Skip to content

2018-12-03, Version 6.15.1 'Boron' (LTS), @rvagg
Compare
Choose a tag to compare
@MylesBorins MylesBorins released this 06 Dec 04:55
v6.15.1
This tag was signed with the committer’s verified signature.
rvagg Rod Vagg
GPG key ID: C273792F7D83545D
Learn about vigilant mode.
cde6450

Notable Changes

This is a patch release to address a bad backport of the fix for "Slowloris HTTP Denial of Service" (CVE-2018-12122). Node.js 6.15.0 misapplies the headers timeout to an entire keep-alive HTTP session, resulting in prematurely disconnected sockets.

Commits

  • [5d9005c359] - http: fix backport of Slowloris headers (Matteo Collina) #24796
Assets 2