Critical Node.js Security Updates: What You Need to Upgrade This Week
Next Wednesday the Node.js team will release security updates for several versions, fixing critical TLS certificate handling flaws and other vulnerabilities, while announcing the end of maintenance for the v0.10.x line and urging users to upgrade to newer releases.
Node.js project team will release a series of security updates for several Node.js versions next Wednesday. The new versions are:
Node.js v6.7.0 (current version)
Node.js v4.6.0 (TLS code‑named Argon)
Node.js v0.12.16 (maintenance only)
Node.js v0.10.47 (maintenance only)
These security updates include a range of OpenSSL vulnerability fixes as well as Node.js‑specific fixes, such as:
Critical: defect in handling TLS certificates affecting all Node.js versions
Low: native code injection on Windows affecting all Node.js versions
Low: an HTTP authentication error affecting all Node.js versions
Node.js v0.10.x series will be completely end‑of‑life in October, making next week’s update the final release for the v0.10.x line. If you are still running this version in production, you should upgrade promptly to v4 or v6.
For more details about these security updates, click “Read the original article”.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Node Underground
No language is immortal—Node.js isn’t either—but thoughtful reflection is priceless. This underground community for Node.js enthusiasts was started by Taobao’s Front‑End Team (FED) to share our original insights and viewpoints from working with Node.js. Follow us. BTW, we’re hiring.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.