')` event, but specific to this worker.
 
     cluster.fork().on('online', function() {
       // Worker is online
     });
 
+It is not emitted in the worker.
+
 ### Event: 'listening'
 
 * `address` {Object}
 
-Same as the `cluster.on('listening')` event, but emits only when the state change
-on the specified worker.
+Similar to the `cluster.on('listening')` event, but specific to this worker.
 
     cluster.fork().on('listening', function(address) {
       // Worker is listening
     });
 
+It is not emitted in the worker.
+
 ### Event: 'disconnect'
 
-Same as the `cluster.on('disconnect')` event, but emits only when the state change
-on the specified worker.
+Similar to the `cluster.on('disconnect')` event, but specfic to this worker.
 
     cluster.fork().on('disconnect', function() {
       // Worker has disconnected
@@ -532,8 +583,7 @@ on the specified worker.
 * `signal` {String} the name of the signal (eg. `'SIGHUP'`) that caused
   the process to be killed.
 
-Emitted by the individual worker instance, when the underlying child process
-is terminated.  See [child_process event: 'exit'](child_process.html#child_process_event_exit).
+Similar to the `cluster.on('exit')` event, but specific to this worker.
 
     var worker = cluster.fork();
     worker.on('exit', function(code, signal) {
@@ -545,3 +595,9 @@ is terminated.  See [child_process event: 'exit'](child_process.html#child_proce
         console.log("worker success!");
       }
     });
+
+### Event: 'error'
+
+This event is the same as the one provided by `child_process.fork()`.
+
+In a worker you can also use `process.on('error')`.
diff --git a/doc/api/fs.markdown b/doc/api/fs.markdown
index daf5f0b360..bb640b965c 100644
--- a/doc/api/fs.markdown
+++ b/doc/api/fs.markdown
@@ -639,6 +639,13 @@ Then call the `callback` argument with either true or false.  Example:
       util.debug(exists ? "it's there" : "no passwd!");
     });
 
+`fs.exists()` is an anachronism and exists only for historical reasons.
+There should almost never be a reason to use it in your own code.
+
+In particular, checking if a file exists before opening it is an anti-pattern
+that leaves you vulnerable to race conditions: another process may remove the
+file between the calls to `fs.exists()` and `fs.open()`.  Just open the file
+and handle the error when it's not there.
 
 ## fs.existsSync(path)
 
diff --git a/doc/api/http.markdown b/doc/api/http.markdown
index 7088ee3ddd..ed390d3aa5 100644
--- a/doc/api/http.markdown
+++ b/doc/api/http.markdown
@@ -74,8 +74,8 @@ This is an [EventEmitter][] with the following events:
 
 Emitted each time there is a request. Note that there may be multiple requests
 per connection (in the case of keep-alive connections).
-`request` is an instance of `http.IncomingMessage` and `response` is
-an instance of `http.ServerResponse`
+ `request` is an instance of [http.IncomingMessage][] and `response` is
+an instance of [http.ServerResponse][].
 
 ### Event: 'connection'
 
@@ -101,7 +101,7 @@ Emitted each time a request with an http Expect: 100-continue is received.
 If this event isn't listened for, the server will automatically respond
 with a 100 Continue as appropriate.
 
-Handling this event involves calling `response.writeContinue` if the client
+Handling this event involves calling [response.writeContinue()][] if the client
 should continue to send the request body, or generating an appropriate HTTP
 response (e.g., 400 Bad Request) if the client should not continue to send the
 request body.
@@ -251,7 +251,7 @@ The response implements the [Writable Stream][] interface. This is an
 `function () { }`
 
 Indicates that the underlying connection was terminated before
-`response.end()` was called or able to flush.
+[response.end()][] was called or able to flush.
 
 ### response.writeContinue()
 
@@ -273,9 +273,9 @@ Example:
       'Content-Type': 'text/plain' });
 
 This method must only be called once on a message and it must
-be called before `response.end()` is called.
+be called before [response.end()][] is called.
 
-If you call `response.write()` or `response.end()` before calling this, the
+If you call [response.write()][] or [response.end()][] before calling this, the
 implicit/mutable headers will be calculated and call this function for you.
 
 Note: that Content-Length is given in bytes not characters. The above example
@@ -302,9 +302,9 @@ sockets.
 
 ### response.statusCode
 
-When using implicit headers (not calling `response.writeHead()` explicitly), this property
-controls the status code that will be sent to the client when the headers get
-flushed.
+When using implicit headers (not calling [response.writeHead()][] explicitly),
+this property controls the status code that will be sent to the client when
+the headers get flushed.
 
 Example:
 
@@ -374,8 +374,8 @@ Example:
 
 ### response.write(chunk, [encoding])
 
-If this method is called and `response.writeHead()` has not been called, it will
-switch to implicit header mode and flush the implicit headers.
+If this method is called and [response.writeHead()][] has not been called,
+it will switch to implicit header mode and flush the implicit headers.
 
 This sends a chunk of the response body. This method may
 be called multiple times to provide successive parts of the body.
@@ -463,7 +463,7 @@ Options:
   send TCP KeepAlive packets over sockets being kept alive.  Default =
   `1000`.  Only relevant if `keepAlive` is set to `true`.
 
-`http.request()` returns an instance of the `http.ClientRequest`
+`http.request()` returns an instance of the [http.ClientRequest][]
 class. The `ClientRequest` instance is a writable stream. If one needs to
 upload a file with a POST request, then write to the `ClientRequest` object.
 
@@ -664,7 +664,7 @@ data chunk or when closing the connection.
 To get the response, add a listener for `'response'` to the request object.
 `'response'` will be emitted from the request object when the response
 headers have been received.  The `'response'` event is executed with one
-argument which is an instance of `http.IncomingMessage`.
+argument which is an instance of [http.IncomingMessage][].
 
 During the `'response'` event, one can add listeners to the
 response object; particularly to listen for the `'data'` event.
@@ -689,7 +689,7 @@ The request implements the [Writable Stream][] interface. This is an
 `function (response) { }`
 
 Emitted when a response is received to this request. This event is emitted only
-once. The `response` argument will be an instance of `http.IncomingMessage`.
+once. The `response` argument will be an instance of [http.IncomingMessage][].
 
 Options:
 
@@ -868,9 +868,10 @@ Once a socket is assigned to this request and is connected
 
 ## http.IncomingMessage
 
-An `IncomingMessage` object is created by `http.Server` or `http.ClientRequest`
-and passed as the first argument to the `'request'` and `'response'` event
-respectively. It may be used to access response status, headers and data.
+An `IncomingMessage` object is created by [http.Server][] or
+[http.ClientRequest][] and passed as the first argument to the `'request'`
+and `'response'` event respectively. It may be used to access response status,
+headers and data.
 
 It implements the [Readable Stream][] interface, as well as the
 following additional events, methods, and properties.
@@ -879,11 +880,8 @@ following additional events, methods, and properties.
 
 `function () { }`
 
-Indicates that the underlaying connection was terminated before
-`response.end()` was called or able to flush.
-
-Just like `'end'`, this event occurs only once per response. See
-[http.ServerResponse][]'s `'close'` event for more information.
+Indicates that the underlaying connection was closed.
+Just like `'end'`, this event occurs only once per response.
 
 ### message.httpVersion
 
@@ -948,14 +946,14 @@ Calls `message.connection.setTimeout(msecs, callback)`.
 
 ### message.method
 
-**Only valid for request obtained from `http.Server`.**
+**Only valid for request obtained from [http.Server][].**
 
 The request method as a string. Read only. Example:
 `'GET'`, `'DELETE'`.
 
 ### message.url
 
-**Only valid for request obtained from `http.Server`.**
+**Only valid for request obtained from [http.Server][].**
 
 Request URL string. This contains only the URL that is
 present in the actual HTTP request. If the request is:
@@ -1002,21 +1000,29 @@ request.connection.getPeerCertificate() to obtain the client's
 authentication details.
 
 
-[Agent]: #http_class_http_agent
 ['checkContinue']: #http_event_checkcontinue
+['listening']: net.html#net_event_listening
+[Agent]: #http_class_http_agent
 [Buffer]: buffer.html#buffer_buffer
 [EventEmitter]: events.html#events_class_events_eventemitter
+[Readable Stream]: stream.html#stream_readable_stream
+[Writable Stream]: stream.html#stream_writable_stream
 [global Agent]: #http_http_globalagent
+[http.ClientRequest]: #http_class_http_clientrequest
+[http.IncomingMessage]: #http_http_incomingmessage
+[http.ServerResponse]: #http_class_http_serverresponse
+[http.Server]: #http_class_http_server
+[http.request()]: #http_http_request_options_callback
 [http.request()]: #http_http_request_options_callback
-[http.IncomingMessage]: #http_class_http_incomingmessage
-['listening']: net.html#net_event_listening
 [net.Server.close()]: net.html#net_server_close_callback
 [net.Server.listen(path)]: net.html#net_server_listen_path_callback
 [net.Server.listen(port)]: net.html#net_server_listen_port_host_backlog_callback
-[Readable Stream]: stream.html#stream_readable_stream
+[response.end()]: #http_response_end_data_encoding
+[response.write()]: #http_response_write_chunk_encoding
+[response.writeContinue()]: #http_response_writecontinue
+[response.writeHead()]: #http_response_writehead_statuscode_reasonphrase_headers
 [socket.setKeepAlive()]: net.html#net_socket_setkeepalive_enable_initialdelay
 [socket.setNoDelay()]: net.html#net_socket_setnodelay_nodelay
 [socket.setTimeout()]: net.html#net_socket_settimeout_timeout_callback
 [stream.setEncoding()]: stream.html#stream_stream_setencoding_encoding
 [url.parse()]: url.html#url_url_parse_urlstr_parsequerystring_slashesdenotehost
-[Writable Stream]: stream.html#stream_writable_stream
diff --git a/doc/api/net.markdown b/doc/api/net.markdown
index 1d7b6d2dda..c44b06d8d3 100644
--- a/doc/api/net.markdown
+++ b/doc/api/net.markdown
@@ -118,7 +118,6 @@ The `connectListener` parameter will be added as an listener for the
 ## Class: net.Server
 
 This class is used to create a TCP or UNIX server.
-A server is a `net.Socket` that can listen for new incoming connections.
 
 ### server.listen(port, [host], [backlog], [callback])
 
diff --git a/doc/api/os.markdown b/doc/api/os.markdown
index 928a79e881..58a80d074d 100644
--- a/doc/api/os.markdown
+++ b/doc/api/os.markdown
@@ -43,6 +43,14 @@ Returns the system uptime in seconds.
 
 Returns an array containing the 1, 5, and 15 minute load averages.
 
+The load average is a measure of system activity, calculated by the operating
+system and expressed as a fractional number.  As a rule of thumb, the load
+average should ideally be less than the number of logical CPUs in the system.
+
+The load average is a very UNIX-y concept; there is no real equivalent on
+Windows platforms.  That is why this function always returns `[0, 0, 0]` on
+Windows.
+
 ## os.totalmem()
 
 Returns the total amount of system memory in bytes.
diff --git a/doc/api/stream.markdown b/doc/api/stream.markdown
index 29f6785b29..1c4adf92ed 100644
--- a/doc/api/stream.markdown
+++ b/doc/api/stream.markdown
@@ -881,7 +881,7 @@ SimpleProtocol.prototype._read = function(n) {
     strings using the specified encoding.  Default=null
   * `objectMode` {Boolean} Whether this stream should behave
     as a stream of objects. Meaning that stream.read(n) returns
-    a single value instead of a Buffer of size n
+    a single value instead of a Buffer of size n.  Default=false
 
 In classes that extend the Readable class, make sure to call the
 Readable constructor so that the buffering settings can be properly
diff --git a/doc/blog/release/v0.10.20.md b/doc/blog/release/v0.10.20.md
new file mode 100644
index 0000000000..70db1fe92c
--- /dev/null
+++ b/doc/blog/release/v0.10.20.md
@@ -0,0 +1,59 @@
+date: Mon Sep 30 15:05:41 PDT 2013
+version: 0.10.20
+category: release
+title: Node v0.10.20 (Stable)
+slug: node-v0-10-20-stable
+
+2013.09.30, Version 0.10.20 (Stable)
+
+* tls: fix sporadic hang and partial reads (Fedor Indutny)
+  - fixes "npm ERR! cb() never called!"
+
+
+Source Code: http://nodejs.org/dist/v0.10.20/node-v0.10.20.tar.gz
+
+Macintosh Installer (Universal): http://nodejs.org/dist/v0.10.20/node-v0.10.20.pkg
+
+Windows Installer: http://nodejs.org/dist/v0.10.20/node-v0.10.20-x86.msi
+
+Windows x64 Installer: http://nodejs.org/dist/v0.10.20/x64/node-v0.10.20-x64.msi
+
+Windows x64 Files: http://nodejs.org/dist/v0.10.20/x64/
+
+Linux 32-bit Binary: http://nodejs.org/dist/v0.10.20/node-v0.10.20-linux-x86.tar.gz
+
+Linux 64-bit Binary: http://nodejs.org/dist/v0.10.20/node-v0.10.20-linux-x64.tar.gz
+
+Solaris 32-bit Binary: http://nodejs.org/dist/v0.10.20/node-v0.10.20-sunos-x86.tar.gz
+
+Solaris 64-bit Binary: http://nodejs.org/dist/v0.10.20/node-v0.10.20-sunos-x64.tar.gz
+
+Other release files: http://nodejs.org/dist/v0.10.20/
+
+Website: http://nodejs.org/docs/v0.10.20/
+
+Documentation: http://nodejs.org/docs/v0.10.20/api/
+
+Shasums:
+```
+6f827b5bb1184160a58e0aac711791b610c30afd  node-v0.10.20-darwin-x64.tar.gz
+89869942f09351a5256f9ff68c3e1c363f108e7a  node-v0.10.20-darwin-x86.tar.gz
+b7c0a79acddfaeda8af221acdd18640ef5c62e8a  node-v0.10.20-linux-x64.tar.gz
+709cd1a646447036abe3f57ea6e33bb1d411c229  node-v0.10.20-linux-x86.tar.gz
+dbe318556bc7a4d7ea47947600edcdb375a92d8e  node-v0.10.20-sunos-x64.tar.gz
+b003527f645bfc8c65d890854e20c92edc1feb86  node-v0.10.20-sunos-x86.tar.gz
+34015dac5e517492fec6584cacd2d9864056107e  node-v0.10.20-x86.msi
+a0408be15afd0b5d34b8762edab6420339a8c4ff  node-v0.10.20.pkg
+d8777ac318627c1413f01358ea5c455f0f86e4b5  node-v0.10.20.tar.gz
+5f61f783345dc3663b03322d6387800d96560cd5  node.exe
+bb81cb60eae4c6be9238aa05b5245f29609b6f96  node.exp
+e06eab29b27de1908aa2cf624d438e15ee126640  node.lib
+2495f7a88f0085df5206c0d0cb44131cf9715156  node.pdb
+6036d6b1f2cf34a5055ed59b6519cb09cc6f86ff  pkgsrc/nodejs-ia32-0.10.20.tgz
+9b743d9a5d80758e8cd9d436e165c9569fa9d0fd  pkgsrc/nodejs-x64-0.10.20.tgz
+1b574ef4fe2ad61ce398415599f8f376b576e65d  x64/node-v0.10.20-x64.msi
+7137043329a25c36ad24d11d8e4ce6e5ff8a72b2  x64/node.exe
+624c5bdb06ddd726457fa7b04197069ba021016b  x64/node.exp
+f61da5166124895495bd72520d6b6f730acc1cbc  x64/node.lib
+efa36de57eda469254fab252f24ef67c17f96f00  x64/node.pdb
+```
diff --git a/doc/blog/release/v0.10.21.md b/doc/blog/release/v0.10.21.md
new file mode 100644
index 0000000000..36bc2945bc
--- /dev/null
+++ b/doc/blog/release/v0.10.21.md
@@ -0,0 +1,71 @@
+date: Fri Oct 18 15:39:23 PDT 2013
+version: 0.10.21
+category: release
+title: Node v0.10.21 (Stable)
+slug: node-v0-10-21-stable
+
+This release contains a security fix for the http server implementation, please
+upgrade as soon as possible. Details will be released soon.
+
+2013.10.18, Version 0.10.21 (Stable)
+
+* uv: Upgrade to v0.10.18
+
+* crypto: clear errors from verify failure (Timothy J Fontaine)
+
+* dtrace: interpret two byte strings (Dave Pacheco)
+
+* fs: fix fs.truncate() file content zeroing bug (Ben Noordhuis)
+
+* http: provide backpressure for pipeline flood (isaacs)
+
+* tls: fix premature connection termination (Ben Noordhuis)
+
+
+Source Code: http://nodejs.org/dist/v0.10.21/node-v0.10.21.tar.gz
+
+Macintosh Installer (Universal): http://nodejs.org/dist/v0.10.21/node-v0.10.21.pkg
+
+Windows Installer: http://nodejs.org/dist/v0.10.21/node-v0.10.21-x86.msi
+
+Windows x64 Installer: http://nodejs.org/dist/v0.10.21/x64/node-v0.10.21-x64.msi
+
+Windows x64 Files: http://nodejs.org/dist/v0.10.21/x64/
+
+Linux 32-bit Binary: http://nodejs.org/dist/v0.10.21/node-v0.10.21-linux-x86.tar.gz
+
+Linux 64-bit Binary: http://nodejs.org/dist/v0.10.21/node-v0.10.21-linux-x64.tar.gz
+
+Solaris 32-bit Binary: http://nodejs.org/dist/v0.10.21/node-v0.10.21-sunos-x86.tar.gz
+
+Solaris 64-bit Binary: http://nodejs.org/dist/v0.10.21/node-v0.10.21-sunos-x64.tar.gz
+
+Other release files: http://nodejs.org/dist/v0.10.21/
+
+Website: http://nodejs.org/docs/v0.10.21/
+
+Documentation: http://nodejs.org/docs/v0.10.21/api/
+
+Shasums:
+```
+fb1318fb7721aa292310599e7c6696edebcfd70d  node-v0.10.21-darwin-x64.tar.gz
+486235cc54d269d1961dfb150b1479ec14e83541  node-v0.10.21-darwin-x86.tar.gz
+7528d2fa240a5dd88d37e4847cebec50ef40c8eb  node-v0.10.21-linux-x64.tar.gz
+b372abf9d9c53bfe675e2c3f71dcfdece44edddd  node-v0.10.21-linux-x86.tar.gz
+cb873cdff3f30aa198b52c8be3588745d2ee3933  node-v0.10.21-sunos-x64.tar.gz
+020d202d7066b68f160d0ceebe8cc8306de25956  node-v0.10.21-sunos-x86.tar.gz
+037ea0e3be3512da2bc94aa765fa89d61da3e275  node-v0.10.21-x86.msi
+de2bd0e858f99098ef24f99f972b8088c1f0405c  node-v0.10.21.pkg
+b7fd2a3660635af40e3719ca0db49280d10359b2  node-v0.10.21.tar.gz
+a0e3988170beee1273a2fb6d650bf17db8495c67  node.exe
+99332a03aeba8a22254d671665b9b2161a64bd84  node.exp
+263dafeec907bd1f28ceb8272b9caaadceacb4d6  node.lib
+76d578bf352772dc4db9ebb95fb61cf18e34c80d  node.pdb
+b6d11b67ce7aaff5c7a456a4c85c80849a3d576e  pkgsrc/nodejs-ia32-0.10.21.tgz
+b116825d1d2cbcfd567f730b1c2452424508b062  pkgsrc/nodejs-x64-0.10.21.tgz
+29632c5a21a4ebf89703e417852306a676f6ede8  x64/node-v0.10.21-x64.msi
+033b0a2b57e031a9e47f0b28eb4dc50a5389b592  x64/node.exe
+f62b53229d77eaddf1f3a7909ef6533eea0e2295  x64/node.exp
+8d5cfe83c3bc78ddcf79de9d065d1b4f2af9347e  x64/node.lib
+6844e78e9ba80bfa48f6c150544e3e73d83dd316  x64/node.pdb
+```
diff --git a/doc/blog/release/v0.8.26.md b/doc/blog/release/v0.8.26.md
new file mode 100644
index 0000000000..45e227a9b9
--- /dev/null
+++ b/doc/blog/release/v0.8.26.md
@@ -0,0 +1,71 @@
+date: Fri Oct 18 14:52:30 PDT 2013
+version: 0.8.26
+category: release
+title: Node v0.8.26 (Maintenance)
+slug: node-v0-8-26-maintenance
+
+This release contains a security fix for the http server implementation, please
+upgrade as soon as possible. Details will be released soon.
+
+2013.10.13, Version 0.8.26 (maintenance)
+
+* v8: Upgrade to 3.11.10.26
+
+* crypto: clear openssl error stack when handled (Ben Noordhuis)
+
+* crypto: clear errors from verify failure (Timothy J Fontaine)
+
+* crypto: fix memory leak in LoadPKCS12 (Fedor Indutny)
+
+* http: provide backpressure for pipeline flood (isaacs)
+
+* http_parser: expose pause/resume method for parser (Timothy J Fontaine)
+
+* readline: pause stdin before turning off terminal raw mode (Daniel Chatfield)
+
+
+Source Code: http://nodejs.org/dist/v0.8.26/node-v0.8.26.tar.gz
+
+Macintosh Installer (Universal): http://nodejs.org/dist/v0.8.26/node-v0.8.26.pkg
+
+Windows Installer: http://nodejs.org/dist/v0.8.26/node-v0.8.26-x86.msi
+
+Windows x64 Installer: http://nodejs.org/dist/v0.8.26/x64/node-v0.8.26-x64.msi
+
+Windows x64 Files: http://nodejs.org/dist/v0.8.26/x64/
+
+Linux 32-bit Binary: http://nodejs.org/dist/v0.8.26/node-v0.8.26-linux-x86.tar.gz
+
+Linux 64-bit Binary: http://nodejs.org/dist/v0.8.26/node-v0.8.26-linux-x64.tar.gz
+
+Solaris 32-bit Binary: http://nodejs.org/dist/v0.8.26/node-v0.8.26-sunos-x86.tar.gz
+
+Solaris 64-bit Binary: http://nodejs.org/dist/v0.8.26/node-v0.8.26-sunos-x64.tar.gz
+
+Other release files: http://nodejs.org/dist/v0.8.26/
+
+Website: http://nodejs.org/docs/v0.8.26/
+
+Documentation: http://nodejs.org/docs/v0.8.26/api/
+
+Shasums:
+```
+b9fa5fca6282a01d491ab585b6a6a64f23ea4da2  node-v0.8.26-darwin-x64.tar.gz
+ba760b282f38f62ad333c2ecc69d3b296f87cf4a  node-v0.8.26-darwin-x86.tar.gz
+c96470908234656c6060cbe0dab4502f90ca7cd1  node-v0.8.26-linux-x64.tar.gz
+3b5c776ae8632df2a4c67b89bdd37d843135be90  node-v0.8.26-linux-x86.tar.gz
+6b9b6bb2676b37ff63f240931f68aa22e9187e99  node-v0.8.26-sunos-x64.tar.gz
+cb3f975293f9561fdda0b46571aee570576e0406  node-v0.8.26-sunos-x86.tar.gz
+668bbc8240497675bb4ed3b61c6f7fb79772b264  node-v0.8.26-x86.msi
+e51a33c28e2c75b0e40826100e5f6b84d5cf8d98  node-v0.8.26.pkg
+2ec960bcc8cd38da271f83c1b2007c12da5153b3  node-v0.8.26.tar.gz
+860ec0bcb6e89fcee3e45e56e469dd28cfcf400c  node.exe
+ad0e366a82e8570768f5c92d97eebd8fd4a54f8f  node.exp
+559a7b4e3c49b1071d1cd1374cf4bc4bae2aa558  node.lib
+687eeb71782ac36f26aaba60e07bd92f47bfcf36  node.pdb
+b10e28a100ab40169759bd431ccc855de1763fa8  x64/node-v0.8.26-x64.msi
+19b5210e212b3b5473c251786c3d22b8cb919f5f  x64/node.exe
+6129121aad9d48ffa19a712f59e6acb9bff14eb1  x64/node.exp
+4eb1822b10ec3b7a17deff1126725c30c5ef65b1  x64/node.lib
+7f39e38b62ad44c774ae381a661726494b2f066e  x64/node.pdb
+```
diff --git a/doc/blog/vulnerability/http-server-pipeline-flood-dos.md b/doc/blog/vulnerability/http-server-pipeline-flood-dos.md
new file mode 100644
index 0000000000..e4a607d7a9
--- /dev/null
+++ b/doc/blog/vulnerability/http-server-pipeline-flood-dos.md
@@ -0,0 +1,37 @@
+title: DoS Vulnerability (fixed in Node v0.8.26 and v0.10.21)
+date: Tue Oct 22 10:42:10 PDT 2013
+slug: cve-2013-4450-http-server-pipeline-flood-dos
+category: vulnerability
+
+Node.js is vulnerable to a denial of service attack when a client
+sends many pipelined HTTP requests on a single connection, and the
+client does not read the responses from the connection.
+
+We recommend that anyone using Node.js v0.8 or v0.10 to run HTTP
+servers in production please update as soon as possible.
+
+* v0.10.21 <http://blog.nodejs.org/2013/10/18/node-v0-10-21-stable/>
+* v0.8.26 <http://blog.nodejs.org/2013/10/18/node-v0-8-26-maintenance/>
+
+This is fixed in Node.js by pausing both the socket and the HTTP
+parser whenever the downstream writable side of the socket is awaiting
+a drain event.  In the attack scenario, the socket will eventually
+time out, and be destroyed by the server.  If the "attacker" is not
+malicious, but merely sends a lot of requests and reacts to them
+slowly, then the throughput on that connection will be reduced to what
+the client can handle.
+
+There is no change to program semantics, and except in the
+pathological cases described, no changes to behavior.
+
+If upgrading is not possible, then putting an HTTP proxy in front of
+the Node.js server can mitigate the vulnerability, but only if the
+proxy parses HTTP and is not itself vulnerable to a pipeline flood
+DoS.
+
+For example, nginx will prevent the attack (since it closes
+connections after 100 pipelined requests by default), but HAProxy in
+raw TCP mode will not (since it proxies the TCP connection without
+regard for HTTP semantics).
+
+This addresses CVE-2013-4450.
diff --git a/doc/community/index.html b/doc/community/index.html
index 823b77fa33..ee059ccbc6 100644
--- a/doc/community/index.html
+++ b/doc/community/index.html
@@ -186,6 +186,8 @@
               Node.js blog &amp; developers listing<br>
               <a href="http://nodejs.geek.nz/">nodejs.geek.nz</a>
               Node.js site for Kiwis<br>
+              <a href="http://nodejs.rs/">nodejs.rs</a>
+              Serbian Node.js community website
             </p>
           </div>
         </div>