Node v15.13.0(현재 버전)

주요 변경사항

  • buffer:
    • btoa와 atob를 구현했습니다. (James M Snell) #37529
  • deps:
    • npm의 버전을 7.7.6으로 업그레이드했습니다. (Ruy Adorno) #37968
      • 이 업데이트는 npm runnpm exec에 워크스페이스 지원을 추가합니다.
  • doc:
    • 안정성 지표에 Legacy 상태를 추가했습니다. (James M Snell) #37784
    • @linkgoron을 협력자로 추가했습니다. (Nitzan Uziely) #37817
  • http:
    • http.ClientRequest.getRawHeaderNames()를 추가했습니다. (simov) #37660

Commits

Windows 32-bit Installer: https://nodejs.org/dist/v15.13.0/node-v15.13.0-x86.msi

Windows 64-bit Installer: https://nodejs.org/dist/v15.13.0/node-v15.13.0-x64.msi

Windows 32-bit Binary: https://nodejs.org/dist/v15.13.0/win-x86/node.exe

Windows 64-bit Binary: https://nodejs.org/dist/v15.13.0/win-x64/node.exe

macOS 64-bit Installer: https://nodejs.org/dist/v15.13.0/node-v15.13.0.pkg

macOS 64-bit Binary: https://nodejs.org/dist/v15.13.0/node-v15.13.0-darwin-x64.tar.gz

Linux 64-bit Binary: https://nodejs.org/dist/v15.13.0/node-v15.13.0-linux-x64.tar.xz

Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v15.13.0/node-v15.13.0-linux-ppc64le.tar.xz

Linux s390x 64-bit Binary: https://nodejs.org/dist/v15.13.0/node-v15.13.0-linux-s390x.tar.xz

AIX 64-bit Binary: https://nodejs.org/dist/v15.13.0/node-v15.13.0-aix-ppc64.tar.gz

ARMv7 32-bit Binary: https://nodejs.org/dist/v15.13.0/node-v15.13.0-linux-armv7l.tar.xz

ARMv8 64-bit Binary: https://nodejs.org/dist/v15.13.0/node-v15.13.0-linux-arm64.tar.xz

Source Code: https://nodejs.org/dist/v15.13.0/node-v15.13.0.tar.gz

Other release files: https://nodejs.org/dist/v15.13.0/

Documentation: https://nodejs.org/docs/v15.13.0/api/

SHASUMS

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

9476bb2d9cdd50c80a57a941234bbd763a697377e5677befb67b4ead9511a361 node-v15.13.0-aix-ppc64.tar.gz
6e46324c9b0cafb7b37343b85055a878bb89e02643906c82c00c11dbd3ce9514 node-v15.13.0-darwin-x64.tar.gz
34f8f8fa195921ca4278378f1ba699479dcca30c5f8b10041a76548cdd67444c node-v15.13.0-darwin-x64.tar.xz
4cc4b77c85fe59d42e5268cd6a59623158d485a4c5745f718f962517f1378bcd node-v15.13.0-headers.tar.gz
7c4349af47ad994783a0b44ee32678e4ecd73ba3e1cdeb34ba876e75f20dad34 node-v15.13.0-headers.tar.xz
23a0277115cb18c994e8225552a9755811b5ebf87efec0997734b7e361dfd70a node-v15.13.0-linux-arm64.tar.gz
dfc4ea8d0c043450141a865f9d0993abd05f9af0f4269588cf37512bd4b01cc8 node-v15.13.0-linux-arm64.tar.xz
658cfeea9a5b531612a128bfc7938f5b98a49a4288f6c802c2a7306229b0a785 node-v15.13.0-linux-armv7l.tar.gz
4ad3717caf7b4fd2cb70e06a19ab0ac5d8fcea9c42c701a4576a700a3cb549b7 node-v15.13.0-linux-armv7l.tar.xz
55c1f0395ee59a077fc267d6de7e3825fc1fd948e3d42ba404b13911042fcce0 node-v15.13.0-linux-ppc64le.tar.gz
587ced9ad0fdfb249ddbd2457d67143ff775e923b6ecb5f0fe1f435d7fca79af node-v15.13.0-linux-ppc64le.tar.xz
b138596172ad6ffa4648043f2767d8dcb6297edd39287b09414b7afed59f3ff9 node-v15.13.0-linux-s390x.tar.gz
369762a5966ff2ca4d56b0dbeccee5615661d7048c96427948506fe8cbf65266 node-v15.13.0-linux-s390x.tar.xz
1cd6b2f92f826b0176039e9261bee8ae993d6167fbbe89ab2bc79d18e734267c node-v15.13.0-linux-x64.tar.gz
1ddb8da8e40e7dab71a896e73c98cc0c5a88fe60ec7b8e59d2d5c02953568b9d node-v15.13.0-linux-x64.tar.xz
6adef625cdbe65ffa006d6d17708c7b08d58e873a6808490ee8f46f7b6358b78 node-v15.13.0.pkg
96926e5b8f2f3ea805596448f01b16115882f3a594e2e999dc7349f80b3ec1f8 node-v15.13.0.tar.gz
90dca5d2bc4aa1e1157f8e0029371fc857c63778c14c94683f49a2d6572aa8f1 node-v15.13.0.tar.xz
db5fb70541e7e3f9e56c4a3fff2431dc3870be7cfa57ce40de92fd72c6b65024 node-v15.13.0-win-x64.7z
64ca8c72046d8d987370270d2591c9df463126f068c24dc81d3afa752b43d978 node-v15.13.0-win-x64.zip
5b621972be0f015aad60a6c28b5dfda9820b2aea5d9e96b0e2ea3a0c3d1e5c00 node-v15.13.0-win-x86.7z
84ed9b5d01e8c527e9f38d17ca28089982842fb7b255d09304464b8b70338d7d node-v15.13.0-win-x86.zip
6cb795eeff8fd6529c417fdf31116db38511fd65de2337416d90dfbd2cff1112 node-v15.13.0-x64.msi
775c82a65f60a02bf20c191013506abd508a26d1a79bd8d46c9be6b199d74f45 node-v15.13.0-x86.msi
23b5bbef8082f04d57ce6710aec6ed6c20626d1b6a0fb400524bd49f8560331f win-x64/node.exe
cef6b29471f8faa5291be30c049822267cfcfe3437c2d724d720b01f6480a827 win-x64/node.lib
be4aad7c798c5db01a736671784aab1acba0cc367495570517e546d880db8c36 win-x64/node_pdb.7z
7a752337403e7fdc28dc7361aaf2cd291d2ed8e817003bf68504dd8a0923dabc win-x64/node_pdb.zip
ae53c3c0b39f9dc7c78af434d78c2431723568e1577d77a093884ea4bce64941 win-x86/node.exe
889e03560e730464fe438f9b167e0907b61d1d47a19d05ede27e68c5da136991 win-x86/node.lib
cd578ecf8f8c9481245c515eb86a54bd310a203f27100588e5b986842486b6c3 win-x86/node_pdb.7z
38a3f56caf4dbd7d22a04e6e19f74e5e355d95bba7b4401fbd5079b2d247f905 win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEEI9StI21e7DMQ5spl7AUGb2S+AoFAmBkhdsACgkQl7AUGb2S
+ApDAxAAvfgIxckDoiMlkDXJ8RvL9E3IRLwsUDDDm4QIpajzcAG0eqq0VuM7JTDE
oi3T/NjEzgXyCnrCppHbPiWQLjvxHxYv0e8RAInkjP7VSBs3ZX8AhJ08ry7QCbrJ
iAxoABYF2LfxAHldAzq26jmA6xTRNZZWenxqcUcIIlq5X+bFzGqjzcIUXPedgKBe
+F+22qc2WO6v/pUklKZRNkEpKcPiqi+MAOreqlGYQOiOFc7TqBk1CgJBo7okqZX+
bq2+5zlttjNfnIbp0N70WAltQN2ewySZco26EZqwwScxMbXFedh9Xh1CC2xu7819
yR+USIgJyFgk2eYSi/d5HsErUJwV/DkmHphyAya7lnTmpCVouvAWPRfqW0nY2o0Y
p4NzDXa8elv8g8eTdBp/qJPfuT9YRnXnWuTMtLwbedWeysOteBze21w4ybFykRSG
ExJfJmCQD+xB6L21gzMVj17iPaTZtI6qcD8XLihx045VGewHBnQncgoYx6AsNqaD
7n5QgiFkVjEyPGW4JgpDsW7kCqXe02t7gtPvdu9MsbBgRhhS49k5HO+Kjc508MgN
faiyUw38Z9NdP14E/gZBMNFzZ3568IiqainPj3WJkf8mlH5OKcSQu8ZbmvxqEuQH
k6bgV3nq9tcGp1cHZjk2OxlUhF87kzhypiaD+giNYiJ+0NDfKXI=
=GeYV
-----END PGP SIGNATURE-----

2021년 4월 보안 릴리스

(2021년 4월 6일 업데이트) 보안 릴리스를 사용할 수 있습니다.

다음 이슈에 대해 v10.x, v12.x, v14.x, v15.x 버전의 Node.js 릴리스 라인의 업데이트를 이용할 수 있습니다.

OpenSSL - X509_V_FLAG_X509_STRICT를 사용할 때 CA 인증서 검사의 우회(높음) (CVE-2021-3450)

이 OpenSSL 취약점은 Node.js에서 악용될 수 있습니다.
자세한 내용은 https://www.openssl.org/news/secadv/20210325.txt에서 볼 수 있습니다.

영향받는 버전:

  • 15.x, 14.x, 12.x, 10.x 릴리스 라인의 모든 버전

OpenSSL - signature_algorithms 처리 중 NULL 포인터 역참조(높음) (CVE-2021-3449)

이 OpenSSL 취약점은 Node.js에서 악용될 수 있습니다.
자세한 내용은 https://www.openssl.org/news/secadv/20210325.txt에서 볼 수 있습니다.

영향받는 버전:

  • 15.x, 14.x, 12.x, 10.x 릴리스 라인의 모든 버전

npm 업그레이드 - 프로토타입 오염을 고치려고 y18n을 업데이트함(높음) (CVE-2020-7774)

y18n npm 모듈의 취약점으로 프로토타입을 오염시켜서 악용될 수 있습니다.
자세한 내용은 https://github.com/advisories/GHSA-c4w7-xm78-47vh에서 볼 수 있습니다.

영향받는 버전:

  • 14.x, 12.x, 10.x 릴리스 라인의 모든 버전

다운로드와 릴리스 세부 사항


요약

Node.js 프로젝트는 2021년 4월 6일 화요일쯤 모든 지원 중인 릴리스 라인의 새 버전을 릴리스할 예정입니다.

  • 심각도가 높은 이슈 세 개

영향

Node.js 15.x 릴리스 라인은 심각도가 높은 이슈 두 개에 취약합니다.

Node.js 14.x 릴리스 라인은 심각도가 높은 이슈 세 개에 취약합니다.

Node.js 12.x 릴리스 라인은 심각도가 높은 이슈 세 개에 취약합니다.

Node.js 10.x 릴리스 라인은 심각도가 높은 이슈 세 개에 취약합니다.

릴리스 시기

릴리스는 2021년 4월 6일 화요일쯤 사용 가능할 예정입니다.

연락처 및 향후 업데이트

현재 Node.js의 보안 정책은 https://nodejs.org/en/security/에서 볼 수 있습니다. Node.js의 취약점을 보고하고 싶다면 https://github.com/nodejs/node/blob/master/SECURITY.md에 정리된 절차를 따르기 바랍니다.

Node.js의 보안 취약점과 보안과 관련된 릴리스의 최신 정보를 얻으려면 https://groups.google.com/forum/#!forum/nodejs-sec에서 소수의 공지만 하는 nodejs-sec 메일링 리스트를 구독해 주세요. 이 프로젝트는 nodejs GitHub 조직에서 관리하고 있습니다.

Node v12.22.0(LTS)

주요 변경사항

레거시 HTTP 파서가 런타임 폐지 예정 상태로 되었습니다.

명령줄에서 --http-parser=legacy을 전달하면 사용할 수 있는 레거시 HTTP 파서가
2021년 4월 말에 지원이 종료되는 Node.js 10.x에 맞추어 폐지 예정 상태로 되었습니다.
레거시 파서는 해당 Node.js 버전에서 사용할 수 있는 유일한 HTTP 파서였습니다.
한동안은 레거시 HTTP 파서를 계속 사용할 수 있지만 경고가 나타날 것이며
향후 Node.js 12.x 릴리스에서 레거시 파서가 제거될 수 있습니다.

llhttp에 기반한 기본 HTTP 파서는 영향을 받지 않습니다.
해당 파서는 기본적으로 지금 폐지 예정 상태가 된 레거시 HTTP 파서보다 더 엄격합니다.
올바르지 않은 HTTP 헤더를 전송하는 HTTP 구현체와의 상호운용성이 필요하다면,
--insecure-http-parser 명령줄 옵션을 사용해서 보안성이 조금 떨어지는 모드로 사용하면 됩니다.

Beth Griggs가 기여했습니다. #37603.

ES 모듈

이제 ES 모듈은 안정적인 상태로 간주합니다.

Guy Bedford가 기여했습니다. #35781

node-api

node-api를 8 버전으로 업데이트하고 애드온 파일의 이름을 알 수 있는 실험적인 API를 추가했습니다.

Gabriel Schulhof가 기여했습니다. #37652, #37195.

코드 커버리지 데이터 수집을 제어하는 새로운 API

v8.stopCoverage()v8.takeCoverage()가 추가됐습니다.

Joyee Cheung이 기여했습니다. #33807.

워커 스레드의 이벤트 루프 활용을 모니터링하는 새로운 API

worker.performance.eventLoopUtilization()이 추가됐습니다.

Trevor Norris가 기여했습니다. #35664.

Commits

  • [1872625990] - (SEMVER-MINOR) deps: update to cjs-module-lexer@1.1.0 (Guy Bedford) #37712
  • [dfa04d9035] - deps: V8: cherry-pick beebee4f80ff (Peter Marshall) #37293
  • [bf8733fe22] - doc: mark modules implementation as stable (Guy Bedford) #35781
  • [0a35d49f56] - Revertembedding: make Stop() stop Workers” (Anna Henningsen) #32623
  • [a0b610450a] - (SEMVER-MINOR) http: runtime deprecate legacy HTTP parser (Beth Griggs) #37603
  • [2da24ac302] - lib: add URI handling functions to primordials (Antoine du Hamel) #37394
  • [7b0ed4ba92] - module: improve support of data: URLs (Antoine du Hamel) #37392
  • [93dd799a86] - (SEMVER-MINOR) node-api: define version 8 (Gabriel Schulhof) #37652
  • [f5692093d3] - (SEMVER-MINOR) node-api: allow retrieval of add-on file name (Gabriel Schulhof) #37195
  • [6cef0e3678] - src,test: add regression test for nested Worker termination (Anna Henningsen) #32623
  • [364bf03a68] - test: fix races in test-performance-eventlooputil (Gerhard Stoebich) #36028
  • [d7a4ccdf09] - test: correct test-worker-eventlooputil (Gerhard Stoebich) #35891
  • [0f6d44500c] - test: add cpu-profiler-crash test (Santiago Gimeno) #37293
  • [86f34ee18c] - (SEMVER-MINOR) v8: implement v8.stopCoverage() (Joyee Cheung) #33807
  • [8ddea3f16d] - (SEMVER-MINOR) v8: implement v8.takeCoverage() (Joyee Cheung) #33807
  • [eec7542781] - (SEMVER-MINOR) worker: add eventLoopUtilization() (Trevor Norris) #35664

Windows 32-bit Installer: https://nodejs.org/dist/v12.22.0/node-v12.22.0-x86.msi

Windows 64-bit Installer: https://nodejs.org/dist/v12.22.0/node-v12.22.0-x64.msi

Windows 32-bit Binary: https://nodejs.org/dist/v12.22.0/win-x86/node.exe

Windows 64-bit Binary: https://nodejs.org/dist/v12.22.0/win-x64/node.exe

macOS 64-bit Installer: https://nodejs.org/dist/v12.22.0/node-v12.22.0.pkg

macOS 64-bit Binary: https://nodejs.org/dist/v12.22.0/node-v12.22.0-darwin-x64.tar.gz

Linux 64-bit Binary: https://nodejs.org/dist/v12.22.0/node-v12.22.0-linux-x64.tar.xz

Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v12.22.0/node-v12.22.0-linux-ppc64le.tar.xz

Linux s390x 64-bit Binary: https://nodejs.org/dist/v12.22.0/node-v12.22.0-linux-s390x.tar.xz

AIX 64-bit Binary: https://nodejs.org/dist/v12.22.0/node-v12.22.0-aix-ppc64.tar.gz

SmartOS 64-bit Binary: https://nodejs.org/dist/v12.22.0/node-v12.22.0-sunos-x64.tar.xz

ARMv7 32-bit Binary: https://nodejs.org/dist/v12.22.0/node-v12.22.0-linux-armv7l.tar.xz

ARMv8 64-bit Binary: https://nodejs.org/dist/v12.22.0/node-v12.22.0-linux-arm64.tar.xz

Source Code: https://nodejs.org/dist/v12.22.0/node-v12.22.0.tar.gz

Other release files: https://nodejs.org/dist/v12.22.0/

Documentation: https://nodejs.org/docs/v12.22.0/api/

SHASUMS

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

64482b90fb13ca4be3a40386c958a41e49f6c915d3807d14d797bf101d363621 node-v12.22.0-aix-ppc64.tar.gz
7f72fd468cd00cf562c8fe2ea8b5e7a3b68027e8454e432db9ffbdd967bf420c node-v12.22.0-darwin-x64.tar.gz
56eb67ecd3bdbcd48823aa20ac379e71473037569ec77638444069ca836baa44 node-v12.22.0-darwin-x64.tar.xz
7c1424543ae16e1e15d8a4d95fbb99cf4ae7c943c4aa0bf0be3751a883f38738 node-v12.22.0-headers.tar.gz
aad985525806713e4e88e67cf22ee937da3281a15c62647aa39ae8f0a27e1512 node-v12.22.0-headers.tar.xz
844d0ea80f0b71b015800d2089fe13a0dee1dd46b2957c458d06a5231bf6ac0b node-v12.22.0-linux-arm64.tar.gz
7c784d17e2e4f72afe79df253d893afd8b73396d3a28a7709214673fd8d6fa87 node-v12.22.0-linux-arm64.tar.xz
942d71744f4001b11ac1be5a3093afdcd06509ab530fcf58f8bdaf16f3ee69c5 node-v12.22.0-linux-armv7l.tar.gz
09a9ab7188214b835456ec8f1248c7d820d945f87d2f6f0a74899b877312000d node-v12.22.0-linux-armv7l.tar.xz
437fa2f1a2caae09120a1bf9a20544368391bfea382f1e485b440f2117febfeb node-v12.22.0-linux-ppc64le.tar.gz
a509c5e0fc56c0c0368f8e1d0dfa017739695b88f08b85cc2b6ab28aafa92695 node-v12.22.0-linux-ppc64le.tar.xz
060bab6c4acf323cb66f8f2f23474d7158062e18daf249cc0b2d543413d7f1d5 node-v12.22.0-linux-s390x.tar.gz
dea901d4b14ada86bdc1eb9b8ff8dfd2204c912309dc6c3f54fb7beef61ee3cf node-v12.22.0-linux-s390x.tar.xz
d941cb38b023a1c53a629c49425105f68069937569edd72c6fafab2221fc4533 node-v12.22.0-linux-x64.tar.gz
c5c9dc788ec08785203d7b02333aab393bd648ec4a8bb2efb9d56c67d24eba70 node-v12.22.0-linux-x64.tar.xz
2164706d8051ca3920036db45f901bb28b0b3e92dd3b98814791ec8751c4a633 node-v12.22.0.pkg
f2f8b3134fc343e635e6d3ccc37a6437e83d46125f707ed082ffbe43f4c7ce4b node-v12.22.0-sunos-x64.tar.gz
37ef6028e13b58e93813cfee54e5668987d6f8bc2aae48c446794a30cc03194c node-v12.22.0-sunos-x64.tar.xz
a65d108d824e956de0ab7c3e7f6763c70f6f5b85636dc4ee16404e5881b7d723 node-v12.22.0.tar.gz
df5c5f0ebad4889f5dd24e565eaaa9cbe2ca3274f78af469d9a20cc36f60ba23 node-v12.22.0.tar.xz
7261d78d96e80c265b1e3f459dc43fc664bff63e30d5c21b468ee6271876ac2c node-v12.22.0-win-x64.7z
27dcfb4145bade7f03687d6ec620c55b0b5c966c583d02d29db36fb88bbd82c1 node-v12.22.0-win-x64.zip
5725c31de1ef07e5b09219fec87ae39e885172b2579d035315eb76a9dfcadcab node-v12.22.0-win-x86.7z
0c880c1c0f5ff0755da21098b9fae7e76289525bdfdb73725fae7dc815ec2a9d node-v12.22.0-win-x86.zip
51cfc0f8db30fc2bd45b6ac553867d3745aa73621661c099daaacb25d0d938bc node-v12.22.0-x64.msi
62d3bbe291b146ff2856d4ef349377d7f20fea5ed7ce84be73c53193cab46329 node-v12.22.0-x86.msi
382561345ac811231b8502931496784b93d7f72a4084babedb6a3f8b27d9214d win-x64/node.exe
28e5c24831deedbf4fb8a9560f2c4f95205479c589f54a9a53ec346f6a5cf8bf win-x64/node.lib
dd6516bda3b3ffa953e30dfa79641f49290892d5fb7009e3b5f8f454c8753554 win-x64/node_pdb.7z
8efa373a135ef092e5a743064eef6423158190accdbcda4914fbed2a992e4a56 win-x64/node_pdb.zip
ba3752edef984118a77911f2ec78576fe039a8b0bca7dcb94efaff76c2272efb win-x86/node.exe
8bbcf3b9305b83f54bd80f8ec19d4e237841bde5bfaeb2aec708c36daa6435f6 win-x86/node.lib
f34a56b04934e5382af0d288424e11a6d55e80894254835a8701102e089eafdd win-x86/node_pdb.7z
80c580430404fb8cace7802e5c592123d1bd6bffa71ce7a6850358a254b05003 win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEyC+jrhy+3Gvka5NgxDzsRcF6uTwFAmBjMiUACgkQxDzsRcF6
uTxj3BAAj6UhDhyUVTAzuaKVxJEfmnXeHdq3NNgWBkCk2H9ru6zJRa8nulzxFrmR
LR9/sDAr01of/Qca7q5ojeh2K5j66DbeG7RxvtwcISr9ASdZ7LmjcJCCie7fKnRz
eZn6qJ+6WXzD3lswI4jSwT8kIuNywAu7cMEkIcJM/OvLumpjx2euYjIdEE5BF80B
IwmkhyHvSiggPcAYBn1uxlDWHBxwdyF1F9u9MEGGmieIIloIMLeaDKRKdklSOBmr
ShwE2cnk+IEqJtQYaVEBLisayh8tkSdyxlbyowICkESICB+oiWMqF9dZotf6SFf6
I+SvfCQn3NH/LYG+gg06uAtna1hHUYU7DJ1QBGZtwff3NuVn0MrwZN3Qazj/ML8N
7ihL4twQM33U/QousCdXxaVVcW/J4+lurg0BKq0cijx/MvJRDF5+FDw/BLu3P7ul
3JA7+Ea0DquCt77oZpOra20TfrnjKmFUZfQjbqaG0hzQoEbJ8AcZlJeintOS2xT9
0Ri0Gp7JrCWpOfKobirjE/lIaV2Ehz9JpoPkwwFQbo62TPle7DIDihKWkshwuZj+
5X2K3rKjG9ff/0nZBkiWh6R7YGeMZCYscW71jTK7cIlKRggFIzUa+Od0x0975fQm
iDJMkx+Pmv2++GI3bcnZRxcCm+NeF6MryaN9xKNBblM6uoSemfQ=
=Wx4y
-----END PGP SIGNATURE-----

Node v15.12.0(현재 버전)

주요 변경사항

  • crypto:
    • crypto.sign과 crypto.verify에 선택적인 콜백을 추가했습니다. (Filip Skokan) #37500
    • create*Key에서 JWK 객체를 지원합니다. (Filip Skokan) #37254
  • deps:
    • openssl을 quictls/openssl로 변경했습니다. (James M Snell) #37601
    • cjs-module-lexer@1.1.0로 업데이트했습니다. (Guy Bedford) #37712
  • fs:
    • fsPromises writeFile의 성능을 높였습니다. (Nitzan Uziely) #37610
    • fsPromises readFile의 성능을 높였습니다. (Nitzan Uziely) #37608
  • lib:
    • AbortSignal.abort()를 구현했습니다. (James M Snell) #37693
  • node-api:
    • 8 버전을 정의했습니다. (Gabriel Schulhof) #37652
  • worker:
    • setEnvironmentData/getEnvironmentData를 추가했습니다. (James M Snell) #37486

Commits

  • [44514600b2] - assert,util: fix commutativity edge case (Ruben Bridgewater) #37711
  • [8666d777cc] - benchmark: add benchmark for fsPromises.writeFile (Nitzan Uziely) #37610
  • [e9028eb646] - cluster: restructure to same prototype for cluster child (Yash Ladha) #36610
  • [8e1257e26d] - cluster: clarify construct Handle (Jackson Tian) #37385
  • [341ee31e15] - crypto: reconcile duplicated code (James M Snell) #37704
  • [a2d08d5dfd] - crypto: add internal error codes (Darshan Sen) #37650
  • [922f2f0eb2] - (SEMVER-MINOR) crypto: add optional callback to crypto.sign and crypto.verify (Filip Skokan) #37500
  • [55e522ca23] - (SEMVER-MINOR) crypto: support JWK objects in create*Key (Filip Skokan) #37254
  • [33180fad81] - crypto: add separate error for INVALID_KEY_TYPE (Darshan Sen) #37555
  • [d81b9af1fc] - crypto: improve randomUUID performance (Dawid Rusnak) #37243
  • [23d654105f] - crypto,test: improve hmac coverage with webcrypto tests (obi-el) #37571
  • [dfca2fac24] - (SEMVER-MINOR) deps: update to cjs-module-lexer@1.1.0 (Guy Bedford) #37712
  • [ce357c0c11] - (SEMVER-MINOR) deps: update archs files for OpenSSL-1.1.1+quic (James M Snell) #37601
  • [6d77b6174f] - (SEMVER-MINOR) deps: switch openssl to quictls/openssl (James M Snell) #37601
  • [3e1a46a6a8] - deps: upgrade npm to 7.6.3 (Ruy Adorno) #37721
  • [b2fd00398c] - deps: V8: cherry-pick 1648e050cade (Colin Ihrig) #37664
  • [7422453072] - deps: upgrade npm to 7.6.1 (Ruy Adorno) #37606
  • [89f3aa92b4] - doc: add marsonya as a triager (marsonya) #37667
  • [3710857de3] - doc: add hints to http.request() options (Luigi Pinca) #37745
  • [5d793737d7] - (SEMVER-MINOR) doc: update maintaining-openssl guide (James M Snell) #37601
  • [1022d3d947] - doc: recommend checking abortSignal.aborted first (James M Snell) #37714
  • [764aa2dcee] - doc: fix link to googletest fixtures (Tobias Nießen) #37698
  • [0d3cc2dc82] - doc: fix typo in description of close event (Tobias Nießen) #37662
  • [e55058fed1] - doc: use sentence case in README.md headers (marsonya) #37645
  • [e7fc7a4c23] - doc: crypto esm examples (James M Snell) #37594
  • [a3abd52e1e] - doc: add localPort to http.request() options (Luigi Pinca) #37586
  • [705bdfbe3e] - doc: fix grammar errors in http document (Qingyu Deng) #37265
  • [e5f7179d1e] - doc: add document for http.OutgoingMessage (Qingyu Deng) #37265
  • [7c0ce17e65] - doc: fix typo in doc/guides/collaborator-guide.md (marsonya) #37643
  • [60d8afa9ab] - doc: document that module.evaluate fulfills as undefined (James M Snell) #37663
  • [6192315cf3] - doc: remove generated from dsaEncoding description (Marko Kaznovac) #37459
  • [e4c8c50b28] - doc: fix typos in /doc/api/fs.md (Merlin Luntke) #37557
  • [ebc6f41072] - doc: fix linter issue (Antoine du Hamel) #37657
  • [d17aab1775] - doc: add esm examples for assert (James M Snell) #37607
  • [366772bf87] - doc: add return type of readline.createInterface (Darshan Sen) #37600
  • [f50db89a52] - doc: change lang info string in fs JS snippets (Antoine du Hamel) #37605
  • [5a9196e0e4] - doc: apply sentence case to headers in pull-requests.md (marsonya) #37602
  • [05badcf755] - doc: fix small typo in 15.11.0 release (Tierney Cyren) #37590
  • [e0e7aa1058] - doc: add top-level await syntax in vm.md (Antoine du Hamel) #37077
  • [732d8ca811] - doc: clarify that columnOffset applies only to the first line (James M Snell) #37563
  • [267bbe3412] - doc: document that NODE_EXTRA_CA_CERTS is read only once (James M Snell) #37562
  • [f56a805a0d] - doc: refactor signal info in child_process.md (Darshan Sen) #37528
  • [236ba04a79] - domain: add name to monkey-patched emit function (Colin Ihrig) #37550
  • [1c09776106] - domain: show falsy names as anonymous for DEP0097 (Colin Ihrig) #37550
  • [5a49e3139e] - errors: remove experimental from --enable-source-maps (Benjamin Coe) #37743
  • [e384291c90] - events: remove return value on addEventListener (James M Snell) #37696
  • [ba91ef2d08] - fs: improve fsPromises writeFile performance (Nitzan Uziely) #37610
  • [3572299fc2] - fs: add promisified readFile benchmark (Nitzan Uziely) #37608
  • [b277776845] - fs: improve fsPromises readFile performance (Nitzan Uziely) #37608
  • [6688569a50] - http: refactor to avoid unsafe array iteration (Antoine du Hamel) #37654
  • [c737df64fe] - http2: make res.req a normal property (Colin Ihrig) #37706
  • [ac2f50b3fd] - (SEMVER-MINOR) lib: implement AbortSignal.abort() (James M Snell) #37693
  • [12fb2ffc33] - lib: use AbortError consistently (James M Snell) #37715
  • [e63a25e2ff] - lib: fix typo in lib/internal/http2/core.js (marsonya) #37695
  • [852f53ed7e] - lib: fix typo in lib/internal/bootstrap/loaders.js (marsonya) #37644
  • [daa4ac54c5] - lib: remove use of array destructuring (Antoine du Hamel) #36818
  • [ae0e76c264] - module: refactor NativeModule to avoid unsafe array iteration (Antoine du Hamel) #37656
  • [a86334fbb9] - (SEMVER-MINOR) node-api: define version 8 (Gabriel Schulhof) #37652
  • [d28ce328ed] - src: fix variable name of OnCloseReceived callback (Tobias Nießen) #37521
  • [d59c6de7e8] - src: add error formatting support (Gus Caplan) #37598
  • [33436e39fe] - src: make BaseObject::is_snapshotable virtual (Anna Henningsen) #37539
  • [30c62dee1c] - src,test: support dynamically linking OpenSSL 3.0 (Daniel Bevenius) #37669
  • [4bf1f333c7] - stream,util: fix “the the” typo in comments (Luigi Pinca) #37674
  • [1b53087541] - (SEMVER-MINOR) test: update dom/abort tests (James M Snell) #37693
  • [c2cb153646] - (SEMVER-MINOR) test: fixup test to account for quic openssl version (James M Snell) #37601
  • [ede34aa128] - test: address flaky wpt/test-timers (Rich Trott) #37691
  • [ed32cd4e67] - test: fixup flaky test-crypto-x509 (Filip Skokan) #37709
  • [013b3ff2d4] - test: remove unnecessary V8 flag (Antoine du Hamel) #37671
  • [cc48816826] - test: fix WPT URL tests that fetch JSON data (Michaël Zasso) #37624
  • [b0ed1e790e] - test: improve error reporting in test-child-process-pipe-dataflow (Rich Trott) #37632
  • [f7edb07ec2] - test: terminate WPT workers after test completion (Michaël Zasso) #37627
  • [b7ef829dac] - test: ignore WPT worker errors after tests finished (Michaël Zasso) #37626
  • [257b1ab225] - test: update Web Platform Tests (Michaël Zasso) #37620
  • [1f6341852f] - test: remove FLAKY status for test-async-hooks-http-parser-destroy (Rich Trott) #37636
  • [044fd2fc86] - test: remove FLAKY status for fixed test (Rich Trott) #37633
  • [d5ff50d2a7] - test: clear flaky designation for test-stream-pipeline-http2 (Rich Trott) #37631
  • [381fb98061] - test: clear FLAKY designation for test-http2-pipe (Rich Trott) #37631
  • [0582c51754] - test: fix wasi/test-return-on-exit on 32-bit systems (Colin Ihrig) #37615
  • [0d04b6c043] - test: fix flaky test-child-process-exec-abortcontroller-promisified (Antoine du Hamel) #37572
  • [a44daff34d] - test: update all Web Platform Tests (Michaël Zasso) #37467
  • [c09bd77daf] - test: redownload wpt fixtures with correct encoding (Michaël Zasso) #37467
  • [57319770bb] - test,crypto: ensure promises resolve in webcrypto tests (Antoine du Hamel) #37653
  • [2d9b624668] - tls: refactor to avoid unsafe array iteration (Antoine du Hamel) #37655
  • [72af5d9895] - tools: parse changelogs only in the default branch (Antoine du Hamel) #37768
  • [bd62771a22] - tools: use bundled npm in update scripts (Ruy Adorno) #37613
  • [4de3b8483a] - tools: update glob-parent to 5.1.2 (Rich Trott) #37646
  • [ec71a0f817] - tools: check version number in YAML comments from changelogs (Antoine du Hamel) #37599
  • [07fc61b900] - tools: add support for mjs and cjs JS snippet linting (Antoine du Hamel) #37311
  • [440c944420] - tools: fix object name in prefer-assert-methods.js (Tobias Nießen) #37544
  • [7042ec89f1] - tools: update remark-preset-lint-node to 2.1.1 (Rich Trott) #37604
  • [82e78f7c12] - tools: fix compiler warning in inspector_protocol (Darshan Sen) #37573
  • [fd7234c52f] - tools: make update-eslint.sh work with npm@7 (Luigi Pinca) #37566
  • [057c6a842a] - tools: add ESLint rule no-array-destructuring (Antoine du Hamel) #36818
  • [25a5f0b3b8] - tools: update eslint-plugin-markdown configuration (Colin Ihrig) #37549
  • [7a1de1fce9] - tools: update ESLint to 7.21.0 (Luigi Pinca) #37546
  • [9c0ca4689d] - tools,doc: add support for several flavors of JS code snippets (Antoine du Hamel) #37162
  • [80af610d95] - util: inspect __proto__ key as written in object literal (Anna Henningsen) #37713
  • [0d135e8316] - (SEMVER-MINOR) worker: add setEnvironmentData/getEnvironmentData (James M Snell) #37486
  • [8024ffbba4] - worker: add ports property to MessageEvents (Anna Henningsen) #37538
  • [f4fd3fb6a7] - worker: allow BroadcastChannel in receiveMessageOnPort (Anna Henningsen) #37535

Windows 32-bit Installer: https://nodejs.org/dist/v15.12.0/node-v15.12.0-x86.msi

Windows 64-bit Installer: https://nodejs.org/dist/v15.12.0/node-v15.12.0-x64.msi

Windows 32-bit Binary: https://nodejs.org/dist/v15.12.0/win-x86/node.exe

Windows 64-bit Binary: https://nodejs.org/dist/v15.12.0/win-x64/node.exe

macOS 64-bit Installer: https://nodejs.org/dist/v15.12.0/node-v15.12.0.pkg

macOS 64-bit Binary: https://nodejs.org/dist/v15.12.0/node-v15.12.0-darwin-x64.tar.gz

Linux 64-bit Binary: https://nodejs.org/dist/v15.12.0/node-v15.12.0-linux-x64.tar.xz

Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v15.12.0/node-v15.12.0-linux-ppc64le.tar.xz

Linux s390x 64-bit Binary: https://nodejs.org/dist/v15.12.0/node-v15.12.0-linux-s390x.tar.xz

AIX 64-bit Binary: https://nodejs.org/dist/v15.12.0/node-v15.12.0-aix-ppc64.tar.gz

ARMv7 32-bit Binary: https://nodejs.org/dist/v15.12.0/node-v15.12.0-linux-armv7l.tar.xz

ARMv8 64-bit Binary: https://nodejs.org/dist/v15.12.0/node-v15.12.0-linux-arm64.tar.xz

Source Code: https://nodejs.org/dist/v15.12.0/node-v15.12.0.tar.gz

Other release files: https://nodejs.org/dist/v15.12.0/

Documentation: https://nodejs.org/docs/v15.12.0/api/

SHASUMS

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

b05beb9caa359aba0402412937a6f7434459adab016021c6e30f4c67b5ab35d9 node-v15.12.0-aix-ppc64.tar.gz
c04a77a3bf4a9ea7f5c0d34773cb8fcc4af594b202fa69ea41edc372ecd28df0 node-v15.12.0-darwin-x64.tar.gz
adcdfe6e147a67741ac32bd454f0ed69717387486b2275df33758b276d00de83 node-v15.12.0-darwin-x64.tar.xz
9514682405d3f1567838e289eeace2546a05fb88fc7d77f8ee566cadd92025ba node-v15.12.0-headers.tar.gz
96fe0238aef09626ffed5288871ce7fe556a5aa3aeb529fe70ce8c8c9e722c60 node-v15.12.0-headers.tar.xz
cf1e276e381bbe58998feb584f907980ad2c6cd8c88dd4662a089b177b7ab0b2 node-v15.12.0-linux-arm64.tar.gz
be93231a6616356e2a33d5007de19ffd573d5a05a67662c1583edbb7b3ecb234 node-v15.12.0-linux-arm64.tar.xz
e90567de53a7a5a7ff4ff1088516ed5bbfa1db2ba7a7f9b7010cfbb3784ba408 node-v15.12.0-linux-armv7l.tar.gz
2bcebc5bc59acbd239e42967e2342e9385b407546d5570c09d5dde90a9b3bf77 node-v15.12.0-linux-armv7l.tar.xz
5f635bf5b6249562e220d40527a0d9dcb45f551660a4ee3948f639948c39ba90 node-v15.12.0-linux-ppc64le.tar.gz
a3d719ad30b90305a732414a3467c0833f8b58b1b8170c88e35c0c8e72958606 node-v15.12.0-linux-ppc64le.tar.xz
b8d0f1e206ff1efa512aa33b556359cde46724e8d9f8d6e6d1da27d109388bff node-v15.12.0-linux-s390x.tar.gz
b04f13b4e34450d2794feac4bbc67028a595893f95fab63829763487b136e81c node-v15.12.0-linux-s390x.tar.xz
0fa13e94e07e05b64819f44de92a81f4a95c8d952278e85eba3c7dd11fe63aea node-v15.12.0-linux-x64.tar.gz
3892b4058cf12823c6cf39e4a3e9ce6da3f908cbfd211ddfc0a9df73eecd8bdc node-v15.12.0-linux-x64.tar.xz
b8df5c09ed9bd191cf244d1d0d910e1f90bdfb17d4a163b690cff9794b061e37 node-v15.12.0.pkg
cfb13ad6443e9e08d2c37468e57d2d79b91c5372e9d9d3f03756a0e31d984497 node-v15.12.0.tar.gz
5ebbbe5024787a45134c4fbd77f50ae494c9cd49c87ce2c9f327af77d8af1a31 node-v15.12.0.tar.xz
e103b811f4be35cf3388a398ff487fd6a53e07c9acbfea52533a97e3668affd3 node-v15.12.0-win-x64.7z
630943523e7289545af6fba3a4ab615d3bef466b00e504be044c55bc8fa100e5 node-v15.12.0-win-x64.zip
b0a41cf8eb23f88ad187c6658ae470462c4b04e1385d20e95c1a5b800c6239ae node-v15.12.0-win-x86.7z
8ba62e8ffa1e04c724e88522b07a395398bcd3215d908ec2d6b4bb8e313088ca node-v15.12.0-win-x86.zip
238cc9aa94527ab2fbcef4a9bcf81bb01667fb4864dfe490aead1ae474d5584c node-v15.12.0-x64.msi
7729c52a1dfd162217c698ca53c487abb300c011bdfd2b806b3cefa7ea10a82c node-v15.12.0-x86.msi
a6e114a50a51dcdce880dac9ab48293132541cb682d21a5200001c354f93df6c win-x64/node.exe
efec0902e39ae60a3c5e54db9e9fff3ebcec88744851f6df911da9ad9eb39a2d win-x64/node.lib
68009b608bd60afbada5c08f447ecf37e60bd7c8f9299cb083dde8b41871fc61 win-x64/node_pdb.7z
a45dfbcfa66672328593d4a6840efb99124a0560bde7fc936d163617388f08fe win-x64/node_pdb.zip
5bfd61ce67f5e4ef040ad2ed478644f28dd94d8be03be5ad8fa8f87930c09cc4 win-x86/node.exe
68abf8d368843410f4ca9ea0b3f8d31dbf9477c527a33a9039bbd9208236a732 win-x86/node.lib
6c445a037a3db38fedc6b2defae40b1a3f26876d11a75b70ffd04d57882fde3a win-x86/node_pdb.7z
c11857ae1384e337034f54e188b05a3403cd69206870fd65bdba92b329c5ad4e win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEdPEmArbxxOkT+qN606iWE2Q7YgEFAmBSgPAACgkQ06iWE2Q7
YgHAxQ//X02ypoNObdBJR7Blg+tmi8Sz/sdDJ+8Etb1WwB0rzMqFr94vkZotx46l
GUSTZiVwKyi+rjAjJ+uJHJ0ywnLOj8hFLP6eL+yzn35nnoX0sBeg+2nML9N72eSM
BCWPSNOi5CsZdUFntBDJ5ZkMTZBaleIyqbgnBORTnUEqfzjmZGb2aErFXxYa6Gym
1vQyd+Ie+ZpKwWn+HhjjG+mqxnHmXHdS8DS1gBCZx507QiW8t5D0rbnR92jjstpo
ZNDcMvYXSzHxm6YvV5y8Aafkvb978gxkMww398eRQxxMFw6jKG7yARwjtB2qKoF+
8MDM7wg1RF5iP7rxFcWlA2rAk+/g3h2O9GGLkmpHc9YWrsrZXP2ejqWEgZaSLF2i
1HY/zz1IyE+rdWMvYY6Yc/8IUyLQX8yihnuUSlF70ziI4Ndpyqm6A2ZfrNfnO2e2
+zYt9eCymsn5avQ8PSoVPSdqRbqEU0l8ugIa4b3UQOLo1RfdkTKPg/NuH0p0OET6
a2mjnDWbQ1ycf7dDQ6o/6lCquIlRGgdrPYM5ptFN+DmdF2qjU1B+IsQa2m0uc7ab
iutwdgMKGRA2ynOdDkpHdCruWWcFczG29gf9AeSitLMxvNGU50y+AoeMy/FcUv1M
QSTd17389IYKzlYe7506olRf8iR03hQaP6S2pC5N6ZWNMLpX2vo=
=KqiK
-----END PGP SIGNATURE-----

Node v15.11.0(현재 버전)

주요 변경사항

  • [a3e3156b52] - (SEMVER-MINOR) crypto: FIPS 관련 옵션을 항상 사용할 수 있게 되었습니다. (Vít Ondruch) #36341
  • [9ba5c0f9ba] - (SEMVER-MINOR) errors: --enable-source-maps는 이제 안정적입니다. (Benjamin Coe) #37362

Commits

  • [d039e6fa80] - assert: refactor to avoid unsafe array iteration (Antoine du Hamel) #37344
  • [d2e5529e08] - bootstrap: include v8 module into the builtin snapshot (Joyee Cheung) #36943
  • [59861bac0e] - bootstrap: include fs module into the builtin snapshot (Joyee Cheung) #36943
  • [458a4108b7] - buffer: make Blob’s constructor more spec-compliant (Michaël Zasso) #37361
  • [0d564ce214] - buffer: make Blob’s slice method more spec-compliant (Michaël Zasso) #37361
  • [ddae112133] - child_process: fix spawn and fork abort behavior (Nitzan Uziely) #37325
  • [b1e188de8d] - crypto: refactor hasAnyNotIn to avoid unsafe array iteration (Antoine du Hamel) #37433
  • [291d9e9936] - crypto: check ed/x webcrypto key import algorithm names (Filip Skokan) #37305
  • [a3e3156b52] - (SEMVER-MINOR) crypto: make FIPS related options always awailable (Vít Ondruch) #36341
  • [b634469c38] - crypto: refactor to avoid unsafe array iteration (Antoine du Hamel) #37364
  • [01773ab614] - crypto: use BoringSSL compatible errors (Shelley Vohr) #37297
  • [f3d67000a0] - deps: upgrade npm to 7.6.0 (Ruy Adorno) #37559
  • [e1045f1004] - deps: upgrade npm to 7.5.6 (Ruy Adorno) #37496
  • [80d3c118f4] - deps: V8: cherry-pick 373f4ae739ee (Richard Lau) #37505
  • [1408de7e24] - deps: cherry-pick 8957d4677aa794c230577f234071af0 from V8 upstream (Antoine du Hamel) #37471
  • [725d48ae77] - doc: remove experimental from --enable-source-maps (Colin Ihrig) #37540
  • [5d939b7a49] - doc: fix typo in doc/api/packages.md (marsonya) #37536
  • [cbfc6b1692] - doc: document how to register external bindings for snapshot (Joyee Cheung) #37463
  • [dd7a04dc9f] - doc: fix typo “director” instead of “directory” (humanwebpl) #37523
  • [ba81e7cb5e] - doc: revise LTS text in collaborator guide (Rich Trott) #37527
  • [7529a97a5c] - doc: revise CI text in collaborator guide (Rich Trott) #37526
  • [1285b907ce] - doc: revise objections section of collaborator guide (Rich Trott) #37525
  • [bc86208a0a] - doc: revise premature disclosure text in collaborator guide (Rich Trott) #37524
  • [46af56752e] - doc: change links to use HEAD in top level docs (Michael Dawson) #37494
  • [3b737e63ce] - doc: apply sentence case to headers in doc/guides (marsonya) #37506
  • [fb5e5bed21] - doc: fix typo in webcrypto.md (marsonya) #37507
  • [3b7cb75554] - doc: document the NO_COLOR and FORCE_COLOR env vars (James M Snell) #37477
  • [0fac27d546] - doc: add url.resolve replacement example (Antoine du Hamel) #37501
  • [2228f44b25] - doc: apply sentence case to guides headers (marsonya) #37497
  • [617819e4fb] - doc: update CI requirements for landing pull requests (Antoine du Hamel) #37308
  • [4a40759b33] - doc: recommend queueMicrotask over process.nextTick (James M Snell) #37484
  • [834f63793a] - doc: apply sentence case to headers in doc/guides (marsonya) #37478
  • [7ac0820da0] - doc: fix typo in doc/api/http2/md (marsonya) #37479
  • [4ad7a78448] - doc: alphabetize vm Module class properties (Rich Trott) #37451
  • [a193d7ca87] - doc: alphabetize crypto Cipher class entries (Rich Trott) #37450
  • [54b6f1bcf9] - doc: use HEAD for links in api docs (Michael Dawson) #37437
  • [549d24b8ad] - doc: fix alignment of parameters (Michael Dawson) #37422
  • [f3559a922b] - doc: fix typo in doc/api/esm.md (marsonya) #37400
  • [c3d236d405] - doc: fix “referred to” in fs docs (Tobias Nießen) #37388
  • [9ac8c74539] - doc: document x509 error codes (Dan Čermák) #37096
  • [9a454afcd6] - doc: fix typo in esm.md (Jay Tailor) #37417
  • [b3bf3d9824] - doc: use HEAD in links where possible (Michael Dawson) #37421
  • [6675342cd9] - doc: clarify that async_hook callbacks cannot be async (James M Snell) #37384
  • [4b54c10500] - doc: use **Default:** more consistently (Colin Ihrig) #37387
  • [f20ce47dbb] - doc,child_process: pid can be undefined when ENOENT (dr-js) #37014
  • [6205e29cb9] - doc,lib: prepare for stricter multi-line array linting (Rich Trott) #37088
  • [9ba5c0f9ba] - (SEMVER-MINOR) errors: remove experimental from --enable-source-maps (Benjamin Coe) #37362
  • [c0cdb83433] - fs: fix writeFile signal does not close file (Nitzan Uziely) #37402
  • [e8b1e2c0a3] - fs: fix pre-aborted writeFile AbortSignal file leak (Nitzan Uziely) #37393
  • [6b42e65983] - fs: fixup negative length in fs.truncate (James M Snell) #37483
  • [d141fce634] - fs: use createDeferredPromise() in promises.watch() (Colin Ihrig) #37386
  • [bb81accb16] - lib: use <array>.push and <array>.unshift instead of <array>.concat (Antoine du Hamel) #37239
  • [dc3c299862] - lib: remove outdated todo comment (Antoine du Hamel) #37396
  • [856d20b772] - lib: add URI handling functions to primordials (Antoine du Hamel) #37394
  • [a1ed78cb3b] - module: improve support of data: URLs (Antoine du Hamel) #37392
  • [27816eac61] - node-api: force env shutdown deferring behavior (Gabriel Schulhof) #37303
  • [f1381f7a7a] - src: fix alloc-dealloc-mismatch in node_snapshotable.h (Darshan Sen) #37443
  • [5ea2ed611f] - src: fix ETW_WRITE_EMPTY_EVENT macro (Michaël Zasso) #37334
  • [96bcd52d3e] - src: disable unfixable MSVC warnings (Michaël Zasso) #37334
  • [c75f5f372d] - src: avoid implicit type conversions (take 2) (Michaël Zasso) #37334
  • [e400f8c9c8] - src: support serialization of binding data (Joyee Cheung) #36943
  • [daad7bbd34] - src: adjust THP sysfs config token retrieval and file closure (James Addison) #37187
  • [4cc76457d9] - stream: move duplicated code to an internal module (Rich Trott) #37508
  • [3d3df0c005] - stream: add AbortSignal support to finished (Nitzan Uziely) #37354
  • [429dffd32e] - stream: add AbortSignal to promisified pipeline (Nitzan Uziely) #37359
  • [9696cf7142] - test: remove FLAKY status for test-http2-multistream-destroy-on-read-tls (Rich Trott) #37533
  • [453113938d] - test: make status file names consistent (Rich Trott) #37532
  • [00b3446a8e] - test: account for pending deprecations in esm test (Rich Trott) #37542
  • [f2aa305348] - test: fix incorrect timers-promisified case (ttzztztz) #37425
  • [ce7fbbf94c] - test: fix typo in test_node_crypto.cc (Ikko Ashimine) #37469
  • [ba319f0c60] - test: remove FLAKY for test-http2-compat-client-upload-reject (Rich Trott) #37462
  • [dfa0440341] - test: validate no debug info for http2 (Michael Dawson) #37447
  • [b38404ee17] - test: remove FLAKY designation for test-http2-client-upload-reject (Rich Trott) #37461
  • [b569105183] - test: clarify usage of tmpdir.refresh() (Darshan Sen) #37383
  • [4f41900687] - test: update upload.zip to be uncorrupted (Greg Ziskind) #37294
  • [d5c311ed15] - test: fix flaky test-worker-prof (Rich Trott) #37372
  • [df538ebc8e] - test: fix flaky test-webcrypto-encrypt-decrypt-aes (Darshan Sen) #37380
  • [19d6eb929c] - test: fix flaky test-fs-promises-file-handle-read (Rich Trott) #37371
  • [c554aa149c] - test,child_process: add check for subProcess.pid (dr-js) #37014
  • [5c27fd73b0] - tools: run doctool tests on GitHub Actions CI (Antoine du Hamel) #37398
  • [49013fcee1] - tools: make comma-dangle ESLint rule more stringent … (Rich Trott) #37088
  • [31f4600b7a] - worker: fix interaction of terminate() with messaging port (Anna Henningsen) #37319
  • [d93137b2a9] - workers: fix spawning from preload scripts (James M Snell) #37481

Windows 32-bit Installer: https://nodejs.org/dist/v15.11.0/node-v15.11.0-x86.msi

Windows 64-bit Installer: https://nodejs.org/dist/v15.11.0/node-v15.11.0-x64.msi

Windows 32-bit Binary: https://nodejs.org/dist/v15.11.0/win-x86/node.exe

Windows 64-bit Binary: https://nodejs.org/dist/v15.11.0/win-x64/node.exe

macOS 64-bit Installer: https://nodejs.org/dist/v15.11.0/node-v15.11.0.pkg

macOS 64-bit Binary: https://nodejs.org/dist/v15.11.0/node-v15.11.0-darwin-x64.tar.gz

Linux 64-bit Binary: https://nodejs.org/dist/v15.11.0/node-v15.11.0-linux-x64.tar.xz

Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v15.11.0/node-v15.11.0-linux-ppc64le.tar.xz

Linux s390x 64-bit Binary: https://nodejs.org/dist/v15.11.0/node-v15.11.0-linux-s390x.tar.xz

AIX 64-bit Binary: https://nodejs.org/dist/v15.11.0/node-v15.11.0-aix-ppc64.tar.gz

ARMv7 32-bit Binary: https://nodejs.org/dist/v15.11.0/node-v15.11.0-linux-armv7l.tar.xz

ARMv8 64-bit Binary: https://nodejs.org/dist/v15.11.0/node-v15.11.0-linux-arm64.tar.xz

Source Code: https://nodejs.org/dist/v15.11.0/node-v15.11.0.tar.gz

Other release files: https://nodejs.org/dist/v15.11.0/

Documentation: https://nodejs.org/docs/v15.11.0/api/

SHASUMS

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

dbe6ab79a7fcff06e72d5a062c5850132d06ecc79bbda5049d33a0702483f906 node-v15.11.0-aix-ppc64.tar.gz
def5bea3d66e1ca4239d2c6cb22be9b841cd937f037f7b13976960c895ebf803 node-v15.11.0-darwin-x64.tar.gz
521b1fe91fc039a6be2aa4299ba9838a323fca2eeb9360a9fb060467c3609454 node-v15.11.0-darwin-x64.tar.xz
9d37f33ce9c19adc08336a707f2ef352694bfff19001b2c835b2bcc794f3dad0 node-v15.11.0-headers.tar.gz
dbde89dce1aecdaaa278df6df5d71aa84c3981e516d0881171a594c1a53924d3 node-v15.11.0-headers.tar.xz
bac8f957c35df2985ab10098d7ee494de28872ce8382df412ef745895f30f0d8 node-v15.11.0-linux-arm64.tar.gz
6f88a96fe56cc3fb8a5983adf77c6f3bcabd957c61f9bb909806791a88cce059 node-v15.11.0-linux-arm64.tar.xz
5afd0dd1bcbbca579ebbd15e0269c0f3a2070f25a4a91772a8544f04f10418fd node-v15.11.0-linux-armv7l.tar.gz
d5358ab1128819fd4e422489d86b797e29580ebfde70cd57d50b138c3170746a node-v15.11.0-linux-armv7l.tar.xz
0431af5015fc11b62b99a1e043ffadda1a765ac16e3b4267a3405635cd63c0a8 node-v15.11.0-linux-ppc64le.tar.gz
3770d55974da2fa2752ad0544f37ed40771b11097b3d1884000bfa858a26c755 node-v15.11.0-linux-ppc64le.tar.xz
b7fde7316347ccb718125cdb9cce305ab3b72d6df2eca6eba04f1087d198db51 node-v15.11.0-linux-s390x.tar.gz
aeeb11ca9631c63ebd95341fb601c484080fc622cbc84ed3079939b2cda27c98 node-v15.11.0-linux-s390x.tar.xz
74df02fbe07f280ffbd20db01cd876db2bfc3463c3620849d5b4c2b4a21216e8 node-v15.11.0-linux-x64.tar.gz
389de1384e20ca0e878de359c3b4afb1e0e8f1ca5a3cc5059177cf04d5ed43a5 node-v15.11.0-linux-x64.tar.xz
c5831187bcd8d336c71a5cb4765bd3725ba14d01844eb56f33b3566e6964fae6 node-v15.11.0.pkg
367aea2415df651bf23242e1b627071173f044ffd9f216d9ff69d3322a889bad node-v15.11.0.tar.gz
1a7091a210423970619b4af95dba6f4c6e2b576b9700460e5220afff24a8d2d1 node-v15.11.0.tar.xz
3c3dd5b380826fa9285aae2be1a55b56df1334da1b88175cb9964d4a6d9da1bd node-v15.11.0-win-x64.7z
57904b14bb30bc8931a09f4d5d131f5c755093b0608cdd7d30d1f03cc41e61b2 node-v15.11.0-win-x64.zip
ff8684b8b3d86e43c14ab171e747c474729e0de539280ef2355a93a39cd1f2f9 node-v15.11.0-win-x86.7z
e4bf3e877211ecec1bc6d26849b4317e5ce0c8b7787331b519e78847a988ae3b node-v15.11.0-win-x86.zip
5a792858e21a58050801d30885ca5c96dc908468ceb37783c219175ea67d923b node-v15.11.0-x64.msi
57e93fe0a0bc4b56b4a3b913c956f96db2afefc79553a4dc06488f44985c3ce2 node-v15.11.0-x86.msi
1bfa1c2660078a4620d320ebde339d183ecd725e38febecd873cbdfda4edcd6a win-x64/node.exe
0692711edaf626282aaeff0a28cce749488d03a5d1db6490c7bb19866ec4aedd win-x64/node.lib
4c9e4b326e142cbc8ea55d07f10b90e37e982a7bd44f4d4ad40b0d887fbdaded win-x64/node_pdb.7z
b1095c438bccc4495338c109b05be23bb8ebce771faebf21e41660b54b5d312d win-x64/node_pdb.zip
2cddc4bc386cadb033c7b717180255150a5c6688d75d47a3705f0407119ab8d3 win-x86/node.exe
f884d9353d2b848084edd4b5be8bf4a2b84a2ce2c45f22dc569ebbf59314f5d5 win-x86/node.lib
05c5b5c4ddacf0f50baf884695a6293dc63fa74b3ff1f19d474ab549f5536ecd win-x86/node_pdb.7z
d98fef2119452dc2307e3e353ab4284e49bb686ecd9c624a05919681aa6c71e5 win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEj8yhP+8dDC6RAI4Jdw96mlrhVgAFAmA/KB4ACgkQdw96mlrh
VgBoCA//ecXWCT6/7AuEN3nsG3l0r57ZOzDdGWfE6ACzZmsJBolcWcDDnJkgMhrV
2f583weOBBf0wNjPPLeplwLs5roeXi1jx2XrFfc4olleIKqM62QRACcL3hNnYjoT
jh6S892sPtIDADTj7VHF/cjNcJ4ygihNV6KZihPFM1xHrJQ2/dta/CiwZxEhEoAF
RCmNksMiZb7/09GTeQb6pk/uUkh1bw/FvhGtylLjPcXwECq0hCfDXNfhEbNaMtnD
JLIMdtQtwlI0xDP5B9vnPT/ErUYeFQcbX6Dhuh33tmLTcOm3TK1HlRU28h8CmPvu
8fEBAEWPh2nvuIWPXpwMrTxsvvdqeozfgTsgpGENKYizYHE/EiFyjQ5JKM9xPDKT
Pujcc6w9qIxFuuIZEU+sxEBduH8H9SqNu7Cpe9ozaKV0ISeCXl3Ad3xZ8/jvceVy
hfn7XZ6HNDD39h3RHhGfGovcqLbil91XG7/sJtWd6TF9FZd5IrNfjlkBNsH2A/Gt
5XUjA2Xzrn1aY/A4N3ZYmWPIaTOf3W3IT6B5brjKEyCSLIxNZrhMUFm6GTYx8J+M
YtcHyBmveb5tC7q8RWbwS1l0+/EV2NqvgRwYZMPTSNnqQIM2A4VbkXgyvkJjh9xF
mijQgrwnO0OucCRNCV7HGrJIgikHEDLdAkLR6MOQgQvzAI6GtU0=
=Vh03
-----END PGP SIGNATURE-----

Node v10.24.0(LTS)

주요 변경사항

다음 취약점이 수정되었습니다.

  • CVE-2021-22883: HTTP2 'unknownProtocol’이 리소스 소진으로 인해 서비스 거부를 일으킵니다
    • 'unknownProtocol’로 너무 많은 연결 시도가 이뤄질 때 영향받는 Node.js 버전은 서비스 거부 공격에
      취약합니다. 이를 통해 파일 디스크립터가 유출될 수 있습니다. 시스템에 파일 디스크립터 제한이 설정되어
      있다면 서버는 새로운 연결을 받을 수 없고 프로세스가 아무것도(예: 파일) 열지 못하도록 막을 것입니다.
      파일 디스크립터 제한을 설정하지 않았다면 과도한 메모리를 사용하게 되고 시스템에서
      메모리 부족이 발생할 것입니다.
  • CVE-2021-22884: --inspect의 DNS 리바인딩
    • 화이트리스트가 "localhost6"을 포함하고 있을 때 영향받는 Node.js 버전은 DNS 리바인딩 공격에
      취약합니다. "localhost6"가 /etc/hosts에 없으면 DNS를 통해(네트워크를 통해) 처리되는 평범한
      도메인일 뿐입니다. 공격자가 피해자의 DNS 서버를 제어하거나 응답을 속일 수 있으면 “localhost6”
      도메인을 사용해서 DNS 리바인딩 보호장치를 건너뛸 수 있습니다. 공격자가 “localhost6” 도메인을
      사용할 수 있으면 CVE-2018-7160에 나온 공격을 계속 사용할 수 있습니다.
  • CVE-2021-23840: OpenSSL - CipherUpdate의 정수 오버플로

Commits

Windows 32-bit Installer: https://nodejs.org/dist/v10.24.0/node-v10.24.0-x86.msi

Windows 64-bit Installer: https://nodejs.org/dist/v10.24.0/node-v10.24.0-x64.msi

Windows 32-bit Binary: https://nodejs.org/dist/v10.24.0/win-x86/node.exe

Windows 64-bit Binary: https://nodejs.org/dist/v10.24.0/win-x64/node.exe

macOS 64-bit Installer: https://nodejs.org/dist/v10.24.0/node-v10.24.0.pkg

macOS 64-bit Binary: https://nodejs.org/dist/v10.24.0/node-v10.24.0-darwin-x64.tar.gz

Linux 64-bit Binary: https://nodejs.org/dist/v10.24.0/node-v10.24.0-linux-x64.tar.xz

Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v10.24.0/node-v10.24.0-linux-ppc64le.tar.xz

Linux s390x 64-bit Binary: https://nodejs.org/dist/v10.24.0/node-v10.24.0-linux-s390x.tar.xz

AIX 64-bit Binary: https://nodejs.org/dist/v10.24.0/node-v10.24.0-aix-ppc64.tar.gz

SmartOS 64-bit Binary: https://nodejs.org/dist/v10.24.0/node-v10.24.0-sunos-x64.tar.xz

ARMv6 32-bit Binary: https://nodejs.org/dist/v10.24.0/node-v10.24.0-linux-armv6l.tar.xz

ARMv7 32-bit Binary: https://nodejs.org/dist/v10.24.0/node-v10.24.0-linux-armv7l.tar.xz

ARMv8 64-bit Binary: https://nodejs.org/dist/v10.24.0/node-v10.24.0-linux-arm64.tar.xz

Source Code: https://nodejs.org/dist/v10.24.0/node-v10.24.0.tar.gz

Other release files: https://nodejs.org/dist/v10.24.0/

Documentation: https://nodejs.org/docs/v10.24.0/api/

SHASUMS

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

59bdb393035c605627bf4ba64ad8edcc74f067043790c7edc545333cca8630c4 node-v10.24.0-aix-ppc64.tar.gz
265ccad26fdfdcd86d6571b0bf5f1815b55f6a4a9b367816ad0369790501f55e node-v10.24.0-darwin-x64.tar.gz
ba749262eb5599360cdfe5edf7516a98269defcb6d2de56a9bbfd95a76366a7d node-v10.24.0-darwin-x64.tar.xz
165ca4182bcfa952d2405e53f480525dfe62c3fd453a893bc34df6cbb8fc6740 node-v10.24.0-headers.tar.gz
c7afbb814018f2bed87e85b2aa71c864c961a3754b0733bcfd077fbb068cfd76 node-v10.24.0-headers.tar.xz
65e6255c6f95b6dcf87f13c21994bc80205b4bd7c7d9a3fe1f8f2a18daec576d node-v10.24.0-linux-arm64.tar.gz
41bbf035512a72d073e93440458ad6e48586853fc0a5b6396ded80a2d45cb49c node-v10.24.0-linux-arm64.tar.xz
5a5dcc02bfd0ddcbeb2ef68f116bb72e416149f15f12767864bde77edd7f39d1 node-v10.24.0-linux-armv6l.tar.gz
076d387b1e9345c675745a453f642b6819b07b21cf21d6824f33c8d508f71559 node-v10.24.0-linux-armv6l.tar.xz
02feb052d0e1eb77c9beea5cfe3b67b90d5209ab509797f4f6c892c75cc30fda node-v10.24.0-linux-armv7l.tar.gz
0b01cb43903bc2d06f0ea3bb6753da4c91fd9533f1bd74e8bd2ee55b470a9084 node-v10.24.0-linux-armv7l.tar.xz
227338ffe74d2c2a87bd1bd77f4c74d21d8027e8eff78eb8e7f686a470b83fbe node-v10.24.0-linux-ppc64le.tar.gz
1d5b9c5a6ffb7027bbf9cf608d919c280039cea1f1f0308324aca871d874fca7 node-v10.24.0-linux-ppc64le.tar.xz
5a4478e6602c6c6fb28bc01b5356215e714ef0d3917fb1ede487c9b93e88741e node-v10.24.0-linux-s390x.tar.gz
322d9faf2d724de4596cc021e5eb37553ceafc07fccd2f39afede8c56dde7432 node-v10.24.0-linux-s390x.tar.xz
d8d7ecb0667a9b86b7ce1994731f9c9d313b46f04de59f724259a6fda685617a node-v10.24.0-linux-x64.tar.gz
a937fb43225289ada54c6c3272a2ad18e1e33b8c7d6211c289d421b5051fdbd0 node-v10.24.0-linux-x64.tar.xz
347004459f040a83bf7f1cb663dd9ba846df8def8967a9572801484768b8a754 node-v10.24.0.pkg
c5233cea13d3ce560cda1cdda873c2054bd3b5621da466fb4965668ef4259b93 node-v10.24.0-sunos-x64.tar.gz
2b43e85f73a0dbc1ec0e64394c2607cbfe53045aaa11f3d9a65ceb4cc6ee8394 node-v10.24.0-sunos-x64.tar.xz
c8d0a56279be77a9033b5f89603c6c491060a661c607fbf82bbe931ca662996e node-v10.24.0.tar.gz
158273af66f891b2fca90aec7336c42f7574f467affad02c14e80ca163cb3acc node-v10.24.0.tar.xz
bf839f4d96e1cb105c271a1ccb7a728ff8ce7dfd34a260afaf02e349b00831d2 node-v10.24.0-win-x64.7z
abf0aa48f642aa9ef6cc0021d2fe0275a60feece603664a76c31a812adc710bb node-v10.24.0-win-x64.zip
7e0e4c6b43935ce194456bbf066bb72fad49427fa08bfd4e7fc9818b4f312d3c node-v10.24.0-win-x86.7z
6e32b8c513ba209ae7ac2058c106d0b83b4c14c3472d3f1ad956fd3462691799 node-v10.24.0-win-x86.zip
a2c5dd02e43715127248d8533d260a9d4359b9f2d6ba6958df65631b8bf627cf node-v10.24.0-x64.msi
afcfa989c331e92ed02aeb88b0865ac2264b7bc297685ea46de48d5a945d46c0 node-v10.24.0-x86.msi
58c529834cbc65363d07e1ee59bb577cc76f527a2b0db80d0784e9b6e3c7e6da win-x64/node.exe
7688ed23318d253aa98ee198f94983e4b563fab188e6fd9dd32955e77111096a win-x64/node.lib
2ae5424c759a3eb7aabfbb5d21ce8227f43d27150fbf6e1dd89173eeae9a4f8c win-x64/node_pdb.7z
7a68fa70295977484f1b1dcffa7d590c5b5f84b28d0ea51ffea734850307933a win-x64/node_pdb.zip
121c6d54aa31bb43a042e7cdedf0bdc916c39895f0f46c34cac76c3990895381 win-x86/node.exe
de1f3445597cbbee2e5eac435651f5dcab049a2d8bd3636877ab5803a87e269e win-x86/node.lib
2e218cafa528cd3a35dd58ba621b3f182498db7f235c072f14d1426043cf2eb8 win-x86/node_pdb.7z
2e4d6d1c72a90bdff03412d525b764a445edc108cd0503c4baf7da708b081a6e win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEyC+jrhy+3Gvka5NgxDzsRcF6uTwFAmA0+7cACgkQxDzsRcF6
uTwCexAAhTRwBOfMu0XzBPBa+NdpJSDjbYtyI2BNcR8NWMnL18H2pQCbPL2zrm1T
a9kUiNgEuRElMjrxGTyUrx9sNkLPgJDnVeKTXGmwvYk6l3NwbKXW69qn2P/GUAdt
Y9/EnZUWY8s5gyPg4+OtQ5BwgGKrqW/Xsf3rUGFvqvoWqVeUTrQsZVCRrZWdm9oZ
pZyZaLWFCYH08PIq2Q3eYjpfu2Uv7HqWFVIM2NtFI6snZmVmnjUIsr8P1leJQVmM
CZ1Pb9O7+m4jgPGOqWXoJl7bjNrk5jn6o7kZK4AaavR8oMVkRNDikI3VlKBXytMg
lJYapT0a9ELYCVqXhCCar/zNhZDLwJd6b/rYIbP9SKqE9Zcxv2iABR1S3GZwjfEC
dPqTO2blff0CBEU/PsCZxdnSDXPHn3JCwtsuXl4tkyXsH4jd7ob0ur03P7mKfwOR
eZH4wIMPj/KVRKbcT/ts22WzaI21BI06/3MRj4i54fMsloZYCP1+99iovKSqnXrG
iOfse5AjBVWCVsfiJcQfDfDSnL2jl1OF8ii1ZR+gEE2ZczLeCDKszwpBM+66oIqT
cyz3elK64mKc95q9e/eZo9WNwokUsVY6uhqAN08Z1rBnF4ffYGN0YLzOy3/tgHv0
oUt/5184eDsTucMAdC8TbjF1XjFTx2aIc2y1e4ZzJF9GtUQ2FEE=
=V+LP
-----END PGP SIGNATURE-----

Node v12.21.0(LTS)

주요 변경사항

다음 취약점이 수정되었습니다.

  • CVE-2021-22883: HTTP2 'unknownProtocol’이 리소스 소진으로 인해 서비스 거부를 일으킵니다
    • 'unknownProtocol’로 너무 많은 연결 시도가 이뤄질 때 영향받는 Node.js 버전은 서비스 거부 공격에
      취약합니다. 이를 통해 파일 디스크립터가 유출될 수 있습니다. 시스템에 파일 디스크립터 제한이 설정되어
      있다면 서버는 새로운 연결을 받을 수 없고 프로세스가 아무것도(예: 파일) 열지 못하도록 막을 것입니다.
      파일 디스크립터 제한을 설정하지 않았다면 과도한 메모리를 사용하게 되고 시스템에서
      메모리 부족이 발생할 것입니다.
  • CVE-2021-22884: --inspect의 DNS 리바인딩
    • 화이트리스트가 "localhost6"을 포함하고 있을 때 영향받는 Node.js 버전은 DNS 리바인딩 공격에
      취약합니다. "localhost6"가 /etc/hosts에 없으면 DNS를 통해(네트워크를 통해) 처리되는 평범한
      도메인일 뿐입니다. 공격자가 피해자의 DNS 서버를 제어하거나 응답을 속일 수 있으면 “localhost6”
      도메인을 사용해서 DNS 리바인딩 보호장치를 건너뛸 수 있습니다. 공격자가 “localhost6” 도메인을
      사용할 수 있으면 CVE-2018-7160에 나온 공격을 계속 사용할 수 있습니다.
  • CVE-2021-23840: OpenSSL - CipherUpdate의 정수 오버플로

Commits

Windows 32-bit Installer: https://nodejs.org/dist/v12.21.0/node-v12.21.0-x86.msi

Windows 64-bit Installer: https://nodejs.org/dist/v12.21.0/node-v12.21.0-x64.msi

Windows 32-bit Binary: https://nodejs.org/dist/v12.21.0/win-x86/node.exe

Windows 64-bit Binary: https://nodejs.org/dist/v12.21.0/win-x64/node.exe

macOS 64-bit Installer: https://nodejs.org/dist/v12.21.0/node-v12.21.0.pkg

macOS 64-bit Binary: https://nodejs.org/dist/v12.21.0/node-v12.21.0-darwin-x64.tar.gz

Linux 64-bit Binary: https://nodejs.org/dist/v12.21.0/node-v12.21.0-linux-x64.tar.xz

Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v12.21.0/node-v12.21.0-linux-ppc64le.tar.xz

Linux s390x 64-bit Binary: https://nodejs.org/dist/v12.21.0/node-v12.21.0-linux-s390x.tar.xz

AIX 64-bit Binary: https://nodejs.org/dist/v12.21.0/node-v12.21.0-aix-ppc64.tar.gz

SmartOS 64-bit Binary: https://nodejs.org/dist/v12.21.0/node-v12.21.0-sunos-x64.tar.xz

ARMv7 32-bit Binary: https://nodejs.org/dist/v12.21.0/node-v12.21.0-linux-armv7l.tar.xz

ARMv8 64-bit Binary: https://nodejs.org/dist/v12.21.0/node-v12.21.0-linux-arm64.tar.xz

Source Code: https://nodejs.org/dist/v12.21.0/node-v12.21.0.tar.gz

Other release files: https://nodejs.org/dist/v12.21.0/

Documentation: https://nodejs.org/docs/v12.21.0/api/

SHASUMS

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

10a487471ebd720f0d643c9e8e919db580baf852b812788f00db736d2e634d77 node-v12.21.0-aix-ppc64.tar.gz
4d0b5d07d41a16909fdeb41c3158c27bcdccf16231cccf76d5eb6835e2076e90 node-v12.21.0-darwin-x64.tar.gz
4184cc5412cdf256996aa7f559859abc355b48f03144349cf8531b6bf0526f49 node-v12.21.0-darwin-x64.tar.xz
f708e19706d1c486b80ee2420cb8ef5d25c0958bf05f7c880519f97b8bf6d46d node-v12.21.0-headers.tar.gz
5a59cb03e24e7a23f3e9ba236627604f14c9296c461034fc6126beeacb1befa9 node-v12.21.0-headers.tar.xz
5748bfc5bbf7d9c1c8e79bd4f71d8f049c7fc7bc5b52e04685633319843c4f93 node-v12.21.0-linux-arm64.tar.gz
66fcb5a975fbc2dec449fab5eedd947b92cc2a4ad02085be5c3277896abab252 node-v12.21.0-linux-arm64.tar.xz
6edc31a210e47eb72b0a2a150f7fe604539c1b2a45e8c81d378ac9315053a54f node-v12.21.0-linux-armv7l.tar.gz
00c0a0ac0841e3ca3eefd561b54ec5e32978255489d64f4077410660d3bee1a6 node-v12.21.0-linux-armv7l.tar.xz
6fea17dc8bc059692dce1a149b2eb49c837f8b8569ba1c5b9a51a955b9df22f3 node-v12.21.0-linux-ppc64le.tar.gz
19cb55de1337b1beb7a8a7241f624b70ddc39687f9f1aabc0a524f2cdee8bce7 node-v12.21.0-linux-ppc64le.tar.xz
e521bc915c0568995f3083bf069ef41a930585a35f4cac50e17208be125c865d node-v12.21.0-linux-s390x.tar.gz
038872f0ac5d061c1f299383a7faf9abc1c2c82314e08b2c548a0e5baf99c29f node-v12.21.0-linux-s390x.tar.xz
ab121de3c472d76ec425480b0594e43109ee607bd57c3d5314bdb65fa816bf1c node-v12.21.0-linux-x64.tar.gz
eb89c02153cfa25e40170e5e9b0ab43ad55d456af8b72ad2a8c2a42b7a647432 node-v12.21.0-linux-x64.tar.xz
30d8bee18a5f874104997a0383abe9c8bc983971c1cb0d7be7b49ef957e3b196 node-v12.21.0.pkg
d44d09355caea12f280f2854c2f6e933446b49b65e926bcb5e50bd0ab2b17d73 node-v12.21.0-sunos-x64.tar.gz
08b76d199feb0f2c76742c192ee6040f61d6f551ca6bbc1618bd2e387699e27a node-v12.21.0-sunos-x64.tar.xz
36e862555bebc04b13f7afebf4472c4dd7ebf4c891f9d6746ec545a4f099d05e node-v12.21.0.tar.gz
052f37ace6f569b513b5a1154b2a45d3c4d8b07d7d7c807b79f1566db61e979d node-v12.21.0.tar.xz
3d635d2cc254a3d203182d2051b57ad3e2000afecc3cb8da0128ae1bf610b040 node-v12.21.0-win-x64.7z
d8ae037fb8be60e74fb96124e341fdf1251eae0d5d88d7d86f056d4b0c9440f3 node-v12.21.0-win-x64.zip
892429ab069d325622040dc81f35c8903c9271dd2abcf21a50cc0eb260356426 node-v12.21.0-win-x86.7z
1e966131d9d65107d8ca1dbdaa997533a6f7375af4b9dbc2d38d786d37b271b5 node-v12.21.0-win-x86.zip
aa644a95369423095d274e3f7a4ee4826021c7b54c1b267de0c855578d9599db node-v12.21.0-x64.msi
221d142409fd750c2eb7fc829e597b3a28f16622e64dd05f27bf62e17503cbb3 node-v12.21.0-x86.msi
dfc0a5056def827b5e16a9dcf0c8bad65e09fa327de03839116fc32f802d427d win-x64/node.exe
2662b79e36ee678661554d290a3b8277c4c92cc74dffcda37a9f8f8e83287c73 win-x64/node.lib
6132bece56ab20f45388b83c16e8fadc2c1fa84ab2c7bcbccd2e729c08e99e9d win-x64/node_pdb.7z
bd49185210e0a32410f42c3cc0c5dca12c9423a7a8e8db653557b0e2157cee2d win-x64/node_pdb.zip
68f086de221ee2e0bd40968400181cb9bd4b0ca38f6370a5665b5fac0fd85f20 win-x86/node.exe
794dd4c597af2483d162426a37c99746d319aaa358219ace7bb179140f16d5f2 win-x86/node.lib
4f42fb8127392963c5144c24d5655cbd01cfb17b0a6337e4e8d9289498c28e8b win-x86/node_pdb.7z
ba116759b56690967d41fc27101a4e5659a2f8fd853e9010a3b1407575423325 win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEyC+jrhy+3Gvka5NgxDzsRcF6uTwFAmA0+9oACgkQxDzsRcF6
uTzz0w//WLPLC2aIyxwP2Gp733ZcdmKOD7Fjip1woPEWA9FQe49+uJMBdFrVuyM3
cdXehkqtCL/hVehSbQzMyWAnQraz5k631hXx1yjPIXHVd/kM/8Mo9m5eVUSXNn8o
yRAmWINI0RffbxlKcnslcyRE92Lq8QCJs4+/LB6VmHEv7jF/T34Gy493pMiwNBBU
kNQvslUJUcxrY546/45urOSsLraWDY6xOsNIBOQONUNX5GSLS7PZdKyUsjb8v46o
W0r0tnPrn5aT8HIVluSjxZi2MUChQYI63ytNfym7+NRa1sV8slaSiEH9h5UzOAIr
tAwY/Jm11Zx8M2VNNlkSMlA2U9LEcPjpZBsT5yofrHfMk+Om19J5JPlNMlOaOtSZ
O35VnT9xwvF3F9XQh9n2URm/d9WPCcnSg9Vum5AqjnCFuzfLpXBFaHqe67GkudGr
pQ39r40pnLLZ04vYiNDnfCyF7Jpkq39HCEMdLUVYtq5uztXfGE7vsK/VkNemr3Rs
nKGDAWQ4orV6BEivlPG41J+ed8k/FT2h/SIvGimVL6F2X5KXaQ11YMBujKQCXhc2
1xCsREXu/gNj1Khfg3bGhiLU39VQglaP3dudJ/JohbhAbK3r/hoI8dS/DZXMbsT+
r8Ku1F4q3TVyqkYpCskN88igVFhj4gZ4A/oOcZItEOka8+aAWmY=
=GYm4
-----END PGP SIGNATURE-----

Node v14.16.0(LTS)

주요 변경사항

다음 취약점이 수정되었습니다.

  • CVE-2021-22883: HTTP2 'unknownProtocol’이 리소스 소진으로 인해 서비스 거부를 일으킵니다
    • 'unknownProtocol’로 너무 많은 연결 시도가 이뤄질 때 영향받는 Node.js 버전은 서비스 거부 공격에
      취약합니다. 이를 통해 파일 디스크립터가 유출될 수 있습니다. 시스템에 파일 디스크립터 제한이 설정되어
      있다면 서버는 새로운 연결을 받을 수 없고 프로세스가 아무것도(예: 파일) 열지 못하도록 막을 것입니다.
      파일 디스크립터 제한을 설정하지 않았다면 과도한 메모리를 사용하게 되고 시스템에서
      메모리 부족이 발생할 것입니다.
  • CVE-2021-22884: --inspect의 DNS 리바인딩
    • 화이트리스트가 "localhost6"을 포함하고 있을 때 영향받는 Node.js 버전은 DNS 리바인딩 공격에
      취약합니다. "localhost6"가 /etc/hosts에 없으면 DNS를 통해(네트워크를 통해) 처리되는 평범한
      도메인일 뿐입니다. 공격자가 피해자의 DNS 서버를 제어하거나 응답을 속일 수 있으면 “localhost6”
      도메인을 사용해서 DNS 리바인딩 보호장치를 건너뛸 수 있습니다. 공격자가 “localhost6” 도메인을
      사용할 수 있으면 CVE-2018-7160에 나온 공격을 계속 사용할 수 있습니다.
  • CVE-2021-23840: OpenSSL - CipherUpdate의 정수 오버플로

Commits

Windows 32-bit Installer: https://nodejs.org/dist/v14.16.0/node-v14.16.0-x86.msi

Windows 64-bit Installer: https://nodejs.org/dist/v14.16.0/node-v14.16.0-x64.msi

Windows 32-bit Binary: https://nodejs.org/dist/v14.16.0/win-x86/node.exe

Windows 64-bit Binary: https://nodejs.org/dist/v14.16.0/win-x64/node.exe

macOS 64-bit Installer: https://nodejs.org/dist/v14.16.0/node-v14.16.0.pkg

macOS 64-bit Binary: https://nodejs.org/dist/v14.16.0/node-v14.16.0-darwin-x64.tar.gz

Linux 64-bit Binary: https://nodejs.org/dist/v14.16.0/node-v14.16.0-linux-x64.tar.xz

Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v14.16.0/node-v14.16.0-linux-ppc64le.tar.xz

Linux s390x 64-bit Binary: https://nodejs.org/dist/v14.16.0/node-v14.16.0-linux-s390x.tar.xz

AIX 64-bit Binary: https://nodejs.org/dist/v14.16.0/node-v14.16.0-aix-ppc64.tar.gz

ARMv7 32-bit Binary: https://nodejs.org/dist/v14.16.0/node-v14.16.0-linux-armv7l.tar.xz

ARMv8 64-bit Binary: https://nodejs.org/dist/v14.16.0/node-v14.16.0-linux-arm64.tar.xz

Source Code: https://nodejs.org/dist/v14.16.0/node-v14.16.0.tar.gz

Other release files: https://nodejs.org/dist/v14.16.0/

Documentation: https://nodejs.org/docs/v14.16.0/api/

SHASUMS

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

086c8b4aa726c3b197765c9f66e05b25f8e811853d0686dfbf380299b4bf5869 node-v14.16.0-aix-ppc64.tar.gz
14ec767e376d1e2e668f997065926c5c0086ec46516d1d45918af8ae05bd4583 node-v14.16.0-darwin-x64.tar.gz
e20317c315198b3a6eaefbcf60b76082558d63be264736d56ecc7f5b0dabe60b node-v14.16.0-darwin-x64.tar.xz
4b44b92903a61c29af20550f9d25bfc3029657df6b5f0a12072a70360f7eedee node-v14.16.0-headers.tar.gz
e0704d9f5accdb876dd45be1b2ade2176219893b8a5df863130f3d9a11e69702 node-v14.16.0-headers.tar.xz
2b78771550f8a3e6e990d8e60e9ade82c7a9e2738b6222e92198bcd5ea857ea6 node-v14.16.0-linux-arm64.tar.gz
440489a08bfd020e814c9e65017f58d692299ac3f150c8e78d01abb1104c878a node-v14.16.0-linux-arm64.tar.xz
a64860a02e4b692d262d453952cae99a3c9842d3fc90336b54ca03e990c780b8 node-v14.16.0-linux-armv7l.tar.gz
5d28ac28088c9a8c679285ed09df979125982941eec2c7cb465eee9a3b0be3c0 node-v14.16.0-linux-armv7l.tar.xz
2339b4b1a8db39348cb1877b0cfdee3b2ef2b730f461ef7263610cbaaea5232a node-v14.16.0-linux-ppc64le.tar.gz
47a3768924a1f09ab8f9f50d0c73503e7bf9bb5a2bee58acf91e1e02d412ec78 node-v14.16.0-linux-ppc64le.tar.xz
485d6f38270de0763d9132b78fc88cefc8312a71f53587c874a2c09e58396057 node-v14.16.0-linux-s390x.tar.gz
335348e46f45284b6356416ef58f85602d2dee99094588b65900f6c8839df77e node-v14.16.0-linux-s390x.tar.xz
7212031d7468718d7c8f5e1766380daaabe09d54611675338e7a88a97c3e31b6 node-v14.16.0-linux-x64.tar.gz
2e079cf638766fedd720d30ec8ffef5d6ceada4e8b441fc2a093cb9a865f4087 node-v14.16.0-linux-x64.tar.xz
8f8f6f7b6db7c518be52878a3a58d48bcd575446a9c6ce75a60cdb6cfe1a3dd0 node-v14.16.0.pkg
f6b904b06951de4c52089dd4456155d853e835b0dc4640f75458c6eb49f9e8ce node-v14.16.0.tar.gz
4e7648a617f79b459d583f7dbdd31fbbac5b846d41598f3b54331a5b6115dfa6 node-v14.16.0.tar.xz
67f352be37b1b0c00ff7531e6b2a93b0021e5f06743f16394b9dbd6fc47a7fe9 node-v14.16.0-win-x64.7z
716045c2f16ea10ca97bd04cf2e5ef865f9c4d6d677a9bc25e2ea522b594af4f node-v14.16.0-win-x64.zip
0f862027290301918db84dd705024a9b623a08f2ad86dfb3829c32c9c050e25c node-v14.16.0-win-x86.7z
9699067581e0d333b13158d4ebb27b6357444564548aaa220d821cdc6d840bd2 node-v14.16.0-win-x86.zip
d9243c9d02f5e4801b8b3ab848f45ce0da2882b5fff448191548ca49af434066 node-v14.16.0-x64.msi
61d549ed39fc264df9978f824042f3f4cac90a866e933c5088384d5dedf283fe node-v14.16.0-x86.msi
5c10d99cc7229fd8092585f7a5e15771d62dc84b9edeb0c2140a2d187b305506 win-x64/node.exe
3f67805bbcfea13e9acc892f4590cacc5eb2514ac817d003f5327c07a2385a0d win-x64/node.lib
fe3cab4ca83172f495b83710731224e01cd936c2d823a53480bed1113fa704f8 win-x64/node_pdb.7z
099ed74db3ceb4e47816bd1a9d792a4ab465ba60ec945b65e95e24b7049f76e0 win-x64/node_pdb.zip
c7b723504b5ee487785a12989026db061f5ee1fb120826fcc1afcbec5fc5d1d5 win-x86/node.exe
dfe06cfa2c95a49a92bfebc8f68ec1216b951c9363cfc8b36fbc80fc1588fb15 win-x86/node.lib
235bc5ec83e9dfd328dbca9c71f2f036f9bb13d2378c3869ced7a1edc5ff63a1 win-x86/node_pdb.7z
58a50e0a495189c054c96e76d2f9a6c8f45d6880852db3404eaca99a133c91a4 win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEETtd49TnjY0x3nIfG1wYoSKGrAFwFAmA0/HgACgkQ1wYoSKGr
AFxqNQgArjEJi6JfqFHsMDkKp75ZHZY7X+1VjbwaPZd7r1dY4gbe/ZqHdXEzVHEB
Y1Pbqrkng8zOzHDWqxGhjuOYCwjcKynLAKcfKqCpZ/reqQzf2lmdB2zM8clqG++r
rWT9auJz4JtxC5cSQ48rEjju2aQpwSARlrZepr99k8QoRWL8lZhp8t/ccYwWMunN
oE8v/4wR1WX23GnQmAze9I7ABYmxClFmDSUG85ml4VAI7+G0bLiH72gCe6sJR2Ms
e5gS5XqbRvth4oUH4f/IRRoS0BOl5oXY74Qg2d23qMG6WKBu6Gu/phcFWpSuiMnV
BHFfl4y/8zRNLHPD00KwOp4qucMLvA==
=XRSJ
-----END PGP SIGNATURE-----

Node v15.10.0(현재 버전)

주요 변경사항

다음 취약점이 수정되었습니다.

  • CVE-2021-22883: HTTP2 'unknownProtocol’이 리소스 소진으로 인해 서비스 거부를 일으킵니다
    • 'unknownProtocol’로 너무 많은 연결 시도가 이뤄질 때 영향받는 Node.js 버전은 서비스 거부 공격에
      취약합니다. 이를 통해 파일 디스크립터가 유출될 수 있습니다. 시스템에 파일 디스크립터 제한이 설정되어
      있다면 서버는 새로운 연결을 받을 수 없고 프로세스가 아무것도(예: 파일) 열지 못하도록 막을 것입니다.
      파일 디스크립터 제한을 설정하지 않았다면 과도한 메모리를 사용하게 되고 시스템에서
      메모리 부족이 발생할 것입니다.
  • CVE-2021-22884: --inspect의 DNS 리바인딩
    • 화이트리스트가 "localhost6"을 포함하고 있을 때 영향받는 Node.js 버전은 DNS 리바인딩 공격에
      취약합니다. "localhost6"가 /etc/hosts에 없으면 DNS를 통해(네트워크를 통해) 처리되는 평범한
      도메인일 뿐입니다. 공격자가 피해자의 DNS 서버를 제어하거나 응답을 속일 수 있으면 “localhost6”
      도메인을 사용해서 DNS 리바인딩 보호장치를 건너뛸 수 있습니다. 공격자가 “localhost6” 도메인을
      사용할 수 있으면 CVE-2018-7160에 나온 공격을 계속 사용할 수 있습니다.
  • CVE-2021-23840: OpenSSL - CipherUpdate의 정수 오버플로

Commits

Windows 32-bit Installer: https://nodejs.org/dist/v15.10.0/node-v15.10.0-x86.msi

Windows 64-bit Installer: https://nodejs.org/dist/v15.10.0/node-v15.10.0-x64.msi

Windows 32-bit Binary: https://nodejs.org/dist/v15.10.0/win-x86/node.exe

Windows 64-bit Binary: https://nodejs.org/dist/v15.10.0/win-x64/node.exe

macOS 64-bit Installer: https://nodejs.org/dist/v15.10.0/node-v15.10.0.pkg

macOS 64-bit Binary: https://nodejs.org/dist/v15.10.0/node-v15.10.0-darwin-x64.tar.gz

Linux 64-bit Binary: https://nodejs.org/dist/v15.10.0/node-v15.10.0-linux-x64.tar.xz

Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v15.10.0/node-v15.10.0-linux-ppc64le.tar.xz

Linux s390x 64-bit Binary: https://nodejs.org/dist/v15.10.0/node-v15.10.0-linux-s390x.tar.xz

AIX 64-bit Binary: https://nodejs.org/dist/v15.10.0/node-v15.10.0-aix-ppc64.tar.gz

ARMv7 32-bit Binary: https://nodejs.org/dist/v15.10.0/node-v15.10.0-linux-armv7l.tar.xz

ARMv8 64-bit Binary: https://nodejs.org/dist/v15.10.0/node-v15.10.0-linux-arm64.tar.xz

Source Code: https://nodejs.org/dist/v15.10.0/node-v15.10.0.tar.gz

Other release files: https://nodejs.org/dist/v15.10.0/

Documentation: https://nodejs.org/docs/v15.10.0/api/

SHASUMS

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

351ef617dea3ec93819ebb92435b82febaa1de393bdb442dcc129ac76a03014c node-v15.10.0-aix-ppc64.tar.gz
45ccf8dc5ac539a4f965313593510970a992e5f5dcf8cfacaebec0f99fd546be node-v15.10.0-darwin-x64.tar.gz
60678b3995712ed96928c9bcce86d6847035d7853417b9862e8b2f7bd888aa7e node-v15.10.0-darwin-x64.tar.xz
5ee67c683f7d5d060829aece2ec04609de9d500f5b6f56f584c0f1707650c9da node-v15.10.0-headers.tar.gz
b8cb4c1f8cdfb19c3ecffa01a1a23754ae2075a19dfac3c33ababe9f3e5c9ad0 node-v15.10.0-headers.tar.xz
a9f8c807ec31ed24fe6e0b2d002ce2d1b9f20b7e23a0efe10679331a44b30dba node-v15.10.0-linux-arm64.tar.gz
d3af39fb8d7bfc22c711aed4120a3fc4419cd70b3d2016b18c6a709fa0f0e845 node-v15.10.0-linux-arm64.tar.xz
ca27a48dd9233b00c49b37a07751395657d4e454ebfa5066a6371e5f6c9969cf node-v15.10.0-linux-armv7l.tar.gz
200ca8de7f7d575dcf9221a40fe8754be40759b97f254d55b1f4679f368d5eee node-v15.10.0-linux-armv7l.tar.xz
49977dac42124295bedff31b8409f2990b586aa673f439ed5e9636ac1485a08d node-v15.10.0-linux-ppc64le.tar.gz
7a54dc554686d7fe7c45db57068a03c69dfd64afd7994873b77c1c7bc978db8a node-v15.10.0-linux-ppc64le.tar.xz
078a8c2207f92040e0decdcfde0cd368973208876f01ff7d03de6bd0d5f09090 node-v15.10.0-linux-s390x.tar.gz
c2c8375d491e9f7c39e297587bcf99fe6be70ae38aaa9c1757405a5818fe5c73 node-v15.10.0-linux-s390x.tar.xz
31554d9b2de47948a364a007031c635d3943c303e50703b5f4c41a5eead07737 node-v15.10.0-linux-x64.tar.gz
a56793179965235e7c4f911f2cec08dd3f31dc1e09d68eddbb397107042a43fc node-v15.10.0-linux-x64.tar.xz
aa188140cdc1f96a719bcc88904a37fdcd0745ed8344de9866a4e6869cc45466 node-v15.10.0.pkg
643f9bbd6ae4c424224c946cad52d11b9379aaab927673b2e3c6c4df9a1a7b0e node-v15.10.0.tar.gz
7748d8f15eabb5543f26fec8ca08e755044512fab1f6bd98d5ba403f276deec4 node-v15.10.0.tar.xz
1e346ced805d316f9d288a2165e9273ed3e75d18bf02b55cda890af25e90919b node-v15.10.0-win-x64.7z
2bf72da4e5ddc485599f2eca54ab7c59001d70baec7ff2bb050d9f4ed1b066a6 node-v15.10.0-win-x64.zip
3509ce1b7d26116e955c39eae2f60e2132b0b7db423283cac19ef643d682efc6 node-v15.10.0-win-x86.7z
aba943732f371eda2341a62de84c459b376b755917ea92ae587afcc4bfbbaf5d node-v15.10.0-win-x86.zip
999ca54fb0b329dca36eb01975d6f4a2b3120707d078c594019e88cdda8f0a85 node-v15.10.0-x64.msi
ed40690ceee7339554f0d592453f864235e1e241a85f0e53d7e39a2c73554ab3 node-v15.10.0-x86.msi
a0db7bf0565841e88b85979efb9a640a702dd8ded3b5915342635b190b1413ca win-x64/node.exe
0692711edaf626282aaeff0a28cce749488d03a5d1db6490c7bb19866ec4aedd win-x64/node.lib
456373f6ed6145be5b01ce588590ec927c7c05f025704082a4986dc2eb4b25a6 win-x64/node_pdb.7z
b6de50aebb75696fca501a5bbf1914c7a01ebd929d2dc49707621410b8017276 win-x64/node_pdb.zip
5c0095f58e0d4e0bdb0598b5db5a5c4c31ba1cf090994fbd415ab4dc273506f6 win-x86/node.exe
6cec3adfe0cbf4f894d89fafe857fbda9dba14b61586d6abf145b3dd7775dad3 win-x86/node.lib
1ff43f5c0c77951cdfe21bb49973e800c8fdee6ea7565d6054bd2775a024ec47 win-x86/node_pdb.7z
59bb4f60277962be395513fa597126a44ce7264674a94ada6d32c0d2b6477f22 win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEETtd49TnjY0x3nIfG1wYoSKGrAFwFAmA0/JQACgkQ1wYoSKGr
AFzJvggAn5bMlAIhNEZUTZHEX9KiBMiSozCY+E+sZHFCuUwW5wCP2C1eZ6ImNcTi
QAjQEtHk2Pa2weHY2+TI0PZ+BNvXCYcgdTI5jsuhNEoIAvcNRKjdJzEWSwbMZfPv
LHbaGl4SyvNlAweDDsE7lskI1DpyS3p6h/X2+NmUZjcqceMVUPD2/udymIZHwW3P
/8hgntl3N19Qu18VXm1cUDR5VlCuDFrcC1Y/1Lt9Ju++08VV6zWxKz+asrUleQ3S
sPPHOmLVlJlh8tRCY0gGaGzbwhTT0/6fODPlBZzvGQUxUJaSXsQDnY8fcU6D84CX
btojDN2Lobjy1SINcPNh8/Pav0h8AQ==
=22VP
-----END PGP SIGNATURE-----

2021년 2월 보안 릴리스

(2021년 2월 23일 업데이트) 보안 릴리스를 사용할 수 있습니다.

다음 이슈에 대해 v10.x, v12.x, v14.x, v15.x 버전의 Node.js 릴리스 라인의 업데이트를 이용할 수 있습니다.

HTTP2 'unknownProtocol’이 리소스 소진으로 인해 서비스 거부를 일으킵니다 (심각) (CVE-2021-22883)

'unknownProtocol’로 너무 많은 연결 시도가 이뤄질 때 영향받는 Node.js 버전은 서비스 거부 공격에
취약합니다. 이를 통해 파일 디스크립터가 유출될 수 있습니다. 시스템에 파일 디스크립터 제한이 설정되어
있다면 서버는 새로운 연결을 받을 수 없고 프로세스가 아무것도(예: 파일) 열지 못하도록 막을 것입니다.
파일 디스크립터 제한을 설정하지 않았다면 과도한 메모리 사용을 유발해 시스템
메모리 부족의 원인이 될 수 있습니다.

영향받는 버전:

  • 15.x, 14.x, 12.x, 10.x 릴리스 라인의 모든 버전

이 취약점을 보고해 준 OMICRON 일렉트로닉스에게 감사드립니다.

–inspect의 DNS 리바인딩 (CVE-2021-22884)

화이트리스트가 "localhost6"을 포함하고 있을 때 영향받는 Node.js 버전은 DNS 리바인딩 공격에
취약합니다. "localhost6"가 /etc/hosts에 없으면 DNS를 통해(네트워크를 통해) 처리되는 평범한
도메인일 뿐입니다. 공격자가 피해자의 DNS 서버를 제어하거나 응답을 속일 수 있으면 “localhost6”
도메인을 사용해서 DNS 리바인딩 보호장치를 건너뛸 수 있습니다. 공격자가 “localhost6” 도메인을
사용할 수 있으면 CVE-2018-7160에 나온 공격을 계속 사용할 수 있습니다.

영향받는 버전:

  • 15.x, 14.x, 12.x, 10.x 릴리스 라인의 모든 버전

이 취약점을 보고해 준 Vít Šesták에게 감사드립니다.

OpenSSL - CipherUpdate의 정수 오버플로 (CVE-2021-23840)

이는 Node.js에서 이용될 수 있는 OpenSSL의 취약점입니다.
자세한 내용은 https://www.openssl.org/news/secadv/20210216.txt에서 볼 수 있습니다.

영향받는 버전:

  • 15.x, 14.x, 12.x, 10.x 릴리스 라인의 모든 버전

다운로드와 릴리스 세부 사항