articles

Node v4.3.0(LTS)

중요한 보안 릴리스입니다. 패치된 취약점에 관한 자세한 사항은 https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/ 문서를 참고하세요.

주요 변경 사항

  • http: 요청과 응답의 HTTP 헤더를 파싱할 때 요청 스머글링(smuggling)을 허용하거나(CVE-2016-2086) 응답 스플리팅(splitting)을 허용할 수 있는(CVE-2016-2216) 취약점이 수정됐습니다.
    이제 HTTP 헤더 파싱은 수용하는 문자를 제한하는 등 HTTP 스펙에 더 근접하게 조정되었습니다.
  • http-parser: 2.5.0 버전에서 2.5.1 버전으로 업그레이드 했습니다.
  • openssl: 1.0.2e 버전에서 1.0.2f 버전으로 업그레이드 했습니다.
    로그잼(Logjam) 공격을 방지하기 위해 TLS 클라이언트는 이제 파라미터가 1024비트보다 짧은 디피-헬만(Diffie-Hellman) 핸드셰이크를 거부합니다.
    이전에는 768비트까지 허용했습니다.
  • src:
    • 특정 CVE 수정 사항을 선택적으로 되돌리는 --security-revert={cvenum} 명령행 플래그를 새롭게 도입했습니다.
    • --security-revert=CVE-2016-2216를 사용하면 CVE-2016-2216에 대한 수정 사항만 선택적으로 되돌릴 수 있습니다.

Commits

  • [d94f864abd] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) #1836
  • [136295e202] - deps: upgrade openssl sources to 1.0.2f (Myles Borins) #4961
  • [0eae95eae3] - (SEMVER-MINOR) deps: update http-parser to version 2.5.1 (James M Snell)
  • [cf2b714b02] - (SEMVER-MINOR) http: strictly forbid invalid characters from headers (James M Snell)
  • [49ae2e0334] - src: avoid compiler warning in node_revert.cc (James M Snell)
  • [da3750f981] - (SEMVER-MAJOR) src: add --security-revert command line flag (James M Snell)

Windows 32-bit Installer: https://nodejs.org/dist/v4.3.0/node-v4.3.0-x86.msi

Windows 64-bit Installer: https://nodejs.org/dist/v4.3.0/node-v4.3.0-x64.msi

Windows 32-bit Binary: https://nodejs.org/dist/v4.3.0/win-x86/node.exe

Windows 64-bit Binary: https://nodejs.org/dist/v4.3.0/win-x64/node.exe

Mac OS X 64-bit Installer: https://nodejs.org/dist/v4.3.0/node-v4.3.0.pkg

Mac OS X 64-bit Binary: https://nodejs.org/dist/v4.3.0/node-v4.3.0-darwin-x64.tar.gz

Linux 32-bit Binary: https://nodejs.org/dist/v4.3.0/node-v4.3.0-linux-x86.tar.gz

Linux 64-bit Binary: https://nodejs.org/dist/v4.3.0/node-v4.3.0-linux-x64.tar.gz

SunOS 32-bit Binary: https://nodejs.org/dist/v4.3.0/node-v4.3.0-sunos-x86.tar.gz

SunOS 64-bit Binary: https://nodejs.org/dist/v4.3.0/node-v4.3.0-sunos-x64.tar.gz

ARMv6 32-bit Binary: https://nodejs.org/dist/v4.3.0/node-v4.3.0-linux-armv6l.tar.gz

ARMv7 32-bit Binary: https://nodejs.org/dist/v4.3.0/node-v4.3.0-linux-armv7l.tar.gz

ARMv8 64-bit Binary: https://nodejs.org/dist/v4.3.0/node-v4.3.0-linux-arm64.tar.gz

Source Code: https://nodejs.org/dist/v4.3.0/node-v4.3.0.tar.gz

Other release files: https://nodejs.org/dist/v4.3.0/

Documentation: https://nodejs.org/docs/v4.3.0/api/

Shasums (GPG signing hash: SHA512, file hash: SHA256):

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

72858adf7bc84b632f5635dd4a8030226048af5ad5cb166c7ee169dfcb4645ef  node-v4.3.0-darwin-x64.tar.gz
b36acbb638db5091becb2edc7e450aa02dc3a8062cd11014eb79434901236ee3  node-v4.3.0-darwin-x64.tar.xz
113a7c5689fd7a1d60160398a9cb0b03b0b88632ba0a2df148ef6e4c96986ec9  node-v4.3.0-headers.tar.gz
34a510fd4caa2830463f3df4765ab274bb5054be7437e7ca3f47f01827f8e1c6  node-v4.3.0-headers.tar.xz
47a52191e264efdbc36f5ec6510abd71fd5d3337d75120c2ddc6a285873763b7  node-v4.3.0-linux-arm64.tar.gz
2d7e28d80667212547d75f7b77f1bba5b015195cebde94d62be787725ee9715b  node-v4.3.0-linux-arm64.tar.xz
2e035c649f72b5fbd712e6cf52e83e9f013b9a266dc907d3595b1c143c9906df  node-v4.3.0-linux-armv6l.tar.gz
eec2411bb08341982c5e40537b7660f09a8001d68d6bd7ef36254c6b813de340  node-v4.3.0-linux-armv6l.tar.xz
49dfc4c4e5d1d07c91503c2a601665b68b6f5fc95d94517628f9a0f43b178158  node-v4.3.0-linux-armv7l.tar.gz
ed2cc35422161e59946c3d53040e7c421ba607876f312181afb0994188c406e5  node-v4.3.0-linux-armv7l.tar.xz
90ce6e23ad9748813742e1cf09e86fa4c0f3d53972d5dbe920a38bcc842e2d09  node-v4.3.0-linux-x64.tar.gz
9e46eedf6cf6de8472fcf939b2ba6c78d6caaa9348f95385146ebc9cddf6470e  node-v4.3.0-linux-x64.tar.xz
6972ed77c36f026498a0fde6b237fbc554325fa3a7426ee17ce563bdc08caa69  node-v4.3.0-linux-x86.tar.gz
2054242f13a6bdb43ff33238dff20aeb5ef06e73a22b9e55b0a01d94c6f8dd9f  node-v4.3.0-linux-x86.tar.xz
cafa3e7dc44fdd1459fcd81e4a770629f8fed4c74f77c446f9acde30a444bb28  node-v4.3.0.pkg
c97723abd27c2b48ec2cbc9cc9b7dd057c96bf05c1895d7740414f84955753db  node-v4.3.0-sunos-x64.tar.gz
6c850504d23c138c8de00731a814e8aec4ca9b96781970e3f4caa21d2d91c94d  node-v4.3.0-sunos-x64.tar.xz
8f645328daa96702bf110cfcf2021620dc76fcb16ce80423a5f72dd23893cf71  node-v4.3.0-sunos-x86.tar.gz
e7dac63c559050a09f8a201fab92af14d1f19cf6a6c5ad9f0d2cc53a2ffc4355  node-v4.3.0-sunos-x86.tar.xz
18504ac6d903cd061f60a29dafcda416a078112f3404d23a7901c41a8e9706b9  node-v4.3.0.tar.gz
4b4cb93929c2368219eb36a707b0cb87b08df5757c5c1073c18c15b79c873566  node-v4.3.0.tar.xz
48d2a640d8d7f390cbe7f5e6ddb5a0240f1a5e49e1d6f97f222bc54a69773238  node-v4.3.0-x64.msi
eb22e601c152b0ebad11e4ddd24b777aff6e36c8e0de92f9a088959cad3d0f47  node-v4.3.0-x86.msi
cd7f06223a59fa7057a0b528dd411896f995a541c1e82dd838ef1b3c72d5383d  win-x64/node.exe
6e2363d5ad5438f15373571ce44ffdd4a2bc3f8873fe9d51bbb108b34a7b7307  win-x64/node.lib
e5bf98250aa9972cf810c52793d684eeba17afe7e1241d93b39f7110a6825b53  win-x86/node.exe
7025ae784e4f78bb4dcb5d6635d773b3ada138b99cfea0a285a6c55311de9213  win-x86/node.lib
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQEcBAEBCgAGBQJWuhwKAAoJEHNBsVwHCHesMUUIAJIQP0LRemTTPlCgthwFlFDP
FRiImqbIUSPCVf+lEzfBqGAOlHmPLqGLKhiaYt5TxgglomRYNuLcUhc8g19HSkvV
KT9PU2JjSUHZ0dc2FgzlrWKZzET9DpBeNQzKHE3i26Z5SGdvVdZSShuS1WgoBzao
SwQqB1F38mThrL0FAg7PQ80nNH/Tl+mqdJF9Yrjrblfisv+qAnFqlhSC8L78jhLc
geWnuW22qm4CuDQp5DcwJAlYHk0P6AtVtVsvi+XUwUIe4RKpMUmvkYUa2zPF5T/9
RtKneJXAF/hqEXhPfDE4gF0gGIVE0avHQAYV7NyXvi7R+jwhlNnwd3m0kyEdeZ4=
=70Ju
-----END PGP SIGNATURE-----