Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#11732 closed enhancement (fixed)

node.js-10.15.2

Reported by: Bruce Dubbs Owned by: Bruce Dubbs
Priority: normal Milestone: 9.0
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (4)

comment:1 by Bruce Dubbs, 5 years ago

Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:2 by Bruce Dubbs, 5 years ago

2019-02-28, Version 10.15.2 This is a security release. All Node.js users should consult the security release summary at:

https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/

for details on patched vulnerabilities.

A fix for the following CVE is included in this release:

Node.js: Slowloris HTTP Denial of Service with keep-alive (CVE-2019-5737)

Notable Changes

http: Further prevention of "Slowloris" attacks on HTTP and HTTPS connections by consistently applying the receive timeout set by server.headersTimeout to connections in keep-alive mode.

comment:3 by Bruce Dubbs, 5 years ago

Resolution: fixed
Status: assignedclosed

Fixed at revision 21279.

comment:4 by Bruce Dubbs, 5 years ago

Milestone: 8.59.0

Milestone renamed

Note: See TracTickets for help on using tickets.