Skip to content

Commit

Permalink
2016-02-09, Version 5.6.0 (Stable)
Browse files Browse the repository at this point in the history
This is an important security release. All Node.js users should
consult the security release summary at nodejs.org for details on
patched vulnerabilities.

Notable changes

* http: fix defects in HTTP header parsing for requests and responses
  that can allow request smuggling (CVE-2016-2086) or response
  splitting (CVE-2016-2216). HTTP header parsing now aligns more
  closely with the HTTP spec including restricting the acceptable
  characters.
* http-parser: upgrade from 2.6.0 to 2.6.1
* npm: upgrade npm from 3.3.12 to 3.6.0
  (Rebecca Turner) #4958
* openssl: upgrade from 1.0.2e to 1.0.2f. To mitigate against the
  Logjam attack, TLS clients now reject Diffie-Hellman handshakes with
  parameters shorter than 1024-bits, up from the previous limit of
  768-bits.
  • Loading branch information
jasnell committed Feb 9, 2016
1 parent 7daded4 commit 1a68f85
Showing 1 changed file with 157 additions and 1 deletion.
Loading

0 comments on commit 1a68f85

Please sign in to comment.