Hi everyone, A new maintenance release for Node.js, node v0.10.39, is now available.
With this new release, OpenSSL has been upgraded to 1.0.1o to fix [several security vulnerabilities](http://openssl.org/news/secadv_20150611.txt). Two of them affect Node.js directly: Logjam and CVE-2015-1788. Regarding Logjam, OpenSSL has added protection for TLS clients by rejecting handshakes with DH parameters shorter than 768 bits. It means that _upgrading to this release of Node.js may prevent TLS clients written in node from connecting to servers using short DH parameters_. Although it is a breaking change in a maintenance version, the Node.js TSC determined that this is the best path forward to ensure the security of software written with this and future maintenance versions of node. Should you encounter any issue with this release related to TLS clients not being able to connect to servers using short DH keys, please create an issue at https://github.com/joyent/node/issues. As for CVE-2015-1788, before this release, TLS programs (including servers) written with Node.js are vulnerable to Denial Of Service attacks. 2015.06.18, Version 0.10.39 (Maintenance) * openssl: upgrade to 1.0.1o (Addressing multiple CVEs) * install: fix source path for openssl headers (Oguz Bastemur) * install: make sure opensslconf.h is overwritten (Oguz Bastemur) * timers: fix timeout when added in timer's callback (Julien Gilli) * windows: broadcast WM_SETTINGCHANGE after install (Mathias Küsel) Source Code: http://nodejs.org/dist/v0.10.39/node-v0.10.39.tar.gz Macintosh Installer (Universal): http://nodejs.org/dist/v0.10.39/node-v0.10.39.pkg Windows Installer: http://nodejs.org/dist/v0.10.39/node-v0.10.39-x86.msi Windows x64 Installer: http://nodejs.org/dist/v0.10.39/x64/node-v0.10.39-x64.msi Windows x64 Files: http://nodejs.org/dist/v0.10.39/x64/ Linux 32-bit Binary: http://nodejs.org/dist/v0.10.39/node-v0.10.39-linux-x86.tar.gz Linux 64-bit Binary: http://nodejs.org/dist/v0.10.39/node-v0.10.39-linux-x64.tar.gz Solaris 32-bit Binary: http://nodejs.org/dist/v0.10.39/node-v0.10.39-sunos-x86.tar.gz Solaris 64-bit Binary: http://nodejs.org/dist/v0.10.39/node-v0.10.39-sunos-x64.tar.gz Other release files: http://nodejs.org/dist/v0.10.39/ Website: http://nodejs.org/docs/v0.10.39/ Documentation: http://nodejs.org/docs/v0.10.39/api/ Shasums: ``` -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 f51855f96e3b69af87112161f155ac270eb5bd33 node-v0.10.39-darwin-x64.tar.gz 8316054cdd8cc482f3c6b89434c1fe224039bd26 node-v0.10.39-darwin-x86.tar.gz 97583ea9daf469bcb1691ac8a34fe5b64a8deaf5 node-v0.10.39-linux-x64.tar.gz d3038a590e99a6eb877b41b39aba503464766347 node-v0.10.39-linux-x86.tar.gz 7b8d190a2e17ad809c7b892178d5410f99328f76 node-v0.10.39-sunos-x64.tar.gz de09892495d8f6dec3031142ba47d5d02c8f53e7 node-v0.10.39-sunos-x86.tar.gz 2e019ab13a78fb994a8c6c10e72979b56ddaaf0d node-v0.10.39-x86.msi 2c1a7c3aea6dac03e49181f20c45b7d1315068a2 node-v0.10.39.pkg b53d33b5e1b980b2fe9009fec810187eaa6b8144 node-v0.10.39.tar.gz d556c55a815960e0ab705aa9225da996f47f3ef9 node.exe 75201237f362bb27af9652487fb5e74b90edc1ba node.exp 16d7d5029a0e9a0e21e04a522493a3d973a7eed0 node.lib 4e95ba82cc3fbd26d7da93549c7222ff941760a5 node.pdb b779fd3b7a70c688b7ab0313f2a62edac9b4cbe1 openssl-cli.exe 9642c12bbdbb03c163c5d3d9e539243730af0595 openssl-cli.pdb b1183e7597b9b9724bb1d9892843322afeca95aa x64/node-v0.10.39-x64.msi eb76635c7bd9a321ac6f97043226ece73bbc4df4 x64/node.exe fe6ae97961692d595706665533e23cc4d94d2087 x64/node.exp 9ded23cb299cf5d03e0f7783b5d195b1a3a91ff4 x64/node.lib 11832ff8d3409742a90be94738031ebb51c857ad x64/node.pdb 438e8cf3732b0116a7bee074afc6fbc48c45f0fb x64/openssl-cli.exe 1855d0a946882b9a4d39d57893ab4e2e3a3c9f02 x64/openssl-cli.pdb -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJViDuaAAoJEFCjBR+IjGKNff8P/jOOp4smwRKWfpi3stsorvlX 3jk/WNXOIUO/qnx5cJA0XrAxzmL+fOOWXlMaacJfAEiy96EQHryjuCasy1nrT+Ae 7qDoXJCnuCgnconV2RIP0otZmlHyTmxRA7DYwbhpOcScCqJoO4HV6fDo50pU+Bdg HBb5/M3Pm6Cep2Iuv54I1p0mbGVubZxfxmsjkLoEv4KIzmVFit65pZBSA+9DaomK QqTCnvWg/lCmnSrQQWTTFC0crqB6eO9PP/v63KUQc3G5K/FjhIfJ6j+PPvlBjOfx N37bxC6YJgVD0axyrxvh2VEhmsJZ06JiI1PUdp91C8klbOp6jeCLFFi5axA0Gjmr HN6ES5IfnZH26pUFB5M97Cydug+3tM9YPa9jVHwJUdgzNrSVxSlgdQHi4xVHnrTL xEESXQQWL7kYE+t9oy6i9B93FphsQvqiuI5i4QXj1WabCOEgywVWyZF741wkC8Lu Y/97CvcPNWoDHR7H+cbrO3B4iedFpKDaxNb1vrpZRgTHiohrkW8Ec2VB00RgCvJi pPKGxsv70Wby5V8at120CsPLuGW8xCihMpYRkSEyIZodrq0YCtN87COvPe7GpyFk PnfMhk0U9ANfeMFMK3qcDT+iQAHuLLmD3/aEN6RHc5b2fwyXc4+SqT55jpyegbb4 TbGw60glPAi+FQhZZoF0 =I4d1 -----END PGP SIGNATURE----- ``` -- Job board: http://jobs.nodejs.org/ New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to nodejs+unsubscr...@googlegroups.com. To post to this group, send email to nodejs@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/744e5ed6-9ce5-4567-abca-35ea51586796%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.