v5.7 [Feb 23, 2016]
Fix a double-free defect in parsing malformed DSA keys that may potentially be used for DoS or memory corruption attacks. It is likely to be very difficult to use this defect for a practical attack and is therefore considered low severity for Node.js users.
Fix a defect that can cause memory corruption in certain very rare cases relating to the internal BN_hex2bn() and BN_dec2bn() functions. It is believed that Node.js is not invoking the code paths that use these functions so practical attacks via Node.js using this defect are unlikely to be possible.
Fix a defect that makes the CacheBleed Attack possible. This defect enables attackers to execute side-channel attacks leading to the potential recovery of entire RSA private keys. It only affects the Intel Sandy Bridge (and possibly older) microarchitecture when using hyper-threading. Newer microarchitectures, including Haswell, are unaffected.
v5.3 [Dec 17, 2015]
buffer:
Buffer.prototype.includes() has been added to keep parity with TypedArrays. (Alexander Martin) #3567.
domains:
Fix handling of uncaught exceptions. (Julien Gilli) #3654.
https:
Added support for disabling session caching. (Fedor Indutny) #4252.
repl:
Allow third party modules to be imported using require(). This corrects a regression from 5.2.0. (Ben Noordhuis) #4215.
deps:
Upgrade libuv to 1.8.0. (Saúl Ibarra Corretgé) #4276.
v4.2 [Oct 12, 2015]
Includes fixes for two regressions:
- Assertion error in WeakCallback
- Undefined timeout regression.
v4.1 [Sep 17, 2015]
Fixed a bug introduced in v4.1.0 where allocating a new zero-length buffer can result in the next allocation of a TypedArray in JavaScript not being zero-filled.
Upgrade to npm 2.14.4 from 2.14.3
Update post-mortem metadata to allow post-mortem debugging tools.
Offers basic functionality such as reading and erasing diagnostic trouble codes
