Node v0.8.17 released - fixes security vulnerability - we're urged to upgrade ASAP

; Date: Wed Jan 09 2013

Tags: Node.JS »»»»

Isaac Schlueter just posted this warning .. 

This release addresses a potential security vulnerability.

If you do not use TypedArrays, then you're fine (but should still upgrade for other reasons, like better performance and npm peerDependencies.)

If you use TypedArrays, you should upgrade to v0.8.17 as soon as possible. If user input can affect the size parameter in a TypedArray, an integer overflow vulnerability could allow an attacker to write to areas of memory outside the intended buffer. Please upgrade ASAP.

2012.01.09, Version 0.8.17 (Stable)

  • npm: Upgrade to v1.2.0
    • peerDependencies (Domenic Denicola)
    • node-gyp v0.8.2 (Nathan Rajlich)
    • Faster installs from github user/project shorthands (Nathan Zadoks)
  • typed arrays: fix 32 bit size/index overflow (Ben Noordhuis)
  • http: Improve performance of single-packet responses (Ben Noordhuis)
  • install: fix openbsd man page location (Ben Noordhuis)
  • http: bubble up parser errors to ClientRequest (Brian White)

About the Author(s)

(davidherron.com) David Herron : David Herron is a writer and software engineer focusing on the wise use of technology. He is especially interested in clean energy technologies like solar power, wind power, and electric cars. David worked for nearly 30 years in Silicon Valley on software ranging from electronic mail systems, to video streaming, to the Java programming language, and has published several books on Node.js programming and electric vehicles.
Uploading/mirroring files to remote server in Node.js without using rsync Implementing rsync or sftp in Node.js to synchronize files?

Books by David Herron

(Sponsored)