보안 릴리스입니다. 모든 Node.js 사용자는 https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/ 에 있는 보안 요약 문서에서 패치된 취약점의 자세한 사항을 확인하기 바랍니다.
이번 릴리스에는 다음 CVE의 수정사항이 포함되었습니다.
Node.js: keep-alive 모드에서 Slowloris HTTP 서비스 거부(CVE-2019-5737)
주요 변경사항
http : keep-alive 모드의 접속에 server.headersTimeout
으로 설정된 수신 타임아웃을 지속 적용하여 HTTP와 HTTPS 접속에 대한 “슬로로리스(Slowloris)” 공격을 예방했습니다. 이 문제는 Marco Pracucci(Voxnest )가 보고했습니다. (CVE-2019-5737 / Matteo Collina)
Commits
Windows 32-bit Installer: https://nodejs.org/dist/v11.10.1/node-v11.10.1-x86.msi
Windows 64-bit Installer: https://nodejs.org/dist/v11.10.1/node-v11.10.1-x64.msi
Windows 32-bit Binary: https://nodejs.org/dist/v11.10.1/win-x86/node.exe
Windows 64-bit Binary: https://nodejs.org/dist/v11.10.1/win-x64/node.exe
macOS 64-bit Installer: https://nodejs.org/dist/v11.10.1/node-v11.10.1.pkg
macOS 64-bit Binary: https://nodejs.org/dist/v11.10.1/node-v11.10.1-darwin-x64.tar.gz
Linux 64-bit Binary: https://nodejs.org/dist/v11.10.1/node-v11.10.1-linux-x64.tar.xz
Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v11.10.1/node-v11.10.1-linux-ppc64le.tar.xz
Linux s390x 64-bit Binary: https://nodejs.org/dist/v11.10.1/node-v11.10.1-linux-s390x.tar.xz
AIX 64-bit Binary: https://nodejs.org/dist/v11.10.1/node-v11.10.1-aix-ppc64.tar.gz
SmartOS 64-bit Binary: https://nodejs.org/dist/v11.10.1/node-v11.10.1-sunos-x64.tar.xz
ARMv6 32-bit Binary: https://nodejs.org/dist/v11.10.1/node-v11.10.1-linux-armv6l.tar.xz
ARMv7 32-bit Binary: https://nodejs.org/dist/v11.10.1/node-v11.10.1-linux-armv7l.tar.xz
ARMv8 64-bit Binary: https://nodejs.org/dist/v11.10.1/node-v11.10.1-linux-arm64.tar.xz
Source Code: https://nodejs.org/dist/v11.10.1/node-v11.10.1.tar.gz
Other release files: https://nodejs.org/dist/v11.10.1/
Documentation: https://nodejs.org/docs/v11.10.1/api/
SHASUMS
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 b52526c4d271c221e9bd4b36888be9a1b5f8b5381f22665ec46910dde0c06b45 node-v11.10.1-aix-ppc64.tar.gz dea52b86f6875efae26fbb6d0269d9769da7ca69408b74b6ab724d4b64004b07 node-v11.10.1-darwin-x64.tar.gz 181b24e195758b37ece29e1070c9a8469815978fb6a41f7acfedef5e47f4290a node-v11.10.1-darwin-x64.tar.xz 33caa6d7ebbdf9f0dc771f95bb4bd203561c0cd66337b8112dee8db0056ccfe6 node-v11.10.1-headers.tar.gz 46400dbd3c399d511395ca02b468ac5040fbf6e102d0735bbbc7b702c4f0fe37 node-v11.10.1-headers.tar.xz 3438c8f94af3e53b83ceca1162ac3841718207a75d3c8e4d79bbb2c0653a690e node-v11.10.1-linux-arm64.tar.gz b116e57906ed73c970d64e7518b08c6de236575c5cd8bf09f4c1bd668524a014 node-v11.10.1-linux-arm64.tar.xz 5dac4182b2695bab096c56129d2b1ada7286facf00d919d2ab27dd1198880e57 node-v11.10.1-linux-armv6l.tar.gz 3b5f897cf3650f8577bdff28f4d5fe021a9febecfebed79ba8f1b7d444ca3419 node-v11.10.1-linux-armv6l.tar.xz 9f28ea3d16801c5f38f9ff1ebc7526aa72ad88c4a531285c4c063b22d67be301 node-v11.10.1-linux-armv7l.tar.gz ea3c22113d660320ceadb611fa46c945eb4725e06f91d3e1371291f3ffe98d82 node-v11.10.1-linux-armv7l.tar.xz f55da90c4f1aa78cab272f46c6541a60b22dcb6f5ef35fef8c57aea3e95fadbc node-v11.10.1-linux-ppc64le.tar.gz 3579d4a7aca9ad91d94609fd78b7f9a9f72ff2c00a2f46492a960ecb2cec7b10 node-v11.10.1-linux-ppc64le.tar.xz f685c971a9ce396dd632cda7830eb311ed2741fef2f1caba54d2ed233a289734 node-v11.10.1-linux-s390x.tar.gz dcfcc18d5fbe2cbc737df0c21db093c17f737a8db854963dbf3c2e8c9e4d86f8 node-v11.10.1-linux-s390x.tar.xz c84fe17ceb999ecd5d0a1ad5b70b502779a22e433f96e0b6a0ddf6d99f954975 node-v11.10.1-linux-x64.tar.gz 414216a7e47dbfb77141dce7a4452901ae2cdb4cd0deef3ab3ab49e0b2111f82 node-v11.10.1-linux-x64.tar.xz 658678fd109e77c38f46fe663d709fbd7c0608c6ddf98a0d06a1337f21d0342e node-v11.10.1.pkg 209c97642239ab4e097d51f4e5a4998f10c3be705c85f6fc702887d0e8b5e67c node-v11.10.1-sunos-x64.tar.gz a9c6253b5a629b76f57b0c4182b0e2f140fee83b393f000fea89897690a7db0c node-v11.10.1-sunos-x64.tar.xz 1652c919cb56e264fb7e0b00c4d038766af943ed3db94865cbeb01360175777b node-v11.10.1.tar.gz c9ed8de288a76b7a2c7f89ec52b10a6c741ed88d16499033ab5ec88351836006 node-v11.10.1.tar.xz a6889a20f43c78ac5e250f218ed9ba655c83c730196b343ea707dbf7aa41dbb0 node-v11.10.1-win-x64.7z 80cf14abacbc6b636bc192f4eee49421f082f21cdaa9c1ea5995c38f8c1375e5 node-v11.10.1-win-x64.zip d85ea0bc5c7f30fda24ee03b911d5bbdcb0adecdf6bdb7d96c1d63c4bf018e32 node-v11.10.1-win-x86.7z fd40443d18f12386a06d6fdfe0c9befc32d1e72cb5c108a5a7fb7ddc15ac9e54 node-v11.10.1-win-x86.zip 12d4e313dd2944b262b20ad914a78e8beaa910e0985e501426db7bc376a3095a node-v11.10.1-x64.msi 1a7cbe6ebc41181970b0855e82df6a203710f1467f92ae058aaffaa6170c3c17 node-v11.10.1-x86.msi 7871bf1e1d81038731f8d3e381c415b37a550e4effd048a6ae69edd80b393a6f win-x64/node.exe 36a01d94f5c136fd0198f92ad345acff844aee0316c96ba20a98ecfb456fa895 win-x64/node.lib 1aec597a712fdfc3de40c825ca2ac8a8b18a79f3013f3b552cab286ca117b2cb win-x64/node_pdb.7z 752412002a5ddd0c9b163547a740f974b66e9c52d760c3a79121a9d51cfb18b1 win-x64/node_pdb.zip ba18eec8fa86517e92f3796a91ce6346ad5189ffc543cdbff708a53b62af21b0 win-x86/node.exe a75ad641b7187792b5e3dcb3997fc80a6b9a309d3c5f9cd87e1e9eb48fe49374 win-x86/node.lib 651781ab139ad91e2b2ed82f2bacc2f51d2da17f18f4a0787f1293ad80415345 win-x86/node_pdb.7z fdaf24bdfecf9ea93c47ec79fa05fb8014e333c2f386643ace4b50e4dfc03685 win-x86/node_pdb.zip -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEE3Y8jOLrnUB491ax4wnN5L32DVF0FAlx316AACgkQwnN5L32D VF3xFQf/RXDQH3bQGeO0QX3XpINOwZqufotd85imcTgXJuDy0HFghSWr/TCw3nwP YtQ0p2fGyCdeRisLG6ywztqLkk+iulp9HDosrgEID/ACMUOlAGf6hH4m9Nqg+RB2 30gaIGkutq26bQkXiV2g2dTDLnypGYHK+4MEwua0E96DWsJXnLaK1BZBcKfe1JYe hpHWXSUCa/pwSkFsiyeKvflq4MR+maxRkPHRk7ulv5fufsFsdgfpJ+9rhebMTDmz dMOldqz+iWzSGPz+v2vgACFnXPZpvWQA/wi35YUQ6THx+FpCHuLLYH2xV84nPlEr FZC7E5DLnhDMITq+ZFvOSIFvV3tDPQ== =Z25N -----END PGP SIGNATURE-----