Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release proposal: v11.1.0 #23922

Merged
merged 84 commits into from
Nov 2, 2018
Merged
Changes from 1 commit
Commits
Show all changes
84 commits
Select commit Hold shift + click to select a range
fa1373f
test: fix assertion arguments order
Aiden01 Oct 20, 2018
86cf014
repl: migrate from process.binding('config') to getOptions()
Oct 16, 2018
4112a10
crypto: strip unwanted space from openssl version
sam-github Oct 15, 2018
a666d3e
test: fix strictEqual() arguments order
fraxken Oct 19, 2018
ddd9ccf
test: fix strictEqual() argument order
RomainLanz Oct 19, 2018
3b66a8d
deps: fix wrong default for v8 handle zapping
refack Oct 21, 2018
dfecf85
test: fix test-require-symlink on Windows
bzoz Oct 16, 2018
b07cb48
zlib: do not leak on destroy
mafintosh Oct 18, 2018
22cd537
lib: trigger uncaught exception handler for microtasks
devsnek Oct 21, 2018
83b776c
doc: document that addMembership must be called once in a cluster
jasnell Oct 19, 2018
f4c4b2b
doc: document ACL limitation for fs.access on Windows
jasnell Oct 19, 2018
84fdb1c
doc: add note about removeListener order
jasnell Oct 19, 2018
c30de85
doc: move @phillipj to emeriti
phillipj Oct 20, 2018
ab58439
deps: icu: apply workaround patch
srl295 Aug 7, 2018
df05ddf
src: refactor deprecated v8::Function::Call call
RomainLanz Oct 21, 2018
db113a2
doc: document and warn if the ICU version is too old
srl295 Jun 8, 2018
30be5cb
src: memory management using smart pointer
uttampawar Oct 12, 2018
a6fe2ca
src: simplify `TimerFunctionCall()` in `node_perf.cc`
addaleax Oct 20, 2018
1521d89
test: fix invalid modulesLength for DSA keygen
AdamMajer Oct 18, 2018
141aec9
crypto: add SET_INTEGER_CONSANT macro
danbev Oct 16, 2018
83ddd3e
test: fix flaky test
cjihrig Oct 21, 2018
dd5afbe
doc: add review suggestions to require()
ErickWendel Oct 12, 2018
09f25af
tls: throw if protocol too long
Oct 12, 2018
1cda41b
lib: migrate from process.binding('config') to getOptions()
burgerboydaddy Oct 12, 2018
48ed81f
src: improve StreamBase read throughput
addaleax Oct 21, 2018
9fbe91a
src: refactor deprecated v8::String::NewFromTwoByte call
RomainLanz Oct 21, 2018
ee8fa52
test: fix strictEqual() arguments order
Oct 20, 2018
1baba9b
doc: NODE_EXTRA_CA_CERTS is ignored if setuid root
bnoordhuis Oct 19, 2018
086ee5e
test: increase coverage of internal/stream/end-of-stream
lrdcasimir Oct 19, 2018
d808d27
doc: use Cookie in request.setHeader() examples
lpinca Oct 17, 2018
0ba49fe
doc: remove problematic example from README
Trott Oct 22, 2018
35c3c4b
build: allow for overwriting of use_openssl_def
codebytere Oct 19, 2018
aaddf97
stream: async iteration should work with destroyed stream
mcollina Oct 20, 2018
a80452a
test: add test-benchmark-napi
forivall Oct 12, 2018
1bdbf87
src: reduce duplication in tcp_wrap Connect
danbev Oct 19, 2018
c20eb4f
tools, icu: actually failover if there are multiple URLs
srl295 Oct 17, 2018
e5b51cc
deps: icu 63.1 bump (CLDR 34)
srl295 Oct 17, 2018
97496f0
n-api: make per-`Context`-ness of `napi_env` explicit
addaleax Oct 16, 2018
1851cf4
doc, test: document and test vm timeout escapes
jasnell Oct 18, 2018
0f00ac9
test: mark test-vm-timeout-* known issue tests flaky
jasnell Oct 24, 2018
b8f3bb1
build: add lint-py which uses flake8
Jul 24, 2018
5c35d0d
build,meta: switch to gcc-4.9 on travis
refack Oct 20, 2018
49b32af
doc: document nullptr comparisons in style guide
addaleax Oct 21, 2018
e241398
doc: simplify path.basename() on POSIX and Windows
ZYSzys Oct 25, 2018
167e99b
timers: fix priority queue removeAt fn
apapirovski Oct 25, 2018
572ea60
test: verify `performance.timerify()` works w/ non-Node Contexts
addaleax Oct 20, 2018
787e13b
build: expose more openssl categories for addons
JCMais Oct 9, 2018
9011db4
deps: move more deprecations to V8_DEPRECATED
addaleax Oct 10, 2018
ce106df
src: use maybe version v8::Function::Call
oyyd Oct 23, 2018
1c5ffb3
lib: add escapeCodeTimeout as an option to createInterface
raoofha Apr 3, 2018
22caa26
test: fix strictEqual() argument order
lveteau Oct 23, 2018
fef17b7
src: avoid extra `Persistent` in `DefaultTriggerAsyncIdScope`
addaleax Oct 24, 2018
0312d8b
deps: fix shim for `v8::Value::IntegerValue()`
addaleax Oct 26, 2018
b4b101f
fs: default open/openSync flags argument to 'r'
bnoordhuis Oct 23, 2018
748dbf9
doc: simplify valid security issue descriptions
Trott Oct 25, 2018
2cc4f5c
deps: patch V8 to 7.0.276.32
targos Oct 24, 2018
5ce3b6d
stream: ended streams should resolve the async iteration
mcollina Oct 26, 2018
7bbc072
stream: do not error async iterators on destroy(null)
mcollina Oct 26, 2018
dcaf723
src: minor refactor to node_errors.h
addaleax Oct 25, 2018
02f13ab
repl: support top-level for-await-of
codebytere Oct 24, 2018
2c2e2b5
benchmark: fix bench-mkdirp to use recursive option
ajafff Oct 16, 2018
22bbece
test: fix regression when compiled with FIPS
AdamMajer Oct 25, 2018
4a79b25
src: improve StreamBase write throughput
addaleax Oct 23, 2018
64c205d
doc: make example more clarified in cluster.md
ZYSzys Oct 28, 2018
f01a806
doc: add optional callback to socket.end()
Ajido Oct 28, 2018
45a20a8
tools: update ESLint to 5.8.0
cjihrig Oct 26, 2018
ed10a91
test: add test-benchmark-http2
Trott Oct 25, 2018
6768751
doc: add note about ABI compatibility
MylesBorins Aug 10, 2018
8b5339d
doc: rename README section for Release Keys
Trott Oct 27, 2018
99fffff
doc: remove notice of dashes in V8 options
lundibundi Oct 26, 2018
82ee6c3
doc: remove mailing list
Trott Oct 28, 2018
24c6a02
doc: add documentation for http.IncomingMessage$complete
jasnell Oct 26, 2018
147e5d5
doc: document HPE_HEADER_OVERFLOW error
sam-github Oct 29, 2018
ee299c7
doc: remove "idiomatic choice" from queueMicrotask
rvagg Oct 25, 2018
ee6b039
doc: sort markdown refs in errors
sam-github Oct 29, 2018
cc65fee
doc: fix typographical issues
denismcdonald Oct 30, 2018
3e512f1
os: fix memory leak in `userInfo()`
addaleax Oct 26, 2018
539e123
doc: moved test instructions to BUILDING.md
trivikr Oct 29, 2018
da494ef
doc: clarify fd behaviour with {read,write}File
thefourtheye Oct 17, 2018
871e327
test: fixed error message in test-buffer-read
arvind3157 Oct 29, 2018
ec009f6
doc: revise BUILDING.md
Trott Oct 30, 2018
33053ec
doc: use Node.js instead of Node
Trott Oct 30, 2018
26510fb
doc: add branding to style guide
Trott Oct 30, 2018
af6d262
2018-11-02, Version 11.1.0 (Current)
targos Oct 27, 2018
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
doc: remove problematic example from README
Remove Buffer constructor example from security reporting examples. Even
though the example text focuses on API compatibility, the pull request
cited is about zero-filling vs. not zero-filling, which is not an API
compatibility change (or at least is not unambiguously one). The fact
that it's a pull request is also problematic, since it's not reporting a
security issue but instead proposing a way to address one that has
already been reported publicly. Finally, the text focuses on the fact
that it was not deemed worth of backporting, but that was determined by
a vote by a divided CTC. It is unreasonable to ask someone reporting an
issue to make a determination that the CTC/TSC is divided on.

In short, it's not a good example for the list it is in. Remove it.

Refs: #23759 (comment)

PR-URL: #23817
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
  • Loading branch information
Trott authored and targos committed Oct 24, 2018
commit 0ba49fec120fdd3aa7acb8eee66a96e8cbd3295b
6 changes: 0 additions & 6 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -179,12 +179,6 @@ nonetheless.
arbitrary JavaScript code. That is already the highest level of privilege
possible.

- [#12141](https://github.com/nodejs/node/pull/12141): _buffer: zero fill
Buffer(num) by default_. The documented `Buffer()` behavior was prone to
[misuse](https://snyk.io/blog/exploiting-buffer/). It has since changed. It
was not deemed serious enough to fix in older releases and breaking API
stability.

### Private disclosure preferred

- [CVE-2016-7099](https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/):
Expand Down