Linuxeden 开源社区 --
Node.js 4.8.4,6.11.1,7.10.1 和 8.1.4 多版本发布,Node.js 是一个基于 Chrome V8 引擎的 JavaScript 运行环境,它使用了一个事件驱动、非阻塞式 I/O 的模型,使其轻量又高效。
部分更新内容:
v8.1.4
- build:
- Disable V8 snapshots – The hashseed embedded in the snapshot is currently the same for all runs of the binary. This opens node up to collision attacks which could result in a Denial of Service. We have temporarily disabled snapshots until a more robust solution is found (Ali Ijaz Sheikh)
- deps:
- CVE-2017-1000381 – The c-ares function ares_parse_naptr_reply(), which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. This patch checks that there is enough data for the required elements of an NAPTR record (2 int16, 3 bytes for string lengths) before processing a record. (David Drysdale)
完整更新内容请前往 发行说明 查看。
下载地址:
转自 http://ift.tt/2vakEl9
The post Node.js 4.8.4, 6.11.1 和 7.10.1 等多版本发布 appeared first on Linuxeden开源社区.
http://ift.tt/2ubGcR3
没有评论:
发表评论