Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

doc: clarify v4.2.3 notable items #4155

Closed
wants to merge 1 commit into from
Closed

doc: clarify v4.2.3 notable items #4155

wants to merge 1 commit into from

Conversation

rvagg
Copy link
Member

@rvagg rvagg commented Dec 4, 2015

  • Include reference to CVE-2015-8027
  • Fix "socket may no longer have a socket" reference
  • Expand on non-existent parser causing the error
  • Soften language for CVE-2015-3193 as impact may not be as great as
    expected
  • Clarify that CVE-2015-3194 affects TLS servers using client
    certificate authentication
  • Include reference to CVE-2015-6764
  • Remove links to nodejs/node-private in commits list

@rvagg
doc: clarify v4.2.3 notable items
74789c8 
* Include reference to CVE-2015-8027
* Fix "socket may no longer have a socket" reference
* Expand on non-existent parser causing the error
* Soften language for CVE-2015-3193 as impact may not be as great as
  expected
* Clarify that CVE-2015-3194 affects TLS servers using _client
  certificate authentication_
* Include reference to CVE-2015-6764
* Remove links to nodejs/node-private in commits list
@rvagg rvagg mentioned this pull request Dec 4, 2015
Closed
@JungMinu JungMinu added the doc Issues and PRs related to the documentations. label Dec 4, 2015
JungMinu
JungMinu reviewed Dec 4, 2015
View reviewed changes
CHANGELOG.md
@@ -6,12 +6,12 @@ Security Update

### Notable changes

* **http**: Fix a bug where an HTTP socket may no longer have a socket but a pipelined request triggers a pause or resume, a potential denial-of-service vector. (Fedor Indutny)
* **http**: Fix CVE-2015-8027, a bug whereby an HTTP socket may no longer have a parser associated with it but a pipelined request attempts trigger a pause or resume on the non-existent parser, a potential denial-of-service vulnerability. (Fedor Indutny)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I speculate that attempts trigger -> attempts to trigger
(sorry If I'm wrong)

@cjihrig
Copy link
Contributor

cjihrig commented Dec 4, 2015

LGTM with the same comment.

@jasnell
Copy link
Member

jasnell commented Dec 4, 2015

LGTM

rvagg added a commit that referenced this pull request Dec 5, 2015
@rvagg
doc: clarify v4.2.3 notable items
b7a22d4 
* Include reference to CVE-2015-8027
* Fix "socket may no longer have a socket" reference
* Expand on non-existent parser causing the error
* Soften language for CVE-2015-3193 as impact may not be as great as
  expected
* Clarify that CVE-2015-3194 affects TLS servers using _client
  certificate authentication_
* Include reference to CVE-2015-6764
* Remove links to nodejs/node-private in commits list

PR-URL: #4155
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: James M Snell <[email protected]>
@rvagg rvagg closed this Dec 5, 2015
@rvagg rvagg deleted the v4.2.3-release-notes-update branch December 5, 2015 04:28
@rvagg
Copy link
Member Author

rvagg commented Dec 5, 2015

thanks, fixed and landed @ b7a22d4

@jasnell jasnell mentioned this pull request Dec 17, 2015
Closed
rvagg added a commit that referenced this pull request Dec 17, 2015
@rvagg @jasnell
doc: clarify v4.2.3 notable items
da8d012 
* Include reference to CVE-2015-8027
* Fix "socket may no longer have a socket" reference
* Expand on non-existent parser causing the error
* Soften language for CVE-2015-3193 as impact may not be as great as
  expected
* Clarify that CVE-2015-3194 affects TLS servers using _client
  certificate authentication_
* Include reference to CVE-2015-6764
* Remove links to nodejs/node-private in commits list

PR-URL: #4155
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: James M Snell <[email protected]>
rvagg added a commit that referenced this pull request Dec 23, 2015
@rvagg @jasnell
doc: clarify v4.2.3 notable items
a8998ea 
* Include reference to CVE-2015-8027
* Fix "socket may no longer have a socket" reference
* Expand on non-existent parser causing the error
* Soften language for CVE-2015-3193 as impact may not be as great as
  expected
* Clarify that CVE-2015-3194 affects TLS servers using _client
  certificate authentication_
* Include reference to CVE-2015-6764
* Remove links to nodejs/node-private in commits list

PR-URL: #4155
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
doc Issues and PRs related to the documentations.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@rvagg @cjihrig @jasnell @JungMinu @MylesBorins