内容简介:Node.js 8.11.3 和 10.4.1 发布了,更新内容如下: 8.11.3 Notable Changes buffer (CVE-2018-7167): Fixes Denial of Service vulnerability where calling Buffer.fill() could hang http2 (CVE-2018-7161): ...
Node.js 8.11.3 和 10.4.1 发布了,更新内容如下:
8.11.3
Notable Changes
buffer (CVE-2018-7167): Fixes Denial of Service vulnerability where calling Buffer.fill() could hang
http2
(CVE-2018-7161): Fixes Denial of Service vulnerability by updating the http2 implementation to not crash under certain circumstances during cleanup
(CVE-2018-1000168): Fixes Denial of Service vulnerability by upgrading nghttp2 to 1.32.0
Commits
[
e1ff7c3cbc] - deps: update to nghttp2 1.32.0 (James M Snell) nodejs-private/node-private#125[
c5a2748d8f] - doc: buffer.fill() can zero-fill on invalid input (Сковорода Никита Андреевич) nodejs-private/node-private#119[
354f2d97ff] - http2: fixup http2stream cleanup and other nits (James M Snell) nodejs-private/node-private#123[
25c5111ca4] - src: avoid hanging on Buffer#fill 0-length input (Сковорода Никита Андреевич) nodejs-private/node-private#119[
10c5adf19b] - test: addRealloc()shrink after reading stream data test (Anna Henningsen) nodejs-private/node-private#132[
bc91220ca2] - test: add tls write error regression test (Shigeki Ohtsu) nodejs-private/node-private#131[
acd11b01c4] - test: add regression test for nghttp2 CVE-2018-1000168 (James M Snell) nodejs-private/node-private#125
下载地址:
10.4.1
Notable Changes
Fixes memory exhaustion DoS (CVE-2018-7164): Fixes a bug introduced in 9.7.0 that increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream.
http2
(CVE-2018-7161): Fixes Denial of Service vulnerability by updating the http2 implementation to not crash under certain circumstances during cleanup
(CVE-2018-1000168): Fixes Denial of Service vulnerability by upgrading nghttp2 to 1.32.0
tls (CVE-2018-7162): Fixes Denial of Service vulnerability by updating the TLS implementation to not crash upon receiving
n-api: Prevent use-after-free in napi_delete_async_work
Commits
[
1bbfe9a72b] - build: fix configure script for double-digits (Misty De Meo) #21183[
4c90ee8fc6] - deps: update to nghttp2 1.32.0 (James M Snell) nodejs-private/node-private#117[
e5c2f575b1] - deps: patch V8 to 6.7.288.45 (Michaël Zasso) #21192[
03ded94ffe] - deps: patch V8 to 6.7.288.44 (Michaël Zasso) #21146[
4de7e0c96c] - deps,npm: float node-gyp patch on npm (Rich Trott) #21239[
92d7b6c9a0] - fs: fix promises reads with pos > 4GB (cjihrig) #21148[
8681402228] - http2: fixup http2stream cleanup and other nits (James M Snell) nodejs-private/node-private#115[
53f8563353] - n-api: back up env before async work finalize (Gabriel Schulhof) #21129[
9ba8ed1371] - src: re-addRealloc()shrink after reading stream data (Anna Henningsen) nodejs-private/node-private#128[
8e979482fa] - Revert "src: restore stdio on program exit" (Evan Lucas) #21257[
cb5ec64956] - src: reset TTY mode before cleaning up resources (Anna Henningsen) #21257[
ae5567eaea] - test: add regression test for nghttp2 CVE-2018-1000168 (James M Snell) nodejs-private/node-private#117[
e87bf625dd] - test: add tls write error regression test (Shigeki Ohtsu) nodejs-private/node-private#127[
eea2bce58d] - tls: fix SSL write error handling (Anna Henningsen) nodejs-private/node-private#127[
1e49eadd68] - tools,gyp: fix regex for version matching (Rich Trott) #21216
下载地址:
【声明】文章转载自:开源中国社区 [http://www.oschina.net]
以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 码农网
猜你喜欢:
- TypeScript 3.4.5 发布,修复节点运行问题
- Dapr 1.0 发布,分布式应用运行时
- Node.js 8.1.2 发布,JavaScript 运行时
- GoPlus 0.6.40 发布,支持线上运行模式
- RDoc 1.3.3 发布,兼容 Windows 系统下运行
- RubyMine 2018.2.3 发布,新增显示运行脚本的功能
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
国际大学生程序设计竞赛例题解
郭嵩山 / 电子工业出版社 / 2006-5 / 32.0
《国际大学生程序设计竞赛例题解1:数论、计算几何、搜索算法专集》可以作为高等院校有关专业的研究生和本科学生参加国际大学生程序设计竞赛的辅导教材,也可作为高等院校有关专业相关课程的教材和教学参考书,也比较适合作为中学青少年信息学奥林匹克竞赛省级及省级以上优秀选手备战信息学奥林匹克竞赛的培训教材及训练题集。一起来看看 《国际大学生程序设计竞赛例题解》 这本书的介绍吧!
