-
Notifications
You must be signed in to change notification settings - Fork 29.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Release proposal: v0.12.13 #5967
Conversation
Invoke MSBuild specifying the target platform as generated by Gyp. Reviewed-By: James M Snell <[email protected]> PR-URL: #5627
backport fix for test-http-get-pipeline-problem.js from master to 0.12.X. We've been seeing an intermittent failure in runs for zLinux with SLES 12. We confirmed that this fix resolves the issue so would like it in 0.12.X The original commit does not apply cleanly as the paths were changed, but the actual change is identical. The original commit was: 3ba4f71 PR-URL: #3013 Reviewed-By: Rod Vagg <[email protected]> Reviewed-By: James M Snell <[email protected]>
openssl-1.0.1s disables EXPORT and LOW ciphers by default. They are obsoleted ciphers and not safe for the current use. Node LTS also deprecates them. Fixes: nodejs/Release#85 PR-URL: #5712 Reviewed-By: Ben Noordhuis <[email protected]>
DES-CBC-SHA is LOW cipher and disabled by default and it is used in tests of hornorcipherorder. They are changed as to - use RC4-SHA instead of DES-CBC-SHA. - add ECDHE-RSA-AES256-SHA to entries to keep the number of ciphers. - remove tests for non-default cipher because only SEED and IDEA are available in !RC4:!HIGH:ALL. Fixes: nodejs/Release#85 PR-URL: #5712 Reviewed-By: Ben Noordhuis <[email protected]>
PR-URL: #5621 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Alexis Campailla <[email protected]>
Notable changes: * npm: Upgrade to v2.15.1. (Forrest L Norvell) * openssl: OpenSSL v1.0.1s disables the EXPORT and LOW ciphers as they are obsolete and not considered safe. This release of Node.js turns on `OPENSSL_NO_WEAK_SSL_CIPHERS` to fully disable the 27 ciphers included in these lists which can be used in SSLv3 and higher. Full details can be found in our LTS discussion on the matter (nodejs/Release#85). (Shigeki Ohtsu) #5712
@rvagg it looks like the node subset for the smoker was too aggressive and not testing on fedora or osx... would you like to run it again? |
@thealphanerd ditto as for 0.10, would you mind having a go at this please? I'm preoccupied for most of the day unfortunately. |
new citgm: https://ci.nodejs.org/job/thealphanerd-smoker/171/ edit: everything is green except for OSX which stalled during the build (infra related). I'm currently running the tests locally on v10.10.5 |
yeah I know... I'm not 100%, but with the new logging I can see that it always happens when trying to grab the ngrok binary... here are the results. Only failure is 🎉🎉 CITGM Passed 🎉🎉📛 But with Flaky Failures 📛Passing Modules
Flaky Modules
|
so I'd say this release looks good to go as far as citgm is concerned... I'm just doing some local npm-testing and it seems like some of my concerns regarding the npm upgrade are not coming to light... release LGTM |
Notable changes: * npm: Upgrade to v2.15.1. Fixes a security flaw in the use of authentication tokens in HTTP requests that would allow an attacker to set up a server that could collect tokens from users of the command-line interface. Authentication tokens have previously been sent with every request made by the CLI for logged-in users, regardless of the destination of the request. This update fixes this by only including those tokens for requests made against the registry or registries used for the current install. (Forrest L Norvell) #5967 * openssl: OpenSSL v1.0.1s disables the EXPORT and LOW ciphers as they are obsolete and not considered safe. This release of Node.js turns on `OPENSSL_NO_WEAK_SSL_CIPHERS` to fully disable the 27 ciphers included in these lists which can be used in SSLv3 and higher. Full details can be found in our LTS discussion on the matter (nodejs/Release#85). (Shigeki Ohtsu) #5712 PR-URL: #5967
Notable changes: * npm: Upgrade to v2.15.1. IMPORTANT: This is a major upgrade to npm v2 LTS from the previously deprecated npm v1. (Forrest L Norvell) * npm: Upgrade to v2.15.1. Fixes a security flaw in the use of authentication tokens in HTTP requests that would allow an attacker to set up a server that could collect tokens from users of the command-line interface. Authentication tokens have previously been sent with every request made by the CLI for logged-in users, regardless of the destination of the request. This update fixes this by only including those tokens for requests made against the registry or registries used for the current install. IMPORTANT: This is a major upgrade to npm v2 LTS from the previously deprecated npm v1. (Forrest L Norvell) #5967 * openssl: OpenSSL v1.0.1s disables the EXPORT and LOW ciphers as they are obsolete and not considered safe. This release of Node.js turns on `OPENSSL_NO_WEAK_SSL_CIPHERS` to fully disable the 27 ciphers included in these lists which can be used in SSLv3 and higher. Full details can be found in our LTS discussion on the matter (nodejs/Release#85). (Shigeki Ohtsu) #5712 PR-URL: #5968
Notable changes: * npm: Upgrade to v2.15.1. Fixes a security flaw in the use of authentication tokens in HTTP requests that would allow an attacker to set up a server that could collect tokens from users of the command-line interface. Authentication tokens have previously been sent with every request made by the CLI for logged-in users, regardless of the destination of the request. This update fixes this by only including those tokens for requests made against the registry or registries used for the current install. (Forrest L Norvell) #5967 * openssl: OpenSSL v1.0.1s disables the EXPORT and LOW ciphers as they are obsolete and not considered safe. This release of Node.js turns on `OPENSSL_NO_WEAK_SSL_CIPHERS` to fully disable the 27 ciphers included in these lists which can be used in SSLv3 and higher. Full details can be found in our LTS discussion on the matter (nodejs/Release#85). (Shigeki Ohtsu) #5712 PR-URL: #5967
Notable changes: * npm: Upgrade to v2.15.1. IMPORTANT: This is a major upgrade to npm v2 LTS from the previously deprecated npm v1. (Forrest L Norvell) * npm: Upgrade to v2.15.1. Fixes a security flaw in the use of authentication tokens in HTTP requests that would allow an attacker to set up a server that could collect tokens from users of the command-line interface. Authentication tokens have previously been sent with every request made by the CLI for logged-in users, regardless of the destination of the request. This update fixes this by only including those tokens for requests made against the registry or registries used for the current install. IMPORTANT: This is a major upgrade to npm v2 LTS from the previously deprecated npm v1. (Forrest L Norvell) #5967 * openssl: OpenSSL v1.0.1s disables the EXPORT and LOW ciphers as they are obsolete and not considered safe. This release of Node.js turns on `OPENSSL_NO_WEAK_SSL_CIPHERS` to fully disable the 27 ciphers included in these lists which can be used in SSLv3 and higher. Full details can be found in our LTS discussion on the matter (nodejs/Release#85). (Shigeki Ohtsu) #5712 PR-URL: #5968
Notable changes: * npm: Upgrade to v2.15.1. Fixes a security flaw in the use of authentication tokens in HTTP requests that would allow an attacker to set up a server that could collect tokens from users of the command-line interface. Authentication tokens have previously been sent with every request made by the CLI for logged-in users, regardless of the destination of the request. This update fixes this by only including those tokens for requests made against the registry or registries used for the current install. (Forrest L Norvell) nodejs/node#5967 * openssl: OpenSSL v1.0.1s disables the EXPORT and LOW ciphers as they are obsolete and not considered safe. This release of Node.js turns on `OPENSSL_NO_WEAK_SSL_CIPHERS` to fully disable the 27 ciphers included in these lists which can be used in SSLv3 and higher. Full details can be found in our LTS discussion on the matter (nodejs/Release#85). (Shigeki Ohtsu) nodejs/node#5712 PR-URL: nodejs/node#5967
Notable changes:
OPENSSL_NO_WEAK_SSL_CIPHERS
to fully disable the 27 ciphers included in these lists which can be used in SSLv3 and higher. Full details can be found in our LTS discussion on the matter (Disable EXPORT and LOW SSLv3+ ciphers by default for Argon, v0.12 and v0.10 Release#85). (Shigeki Ohtsu) deps: Disable EXPORT and LOW ciphers in openssl for v0.12 #5712Test: https://ci.nodejs.org/job/node-test-commit/2743/
Smoker: https://ci.nodejs.org/job/thealphanerd-smoker/165/
RC 1: https://nodejs.org/download/rc/v0.12.13-rc.1/