Permalink
Comparing changes
Choose two branches to see whatβs changed or to start a new pull request.
If you need to, you can also or
learn more about diff comparisons.
Open a pull request
Create a new pull request by comparing changes across two branches. If you need to, you can also .
Learn more about diff comparisons here.
...
- 6 commits
- 465 files changed
- 3 contributors
Commits on Feb 9, 2021
Commits on Feb 18, 2021
-
src: drop localhost6 as allowed host for inspector
CVE-ID: CVE-2021-22884 Refs: https://hackerone.com/bugs?report_id=1069487 PR-URL: nodejs-private/node-private#244 Reviewed-By: Beth Griggs <bgriggs@redhat.com> Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Mary Marchini <oss@mmarchini.me> Reviewed-By: Michael Dawson <midawson@redhat.com> Reviewed-By: MichaΓ«l Zasso <targos@protonmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
Commits on Feb 22, 2021
-
http2: add unknownProtocol timeout
This commit add a configuration options named unknownProtocolTimeout which can be specified to set a value for the timeout in milliseconds that a server should wait when an unknowProtocol is sent to it. When this happens a timer will be started and the if the socket has not been destroyed during that time the timer callback will destoy it. Refs: https://hackerone.com/reports/1043360 CVE-ID: CVE-2021-22883 PR-URL: nodejs-private/node-private#246 Backport-PR-URL: nodejs-private/node-private#250 Reviewed-By: Beth Griggs <bgriggs@redhat.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Tobias NieΓen <tniessen@tnie.de>
-
deps: upgrade openssl sources to 1.1.1j
This updates all sources in deps/openssl/openssl by: $ cd deps/openssl/ $ rm -rf openssl $ tar zxf ~/tmp/openssl-1.1.1j.tar.gz $ mv openssl-1.1.1j openssl $ git add --all openssl $ git commit openssl PR-URL: #37412 Backport-PR-URL: #37413 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Beth Griggs <bgriggs@redhat.com> -
deps: update archs files for OpenSSL-1.1.1j
After an OpenSSL source update, all the config files need to be regenerated and committed by: $ make -C deps/openssl/config $ git add deps/openssl/config/archs $ git add deps/openssl/openssl/include/crypto/bn_conf.h $ git add deps/openssl/openssl/include/crypto/dso_conf.h $ git add deps/openssl/openssl/include/openssl/opensslconf.h $ git commit PR-URL: #37412 Backport-PR-URL: #37413 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Beth Griggs <bgriggs@redhat.com> -
2021-02-23, Version 14.16.0 'Fermium' (LTS)
This is a security release. Notable changes: Vulnerabilities fixed: - **CVE-2021-22883**: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion - **CVE-2021-22884**: DNS rebinding in --inspect - **CVE-2021-23840**: OpenSSL - Integer overflow in CipherUpdate PR-URL: nodejs-private/node-private#254
Loading
This comparison is taking too long to generate.
Unfortunately it looks like we canβt render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff v14.15.5...v14.16.0