Release proposal: v0.12.13 #5967
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Invoke MSBuild specifying the target platform as generated by Gyp. Reviewed-By: James M Snell <[email protected]> PR-URL: #5627
backport fix for test-http-get-pipeline-problem.js from master to 0.12.X. We've been seeing an intermittent failure in runs for zLinux with SLES 12. We confirmed that this fix resolves the issue so would like it in 0.12.X The original commit does not apply cleanly as the paths were changed, but the actual change is identical. The original commit was: 3ba4f71 PR-URL: #3013 Reviewed-By: Rod Vagg <[email protected]> Reviewed-By: James M Snell <[email protected]>
openssl-1.0.1s disables EXPORT and LOW ciphers by default. They are obsoleted ciphers and not safe for the current use. Node LTS also deprecates them. Fixes: nodejs/Release#85 PR-URL: #5712 Reviewed-By: Ben Noordhuis <[email protected]>
DES-CBC-SHA is LOW cipher and disabled by default and it is used in tests of hornorcipherorder. They are changed as to - use RC4-SHA instead of DES-CBC-SHA. - add ECDHE-RSA-AES256-SHA to entries to keep the number of ciphers. - remove tests for non-default cipher because only SEED and IDEA are available in !RC4:!HIGH:ALL. Fixes: nodejs/Release#85 PR-URL: #5712 Reviewed-By: Ben Noordhuis <[email protected]>
PR-URL: #5621 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Alexis Campailla <[email protected]>
Notable changes: * npm: Upgrade to v2.15.1. (Forrest L Norvell) * openssl: OpenSSL v1.0.1s disables the EXPORT and LOW ciphers as they are obsolete and not considered safe. This release of Node.js turns on `OPENSSL_NO_WEAK_SSL_CIPHERS` to fully disable the 27 ciphers included in these lists which can be used in SSLv3 and higher. Full details can be found in our LTS discussion on the matter (nodejs/Release#85). (Shigeki Ohtsu) #5712
r-52
added
meta
|
@rvagg it looks like the node subset for the smoker was too aggressive and not testing on fedora or osx... would you like to run it again? |
|
@thealphanerd ditto as for 0.10, would you mind having a go at this please? I'm preoccupied for most of the day unfortunately. |
|
new citgm: https://ci.nodejs.org/job/thealphanerd-smoker/171/ edit: everything is green except for OSX which stalled during the build (infra related). I'm currently running the tests locally on v10.10.5 |
|
yeah I know... I'm not 100%, but with the new logging I can see that it always happens when trying to grab the ngrok binary... here are the results. Only failure is 🎉🎉 CITGM Passed 🎉🎉📛 But with Flaky Failures 📛Passing Modules
Flaky Modules
|
|
so I'd say this release looks good to go as far as citgm is concerned... I'm just doing some local npm-testing and it seems like some of my concerns regarding the npm upgrade are not coming to light... release LGTM |
rvagg
pushed a commit
that referenced
this pull request
Mar 31, 2016
rvagg
added a commit
that referenced
this pull request
Mar 31, 2016
Notable changes: * npm: Upgrade to v2.15.1. Fixes a security flaw in the use of authentication tokens in HTTP requests that would allow an attacker to set up a server that could collect tokens from users of the command-line interface. Authentication tokens have previously been sent with every request made by the CLI for logged-in users, regardless of the destination of the request. This update fixes this by only including those tokens for requests made against the registry or registries used for the current install. (Forrest L Norvell) #5967 * openssl: OpenSSL v1.0.1s disables the EXPORT and LOW ciphers as they are obsolete and not considered safe. This release of Node.js turns on `OPENSSL_NO_WEAK_SSL_CIPHERS` to fully disable the 27 ciphers included in these lists which can be used in SSLv3 and higher. Full details can be found in our LTS discussion on the matter (nodejs/Release#85). (Shigeki Ohtsu) #5712 PR-URL: #5967
rvagg
added a commit
that referenced
this pull request
Mar 31, 2016
Notable changes: * npm: Upgrade to v2.15.1. IMPORTANT: This is a major upgrade to npm v2 LTS from the previously deprecated npm v1. (Forrest L Norvell) * npm: Upgrade to v2.15.1. Fixes a security flaw in the use of authentication tokens in HTTP requests that would allow an attacker to set up a server that could collect tokens from users of the command-line interface. Authentication tokens have previously been sent with every request made by the CLI for logged-in users, regardless of the destination of the request. This update fixes this by only including those tokens for requests made against the registry or registries used for the current install. IMPORTANT: This is a major upgrade to npm v2 LTS from the previously deprecated npm v1. (Forrest L Norvell) #5967 * openssl: OpenSSL v1.0.1s disables the EXPORT and LOW ciphers as they are obsolete and not considered safe. This release of Node.js turns on `OPENSSL_NO_WEAK_SSL_CIPHERS` to fully disable the 27 ciphers included in these lists which can be used in SSLv3 and higher. Full details can be found in our LTS discussion on the matter (nodejs/Release#85). (Shigeki Ohtsu) #5712 PR-URL: #5968
rvagg
added a commit
that referenced
this pull request
Apr 1, 2016
Notable changes: * npm: Upgrade to v2.15.1. Fixes a security flaw in the use of authentication tokens in HTTP requests that would allow an attacker to set up a server that could collect tokens from users of the command-line interface. Authentication tokens have previously been sent with every request made by the CLI for logged-in users, regardless of the destination of the request. This update fixes this by only including those tokens for requests made against the registry or registries used for the current install. (Forrest L Norvell) #5967 * openssl: OpenSSL v1.0.1s disables the EXPORT and LOW ciphers as they are obsolete and not considered safe. This release of Node.js turns on `OPENSSL_NO_WEAK_SSL_CIPHERS` to fully disable the 27 ciphers included in these lists which can be used in SSLv3 and higher. Full details can be found in our LTS discussion on the matter (nodejs/Release#85). (Shigeki Ohtsu) #5712 PR-URL: #5967
rvagg
added a commit
that referenced
this pull request
Apr 1, 2016
Notable changes: * npm: Upgrade to v2.15.1. IMPORTANT: This is a major upgrade to npm v2 LTS from the previously deprecated npm v1. (Forrest L Norvell) * npm: Upgrade to v2.15.1. Fixes a security flaw in the use of authentication tokens in HTTP requests that would allow an attacker to set up a server that could collect tokens from users of the command-line interface. Authentication tokens have previously been sent with every request made by the CLI for logged-in users, regardless of the destination of the request. This update fixes this by only including those tokens for requests made against the registry or registries used for the current install. IMPORTANT: This is a major upgrade to npm v2 LTS from the previously deprecated npm v1. (Forrest L Norvell) #5967 * openssl: OpenSSL v1.0.1s disables the EXPORT and LOW ciphers as they are obsolete and not considered safe. This release of Node.js turns on `OPENSSL_NO_WEAK_SSL_CIPHERS` to fully disable the 27 ciphers included in these lists which can be used in SSLv3 and higher. Full details can be found in our LTS discussion on the matter (nodejs/Release#85). (Shigeki Ohtsu) #5712 PR-URL: #5968
jBarz
pushed a commit
to ibmruntimes/node
that referenced
this pull request
Nov 4, 2016
jBarz
pushed a commit
to ibmruntimes/node
that referenced
this pull request
Nov 4, 2016
Notable changes: * npm: Upgrade to v2.15.1. Fixes a security flaw in the use of authentication tokens in HTTP requests that would allow an attacker to set up a server that could collect tokens from users of the command-line interface. Authentication tokens have previously been sent with every request made by the CLI for logged-in users, regardless of the destination of the request. This update fixes this by only including those tokens for requests made against the registry or registries used for the current install. (Forrest L Norvell) nodejs/node#5967 * openssl: OpenSSL v1.0.1s disables the EXPORT and LOW ciphers as they are obsolete and not considered safe. This release of Node.js turns on `OPENSSL_NO_WEAK_SSL_CIPHERS` to fully disable the 27 ciphers included in these lists which can be used in SSLv3 and higher. Full details can be found in our LTS discussion on the matter (nodejs/Release#85). (Shigeki Ohtsu) nodejs/node#5712 PR-URL: nodejs/node#5967
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Notable changes:
OPENSSL_NO_WEAK_SSL_CIPHERSto fully disable the 27 ciphers included in these lists which can be used in SSLv3 and higher. Full details can be found in our LTS discussion on the matter (Disable EXPORT and LOW SSLv3+ ciphers by default for Argon, v0.12 and v0.10 Release#85). (Shigeki Ohtsu) deps: Disable EXPORT and LOW ciphers in openssl for v0.12 #5712Test: https://ci.nodejs.org/job/node-test-commit/2743/
Smoker: https://ci.nodejs.org/job/thealphanerd-smoker/165/
RC 1: https://nodejs.org/download/rc/v0.12.13-rc.1/