Node 8.8.0、6.11.5 和 4.8.5 发布

Node 同时更新了 3 个版本。

Node v8.8.0 (Current) 主要更新包括:

  • crypto:
  • expose ECDH class #8188
  • http2:
  • http2 is now exposed by defualt without the need for a flag #15685
  • a new environment varible NODE_NO_HTTP2 has been added to allow userland http2 to be required #15685
  • support has been added for generic Duplex streams #16269
  • module:
  • resolve and instantiate loader pipeline hooks have been added to the ESM lifecycle #15445
  • zlib:
  • CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an error to be raised when a raw deflate stream is initialized with windowBits set to 8. On some versions this crashes Node and you cannot recover from it, while on some versions it throws an exception. Node.js will now gracefully set windowBits to 9 replicating the legacy behavior to avoid a DOS vector. nodejs-private/node-private#95

Node v6.11.5 (LTS)Node v4.8.5 (Maintenance) 主要更新包括:

zlib:

  • CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an error to be raised when a raw deflate stream is initialized with windowBits set to 8. On some versions this crashes Node and you cannot recover from it, while on some versions it throws an exception. Node.js will now gracefully set windowBits to 9 replicating the legacy behavior to avoid a DOS vector. nodejs-private/node-private#95

下载地址:

https://nodejs.org/en/download/

更新于  

微信扫二维码与我们沟通

我们在微信上24小时期待你的声音
解答本文疑问/技术咨询/项目建议/互联网交流
猿科技(iape.ltd),版权所有,转载请注明出处。