Node v0.12.10(LTS)

중요한 보안 릴리스입니다. 패치된 취약점에 관한 자세한 사항은 https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/ 문서를 참고하세요.

주요 변경 사항

  • http: 요청과 응답의 HTTP 헤더를 파싱할 때 요청 스머글링(smuggling)을 허용하거나(CVE-2016-2086) 응답 스플리팅(splitting)을 허용할 수 있는(CVE-2016-2216) 취약점이 수정됐습니다. 이제 HTTP 헤더 파싱은 수용하는 문자를 제한하는 등 HTTP 스펙에 더 근접하게 조정되었습니다.
  • http-parser: 2.3.0 버전에서 2.3.1 버전으로 업그레이드 했습니다.
  • openssl: 1.0.1q 버전에서 1.0.1r 버전으로 업그레이드 했습니다. 로그잼(Logjam) 공격을 방지하기 위해 TLS 클라이언트는 이제 파라미터가 1024비트보다 짧은 디피-헬만(Diffie-Hellman) 핸드셰이크를 거부합니다. 이전에는 768비트까지 허용했습니다.
  • src:
    • 특정 CVE 수정 사항을 선택적으로 되돌리는 --security-revert={cvenum} 명령행 플래그를 새롭게 도입했습니다.
    • --security-revert=CVE-2016-2216를 사용하면 CVE-2016-2216에 대한 수정 사항만 선택적으로 되돌릴 수 있습니다.
  • build:
    • 0.12.10 버전부터 v0.12 빌드를 nodejs.org에서 xz 방식으로 압축된 tar 파일로 받을 수 있습니다.
    • 0.12.10 버전부터 v0.12 빌드에 해당하는 headers.tar.gz 파일을 nodejs.org에서 받을 수 있습니다. 이 파일을 사용하려면 node-gyp가 업데이트 되어야 합니다.

Commits:

Windows 32-bit Installer: https://nodejs.org/dist/v0.12.10/node-v0.12.10-x86.msi
Windows 64-bit Installer: https://nodejs.org/dist/v0.12.10/x64/node-v0.12.10-x64.msi
Windows 32-bit Binary: https://nodejs.org/dist/v0.12.10/node.exe
Windows 64-bit Binary: https://nodejs.org/dist/v0.12.10/x64/node.exe
Mac OS X Universal Installer: https://nodejs.org/dist/v0.12.10/node-v0.12.10.pkg
Mac OS X 64-bit Binary: https://nodejs.org/dist/v0.12.10/node-v0.12.10-darwin-x64.tar.gz
Mac OS X 32-bit Binary: https://nodejs.org/dist/v0.12.10/node-v0.12.10-darwin-x86.tar.gz
Linux 32-bit Binary: https://nodejs.org/dist/v0.12.10/node-v0.12.10-linux-x86.tar.gz
Linux 64-bit Binary: https://nodejs.org/dist/v0.12.10/node-v0.12.10-linux-x64.tar.gz
SunOS 32-bit Binary: https://nodejs.org/dist/v0.12.10/node-v0.12.10-sunos-x86.tar.gz
SunOS 64-bit Binary: https://nodejs.org/dist/v0.12.10/node-v0.12.10-sunos-x64.tar.gz
Source Code: https://nodejs.org/dist/v0.12.10/node-v0.12.10.tar.gz
Other release files: https://nodejs.org/dist/v0.12.10/
Documentation: https://nodejs.org/docs/v0.12.10/api/

Shasums (GPG signing hash: SHA512, file hash: SHA256):

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

8a9c7fe990c1028e7c6d5bf61413027904a0fff67e23ba7c7c6d5fbb16cd4884 node.exe
c2b369b4fdb12c3ac14a6214c48c901e4805366a361c6cae5bb24215bf282318 node.exp
6919172dc22ad2690836a3988bf138cfc80ba484490a05a6eafda0a4909936d1 node.lib
5809753f1a8b6e3e311c41a066f0eb8f90b5b569896b6f1945af0971de9b2e4d node.pdb
c95df35ca1ed7b4b0ded815c1d49f36defcb1fdb882f6a8ef6106a07e3f2ffef node-v0.12.10-darwin-x64.tar.gz
b4ae523d81ced4935e0c7184bafcc1eb199d08ccfc70267a0dab546c33c18831 node-v0.12.10-darwin-x64.tar.xz
d4abd2b778c9d803676ad6121e6fdbc625b9ea73e845b0ecd761c162e86150ca node-v0.12.10-darwin-x86.tar.gz
0bc827d4c494274855b01ff2fab4ad311fe3c0b50cc0b62bb7736c7c890d2f15 node-v0.12.10-darwin-x86.tar.xz
c8e99589d96f9ad598c2d602e3dcac4bb0147a709da4da89a1f2b7f667f4b415 node-v0.12.10-headers.tar.gz
8c44114a3f5747475a042fd2f2333d4671223638a0dfa3cb264bf32f9a7c91c5 node-v0.12.10-headers.tar.xz
8fb4d6ed8934f0b0c92c26878511e1d340b068ee966c131ba0fccc1199f4349d node-v0.12.10-linux-x64.tar.gz
a993b72902eb1bdd50f1615026b6372a0d28302c15841b04e11bedab379709c0 node-v0.12.10-linux-x64.tar.xz
6f3ea401d2f488afb6adc57a3056df8658c1c9a57a368637cbc215ed3133c3b7 node-v0.12.10-linux-x86.tar.gz
99d0c121cd58b2d44080f78692dfb400e5098190f453709707594debd1359154 node-v0.12.10-linux-x86.tar.xz
afa45162c741898c7fc382093f29e68503edfa48cd67541d9c2c4081197fba02 node-v0.12.10.pkg
d67f17540c711eb150b8a389af1b4e6ecdcab66a1648b7ce925af98ab52b2698 node-v0.12.10-sunos-x64.tar.gz
2840f181594a0bd8b9cade785e9b6502591da68dc5a3ed3f2773637eb7df980b node-v0.12.10-sunos-x64.tar.xz
beca24cc3615c5b1858817d121bd91eecdc3af5b98ed0c4c171e1ef60afac049 node-v0.12.10-sunos-x86.tar.gz
3cb4a9cbfd0f724c3ba6e4ca2c6c70bb6d7c103dea682acf9c8ca1125133e1a2 node-v0.12.10-sunos-x86.tar.xz
edbd3710512ec7518a3de4cabf9bfee6d12f278eef2e4b53422c7b063f6b976d node-v0.12.10.tar.gz
f6318e5413982d40358a1b479458ebdd4bb523ae572c1149ce0e73cb58661978 node-v0.12.10.tar.xz
b888d17dbf04e43f521dbff8a68b24fae37027f6cd6b5a80430bc64fc5e7da40 node-v0.12.10-x86.msi
6153b53d72ea6cfbd6fd4a591787831c32fdd610d851fa2312eece6ac4686929 openssl-cli.exe
668479f90904e088ead0258de2941e597ba08aa61a1eed3ed96622c4c6d3bb25 openssl-cli.pdb
79687fe8d08a439f5167ab474a1238b6423cdb4f72cbc94213cfd6c21cf729f0 x64/node.exe
90116c88db51255a9c20158fd7b577769241b576d5642e269c465342c20f7025 x64/node.exp
490482c06c1ae913e3f78006aa9d41d67659e5499a4155cef2ff2ab49caf8921 x64/node.lib
58d9088252d3d5cc12647448491b6e287f9cd6a573be7b59f98ceb13fed15e2e x64/node.pdb
a3b49281f8f07eddf310c621feb55f98bd07f7ad252d5afa215212cf3f6e12d2 x64/node-v0.12.10-x64.msi
3cf691f703fc23c71263f8f02fd8780891a0e0f6cae37b4e15353446a47014b7 x64/openssl-cli.exe
ab634d22bd0a6bbf8a1adbd144f621e600deabf957d08effed729f88db3763ab x64/openssl-cli.pdb
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQEcBAEBCgAGBQJWuhv7AAoJEHNBsVwHCHes2HwH/i14nZes3/aej0uw3Yu2vhU6
X+MSyaZ4/Nrd+5YWy2BYXyVwO/PK7g508nGUqf5I4zEfmw8nwBYqyuf6891YeTR/
rD5yKhldt/lnWFLu6L8g4FKSPo3Zf0Vb1EB/xgL04VHlP6Pjh0/AOU5VS6Rvk9is
TerO4AHbYFYMkI7/xeSSPGxwhGEP5grBxOogJNRyHTfbav04VEg+kLwH59CSaYvM
PdHEvb03fOhJBDsuK1I0yADvLqtiVeUoarWO9h4HVbt2+8haPaDFpHfGREEOwyxn
hTZJUpoHMDTADd8Fzxpqbu2IPBhZwc01QUyCju8FUSTxAScCxNM1bYpuqDr934M=
=w69g
-----END PGP SIGNATURE-----