You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Notable changes:
* npm: Upgrade to v2.15.1. IMPORTANT: This is a major upgrade to npm
v2 LTS from the previously deprecated npm v1. (Forrest L Norvell)
* npm: Upgrade to v2.15.1. Fixes a security flaw in the use of
authentication tokens in HTTP requests that would allow an attacker
to set up a server that could collect tokens from users of the
command-line interface. Authentication tokens have previously been
sent with every request made by the CLI for logged-in users,
regardless of the destination of the request. This update fixes this
by only including those tokens for requests made against the
registry or registries used for the current install. IMPORTANT:
This is a major upgrade to npm v2 LTS from the previously deprecated
npm v1. (Forrest L Norvell) #5967
* openssl: OpenSSL v1.0.1s disables the EXPORT and LOW ciphers as they
are obsolete and not considered safe. This release of Node.js turns
on `OPENSSL_NO_WEAK_SSL_CIPHERS` to fully disable the 27 ciphers
included in these lists which can be used in SSLv3 and higher. Full
details can be found in our LTS discussion on the matter
(nodejs/Release#85).
(Shigeki Ohtsu) #5712
PR-URL: #5968
Copy file name to clipboardExpand all lines: CHANGELOG.md
+14Lines changed: 14 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -1,5 +1,19 @@
1
1
# Node.js ChangeLog
2
2
3
+
## 2016-03-31, Version 0.10.44 (Maintenance), @rvagg
4
+
5
+
### Notable changes
6
+
7
+
* npm: Upgrade to v2.15.1. Fixes a security flaw in the use of authentication tokens in HTTP requests that would allow an attacker to set up a server that could collect tokens from users of the command-line interface. Authentication tokens have previously been sent with every request made by the CLI for logged-in users, regardless of the destination of the request. This update fixes this by only including those tokens for requests made against the registry or registries used for the current install. IMPORTANT: This is a major upgrade to npm v2 LTS from the previously deprecated npm v1. (Forrest L Norvell) https://github.com/nodejs/node/pull/5967
8
+
* openssl: OpenSSL v1.0.1s disables the EXPORT and LOW ciphers as they are obsolete and not considered safe. This release of Node.js turns on `OPENSSL_NO_WEAK_SSL_CIPHERS` to fully disable the 27 ciphers included in these lists which can be used in SSLv3 and higher. Full details can be found in our LTS discussion on the matter (https://github.com/nodejs/LTS/issues/85). (Shigeki Ohtsu) https://github.com/nodejs/node/pull/5712
9
+
10
+
### Commits
11
+
12
+
* [feceb77d7e] - deps: upgrade npm in LTS to 2.15.1 (Forrest L Norvell) https://github.com/nodejs/node/pull/5968
13
+
* [0847954331] - deps: Disable EXPORT and LOW ciphers in openssl (Shigeki Ohtsu) https://github.com/nodejs/node/pull/5712
14
+
* [6bb86e727a] - test: change tls tests not to use LOW cipher (Shigeki Ohtsu) https://github.com/nodejs/node/pull/5712
15
+
* [905bec29ad] - win,build: support Visual C++ Build Tools 2015 (João Reis) https://github.com/nodejs/node/pull/5627
16
+
3
17
## 2016-03-31, Version 5.10.0 (Stable), @evanlucas
0 commit comments