2017-12-08, Version 4.8.7 'Argon' (Maintenance), @MylesBorins

This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/ for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

• CVE-2017-15896
• CVE-2017-3738 (from the openssl project)

Notable Changes

• deps:
  • openssl updated to 1.0.2n (Shigeki Ohtsu) #17526

Commits

• [4f8fae3493] - deps: update openssl asm and asm_obsolete files (Shigeki Ohtsu) #17526
• [eacd090e7b] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) nodejs/io.js#1836
• [3e6b0b0d13] - deps: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) iojs/io.js#1389
• [b0ed4c52af] - deps: fix openssl assembly error on ia32 win32 (Fedor Indutny) iojs/io.js#1389
• [dd6a2dff1e] - deps: copy all openssl header files to include dir (Shigeki Ohtsu) #17526
• [b3afedfbe9] - deps: upgrade openssl sources to 1.0.2n (Shigeki Ohtsu) #17526
• [f7eb162d0d] - openssl: fix keypress requirement in apps on win32 (Shigeki Ohtsu) iojs/io.js#1389