2021-03-31

Node v15.13.0(현재 버전)

작성자: Ruy Adorno
원문: Node v15.13.0 (Current)
번역: taggon

주요 변경사항

buffer:
- btoa와 atob를 구현했습니다. (James M Snell) #37529
deps:
- npm의 버전을 7.7.6으로 업그레이드했습니다. (Ruy Adorno) #37968
  - 이 업데이트는 npm run과 npm exec에 워크스페이스 지원을 추가합니다.
doc:
- 안정성 지표에 Legacy 상태를 추가했습니다. (James M Snell) #37784
- @linkgoron을 협력자로 추가했습니다. (Nitzan Uziely) #37817
http:
- http.ClientRequest.getRawHeaderNames()를 추가했습니다. (simov) #37660

Commits

[dc9cd43d8f] - (SEMVER-MINOR) buffer: implement btoa and atob (James M Snell) #37529
[377830fd28] - child_process: remove unused argument (Rich Trott) #37923
[cdfc1c8692] - child_process: cleanup AbortSignal duplication (Nitzan Uziely) #37823
[95aa032413] - (SEMVER-MINOR) child_process: add timeout to spawn and fork (Nitzan Uziely) #37256
[50fc6b9df0] - crypto: clear errors in SignTraits::DeriveBits (Filip Skokan) #37820
[79259389a1] - crypto: fix DiffieHellman argument validation (Antoine du Hamel) #37810
[11d45855cd] - crypto: fix header name (Jiawen Geng) #37792
[c37806d0ba] - crypto: use macro map for NodeCryptoError (Darshan Sen) #37758
[bfe3f21ee0] - crypto: fix crypto.verify callback invocation with a private keyobject (Filip Skokan) #37795
[f09c033faf] - deps: backport v8 f19142e6 (Guy Bedford) #37864
[2fd97ce687] - deps: v8 backport 9689b17687b (Guy Bedford) #37865
[f2cef54b6f] - deps: upgrade npm to 7.7.6 (Ruy Adorno) #37968
[ec82feb728] - deps: upgrade npm to 7.7.5 (Ruy Adorno) #37919
[649e04c4a5] - deps: upgrade npm to 7.7.4 (Ruy Adorno) #37897
[d5b472b70d] - deps: upgrade npm to 7.7.0 (Ruy Adorno) #37879
[9e6aa190e3] - deps: add ngtcp2 and nghttp3 (James M Snell) #37682
[659fc5d684] - doc: fix typos in lib/internal/bootstrap/pre_execution.js (marsonya) #37658
[ac60d018e2] - doc: add more commands for cherry-picking and changelog to release docs (Danielle Adams) #37785
[0fe3c7edd3] - doc: spell out ICU acronym on first occurrence (Rich Trott) #37942
[364c8ac40d] - doc: update GOVERNANCE.md for TSC Charter changes (Rich Trott) #37888
[e84252b35d] - doc: reduce header nesting in async_hooks.md (Rich Trott) #37839
[a6f21e2cfc] - doc: fix wording in outgoingMessage.write (Tobias Nießen) #37894
[30bc2e43e4] - doc: add examples for WHATWG URL objects (James M Snell) #37822
[c0a424f3e9] - doc: clarify when child process ‘spawn’ event is *not* emitted (Matthew Francis Brunetti) #37833
[9defe10371] - doc: fix legacy stability indicator display (Rich Trott) #37838
[f97a5dd22f] - doc: use sentence-style capitlaztion in template header (Rich Trott) #37837
[71fde07274] - doc: add Ayase-252 to triagers (Qingyu Deng) #37781
[8f18133de0] - doc: use sentence case in issues.md headers (marsonya) #37537
[3376051a0e] - doc: fix JS flavor selection (Antoine du Hamel) #37791
[b09d032683] - doc: move Derek Lewis back to collaborators (Derek Lewis) #37726
[6da0a0e85a] - doc: apply style for legacy status (James M Snell) #37784
[185d4cd4aa] - doc: revoke deprecation of legacy url, change status to legacy (James M Snell) #37784
[9d160daa89] - doc: add legacy status to stability index (James M Snell) #37784
[4700042a9b] - doc: add @linkgoron to collaborators (Nitzan Uziely) #37817
[c4183bbea4] - doc: fix AbortError example for timers (dbachko) #37738
[50f3ad1946] - doc: fix typo in stream docs (Ian Kerins) #37716
[2e82a97520] - doc: add gyp maintain info (Jiawen Geng) #37765
[3925458df7] - doc,tools: use only one level 1 header per page (Rich Trott) #37839
[e9c161ce12] - http: fix double AbortSignal registration (Nitzan Uziely) #37730
[a5205819d8] - (SEMVER-MINOR) http: add http.ClientRequest.getRawHeaderNames() (simov) #37660
[1c043272ea] - http2: treat non-EOF empty frames like other invalid frames (Anna Henningsen) #37875
[a5bf7de6eb] - http2: fix setting options before handle exists (Anna Henningsen) #37875
[af7489cb6c] - lib: add brand checks to AbortController and AbortSignal (Mattias Buelens) #37720
[6e2b60931c] - lib: fix typo in internal/modules/esm/module_job.js (marsonya) #37773
[3a440ecdf8] - lib: fix typo in lib/internal/crypto/certificate.js (marsonya) #37741
[3ab223dd32] - node-api: fix crash in finalization (Michael Dawson) #37876
[d1a3e0efb6] - node-api: stop ref gc during environment teardown (Gabriel Schulhof) #37616
[e60bd1a7dc] - (SEMVER-MINOR) perf_hooks: make Performance extend EventTarget (Michaël Zasso) #37621
[b6ad8e4cc1] - src: indent long help text properly (David Glasser) #37911
[13ecff63d6] - src: document newer values for --unhandled-rejections flag (David Glasser) #37899
[bd87e195ed] - src: fix typo in src code guide (Tobias Nießen) #37956
[2da532cef8] - src: report idle time correctly (Stephen Belanger) #37868
[836cb67945] - src: add .note.GNU-stack section (James Addison) #37688
[9557dda2eb] - (SEMVER-MINOR) stream: pipeline accept Buffer as a valid first argument (Nitzan Uziely) #37739
[43c3b43ea3] - stream: make Readable.from performance better (wwwzbwcom) #37609
[b0226b39f2] - test: split promisified timers test for coverage purposes (Rich Trott) #37943
[e256c4d11d] - test: fix typeof comparison (Rich Trott) #37924
[76ebc4bbd9] - test: increase wiggle room for memory in test-worker-resource-limits (Rich Trott) #37901
[5cdeb76708] - test: add OpenSSL 3.0 checks to tls-passphrase (Daniel Bevenius) #37860
[33c35a38dc] - test: add OpenSSL 3.0 checks to test-crypto-keygen (Daniel Bevenius) #37860
[86bf341a35] - test: fix deprecation warning in test-doctool-html (Antoine du Hamel) #37858
[aa529b73b7] - test: fix ibmi skip message (Tobias Nießen) #37821
[d9ab1d56ce] - test: fix flaky test-vm-timeout-escape-promise-module-2 (Rich Trott) #37842
[5d4c610727] - test: remove duplicated test for eventtarget (himself65) #37853
[44490af948] - test: relax Y2K38 check in test-fs-utimes-y2K38 (Richard Lau) #37825
[9bc6fe7eb3] - test: remove references to unsupported AIX versions (Richard Lau) #37826
[f07428ae51] - test: remove skip for fixed test-benchmark-fs (Rich Trott) #37803
[9f61cbd1fd] - test: account for OOM risks in heapsnapshot-near-heap-limit tests (Joyee Cheung) #37761
[e85f311cf2] - test: refactor code to use AbortSignal.abort() (Wassim Chegham) #37798
[6ed9e0bd81] - test: improve test-arm-math-illegal-instruction (marsonya) #37670
[505f9c95d1] - (SEMVER-MINOR) test: app atob web platform tests (James M Snell) #37529
[a8edf1aafe] - test: add known_issues test for #13683 (Rich Trott) #37744
[4487483d9d] - test: fix test-fs-utimes on non-Y2K38 file systems (Rich Trott) #37707
[d44b268910] - timers: fix arbitrary object clearImmediate errors (Nitzan Uziely) #37824
[b7e7384109] - tools: improve valid-typeof lint rule (Rich Trott) #37924
[ca93e52783] - tools: simplify eslint comma-dangle configuration (tools) (Rich Trott) #37883
[b5879efef1] - tools: improve macos-firewall.sh output (Rich Trott) #37846
[dbc4804468] - tools: simplify eslint comma-dangle configuration (Rich Trott) #37850
[0f2e142946] - tools: make genv8constants.py Python3-compatible (Michaël Zasso) #37835
[b6be472456] - tools: update gitignore for CMake (Jiawen Geng) #37793
[2227aa61ea] - tools: partially detect quic support in shared_openssl (James M Snell) #37682
[01dcf4d1d8] - tools: update ESLint to 7.22.0 (Colin Ihrig) #37734
[3452618905] - tty: validate file descriptor to avoid int32 overflow (Antoine du Hamel) #37809
[d33f446abd] - util: remove unreachable inspect code (Rich Trott) #37941

SHASUMS

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

9476bb2d9cdd50c80a57a941234bbd763a697377e5677befb67b4ead9511a361  node-v15.13.0-aix-ppc64.tar.gz
6e46324c9b0cafb7b37343b85055a878bb89e02643906c82c00c11dbd3ce9514  node-v15.13.0-darwin-x64.tar.gz
34f8f8fa195921ca4278378f1ba699479dcca30c5f8b10041a76548cdd67444c  node-v15.13.0-darwin-x64.tar.xz
4cc4b77c85fe59d42e5268cd6a59623158d485a4c5745f718f962517f1378bcd  node-v15.13.0-headers.tar.gz
7c4349af47ad994783a0b44ee32678e4ecd73ba3e1cdeb34ba876e75f20dad34  node-v15.13.0-headers.tar.xz
23a0277115cb18c994e8225552a9755811b5ebf87efec0997734b7e361dfd70a  node-v15.13.0-linux-arm64.tar.gz
dfc4ea8d0c043450141a865f9d0993abd05f9af0f4269588cf37512bd4b01cc8  node-v15.13.0-linux-arm64.tar.xz
658cfeea9a5b531612a128bfc7938f5b98a49a4288f6c802c2a7306229b0a785  node-v15.13.0-linux-armv7l.tar.gz
4ad3717caf7b4fd2cb70e06a19ab0ac5d8fcea9c42c701a4576a700a3cb549b7  node-v15.13.0-linux-armv7l.tar.xz
55c1f0395ee59a077fc267d6de7e3825fc1fd948e3d42ba404b13911042fcce0  node-v15.13.0-linux-ppc64le.tar.gz
587ced9ad0fdfb249ddbd2457d67143ff775e923b6ecb5f0fe1f435d7fca79af  node-v15.13.0-linux-ppc64le.tar.xz
b138596172ad6ffa4648043f2767d8dcb6297edd39287b09414b7afed59f3ff9  node-v15.13.0-linux-s390x.tar.gz
369762a5966ff2ca4d56b0dbeccee5615661d7048c96427948506fe8cbf65266  node-v15.13.0-linux-s390x.tar.xz
1cd6b2f92f826b0176039e9261bee8ae993d6167fbbe89ab2bc79d18e734267c  node-v15.13.0-linux-x64.tar.gz
1ddb8da8e40e7dab71a896e73c98cc0c5a88fe60ec7b8e59d2d5c02953568b9d  node-v15.13.0-linux-x64.tar.xz
6adef625cdbe65ffa006d6d17708c7b08d58e873a6808490ee8f46f7b6358b78  node-v15.13.0.pkg
96926e5b8f2f3ea805596448f01b16115882f3a594e2e999dc7349f80b3ec1f8  node-v15.13.0.tar.gz
90dca5d2bc4aa1e1157f8e0029371fc857c63778c14c94683f49a2d6572aa8f1  node-v15.13.0.tar.xz
db5fb70541e7e3f9e56c4a3fff2431dc3870be7cfa57ce40de92fd72c6b65024  node-v15.13.0-win-x64.7z
64ca8c72046d8d987370270d2591c9df463126f068c24dc81d3afa752b43d978  node-v15.13.0-win-x64.zip
5b621972be0f015aad60a6c28b5dfda9820b2aea5d9e96b0e2ea3a0c3d1e5c00  node-v15.13.0-win-x86.7z
84ed9b5d01e8c527e9f38d17ca28089982842fb7b255d09304464b8b70338d7d  node-v15.13.0-win-x86.zip
6cb795eeff8fd6529c417fdf31116db38511fd65de2337416d90dfbd2cff1112  node-v15.13.0-x64.msi
775c82a65f60a02bf20c191013506abd508a26d1a79bd8d46c9be6b199d74f45  node-v15.13.0-x86.msi
23b5bbef8082f04d57ce6710aec6ed6c20626d1b6a0fb400524bd49f8560331f  win-x64/node.exe
cef6b29471f8faa5291be30c049822267cfcfe3437c2d724d720b01f6480a827  win-x64/node.lib
be4aad7c798c5db01a736671784aab1acba0cc367495570517e546d880db8c36  win-x64/node_pdb.7z
7a752337403e7fdc28dc7361aaf2cd291d2ed8e817003bf68504dd8a0923dabc  win-x64/node_pdb.zip
ae53c3c0b39f9dc7c78af434d78c2431723568e1577d77a093884ea4bce64941  win-x86/node.exe
889e03560e730464fe438f9b167e0907b61d1d47a19d05ede27e68c5da136991  win-x86/node.lib
cd578ecf8f8c9481245c515eb86a54bd310a203f27100588e5b986842486b6c3  win-x86/node_pdb.7z
38a3f56caf4dbd7d22a04e6e19f74e5e355d95bba7b4401fbd5079b2d247f905  win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEEI9StI21e7DMQ5spl7AUGb2S+AoFAmBkhdsACgkQl7AUGb2S
+ApDAxAAvfgIxckDoiMlkDXJ8RvL9E3IRLwsUDDDm4QIpajzcAG0eqq0VuM7JTDE
oi3T/NjEzgXyCnrCppHbPiWQLjvxHxYv0e8RAInkjP7VSBs3ZX8AhJ08ry7QCbrJ
iAxoABYF2LfxAHldAzq26jmA6xTRNZZWenxqcUcIIlq5X+bFzGqjzcIUXPedgKBe
+F+22qc2WO6v/pUklKZRNkEpKcPiqi+MAOreqlGYQOiOFc7TqBk1CgJBo7okqZX+
bq2+5zlttjNfnIbp0N70WAltQN2ewySZco26EZqwwScxMbXFedh9Xh1CC2xu7819
yR+USIgJyFgk2eYSi/d5HsErUJwV/DkmHphyAya7lnTmpCVouvAWPRfqW0nY2o0Y
p4NzDXa8elv8g8eTdBp/qJPfuT9YRnXnWuTMtLwbedWeysOteBze21w4ybFykRSG
ExJfJmCQD+xB6L21gzMVj17iPaTZtI6qcD8XLihx045VGewHBnQncgoYx6AsNqaD
7n5QgiFkVjEyPGW4JgpDsW7kCqXe02t7gtPvdu9MsbBgRhhS49k5HO+Kjc508MgN
faiyUw38Z9NdP14E/gZBMNFzZ3568IiqainPj3WJkf8mlH5OKcSQu8ZbmvxqEuQH
k6bgV3nq9tcGp1cHZjk2OxlUhF87kzhypiaD+giNYiJ+0NDfKXI=
=GeYV
-----END PGP SIGNATURE-----

2021-03-31

articles

2021년 4월 보안 릴리스

작성자: Daniel Bevenius
원문: April 2021 Security Releases
번역: taggon

(2021년 4월 6일 업데이트) 보안 릴리스를 사용할 수 있습니다.

다음 이슈에 대해 v10.x, v12.x, v14.x, v15.x 버전의 Node.js 릴리스 라인의 업데이트를 이용할 수 있습니다.

OpenSSL - X509_V_FLAG_X509_STRICT를 사용할 때 CA 인증서 검사의 우회(높음) (CVE-2021-3450)

이 OpenSSL 취약점은 Node.js에서 악용될 수 있습니다.
자세한 내용은 https://www.openssl.org/news/secadv/20210325.txt에서 볼 수 있습니다.

영향받는 버전:

15.x, 14.x, 12.x, 10.x 릴리스 라인의 모든 버전

OpenSSL - signature_algorithms 처리 중 NULL 포인터 역참조(높음) (CVE-2021-3449)

이 OpenSSL 취약점은 Node.js에서 악용될 수 있습니다.
자세한 내용은 https://www.openssl.org/news/secadv/20210325.txt에서 볼 수 있습니다.

영향받는 버전:

15.x, 14.x, 12.x, 10.x 릴리스 라인의 모든 버전

npm 업그레이드 - 프로토타입 오염을 고치려고 y18n을 업데이트함(높음) (CVE-2020-7774)

y18n npm 모듈의 취약점으로 프로토타입을 오염시켜서 악용될 수 있습니다.
자세한 내용은 https://github.com/advisories/GHSA-c4w7-xm78-47vh에서 볼 수 있습니다.

영향받는 버전:

14.x, 12.x, 10.x 릴리스 라인의 모든 버전

다운로드와 릴리스 세부 사항

요약

Node.js 프로젝트는 2021년 4월 6일 화요일쯤 모든 지원 중인 릴리스 라인의 새 버전을 릴리스할 예정입니다.

심각도가 높은 이슈 세 개

영향

Node.js 15.x 릴리스 라인은 심각도가 높은 이슈 두 개에 취약합니다.

Node.js 14.x 릴리스 라인은 심각도가 높은 이슈 세 개에 취약합니다.

Node.js 12.x 릴리스 라인은 심각도가 높은 이슈 세 개에 취약합니다.

Node.js 10.x 릴리스 라인은 심각도가 높은 이슈 세 개에 취약합니다.

릴리스 시기

릴리스는 2021년 4월 6일 화요일쯤 사용 가능할 예정입니다.

연락처 및 향후 업데이트

현재 Node.js의 보안 정책은 https://nodejs.org/en/security/에서 볼 수 있습니다. Node.js의 취약점을 보고하고 싶다면 https://github.com/nodejs/node/blob/master/SECURITY.md에 정리된 절차를 따르기 바랍니다.

Node.js의 보안 취약점과 보안과 관련된 릴리스의 최신 정보를 얻으려면 https://groups.google.com/forum/#!forum/nodejs-sec에서 소수의 공지만 하는 nodejs-sec 메일링 리스트를 구독해 주세요. 이 프로젝트는 nodejs GitHub 조직에서 관리하고 있습니다.

2021-03-30

articles

Node v12.22.0(LTS)

작성자: Richard Lau
원문: Node v12.22.0 (LTS)
번역: taggon

주요 변경사항

레거시 HTTP 파서가 런타임 폐지 예정 상태로 되었습니다.

명령줄에서 --http-parser=legacy을 전달하면 사용할 수 있는 레거시 HTTP 파서가
2021년 4월 말에 지원이 종료되는 Node.js 10.x에 맞추어 폐지 예정 상태로 되었습니다.
레거시 파서는 해당 Node.js 버전에서 사용할 수 있는 유일한 HTTP 파서였습니다.
한동안은 레거시 HTTP 파서를 계속 사용할 수 있지만 경고가 나타날 것이며
향후 Node.js 12.x 릴리스에서 레거시 파서가 제거될 수 있습니다.

llhttp에 기반한 기본 HTTP 파서는 영향을 받지 않습니다.
해당 파서는 기본적으로 지금 폐지 예정 상태가 된 레거시 HTTP 파서보다 더 엄격합니다.
올바르지 않은 HTTP 헤더를 전송하는 HTTP 구현체와의 상호운용성이 필요하다면,
--insecure-http-parser 명령줄 옵션을 사용해서 보안성이 조금 떨어지는 모드로 사용하면 됩니다.

Beth Griggs가 기여했습니다. #37603.

ES 모듈

이제 ES 모듈은 안정적인 상태로 간주합니다.

Guy Bedford가 기여했습니다. #35781

node-api

node-api를 8 버전으로 업데이트하고 애드온 파일의 이름을 알 수 있는 실험적인 API를 추가했습니다.

Gabriel Schulhof가 기여했습니다. #37652, #37195.

코드 커버리지 데이터 수집을 제어하는 새로운 API

v8.stopCoverage()와 v8.takeCoverage()가 추가됐습니다.

Joyee Cheung이 기여했습니다. #33807.

워커 스레드의 이벤트 루프 활용을 모니터링하는 새로운 API

worker.performance.eventLoopUtilization()이 추가됐습니다.

Trevor Norris가 기여했습니다. #35664.

Commits

[1872625990] - (SEMVER-MINOR) deps: update to cjs-module-lexer@1.1.0 (Guy Bedford) #37712
[dfa04d9035] - deps: V8: cherry-pick beebee4f80ff (Peter Marshall) #37293
[bf8733fe22] - doc: mark modules implementation as stable (Guy Bedford) #35781
[0a35d49f56] - Revert “embedding: make Stop() stop Workers” (Anna Henningsen) #32623
[a0b610450a] - (SEMVER-MINOR) http: runtime deprecate legacy HTTP parser (Beth Griggs) #37603
[2da24ac302] - lib: add URI handling functions to primordials (Antoine du Hamel) #37394
[7b0ed4ba92] - module: improve support of data: URLs (Antoine du Hamel) #37392
[93dd799a86] - (SEMVER-MINOR) node-api: define version 8 (Gabriel Schulhof) #37652
[f5692093d3] - (SEMVER-MINOR) node-api: allow retrieval of add-on file name (Gabriel Schulhof) #37195
[6cef0e3678] - src,test: add regression test for nested Worker termination (Anna Henningsen) #32623
[364bf03a68] - test: fix races in test-performance-eventlooputil (Gerhard Stoebich) #36028
[d7a4ccdf09] - test: correct test-worker-eventlooputil (Gerhard Stoebich) #35891
[0f6d44500c] - test: add cpu-profiler-crash test (Santiago Gimeno) #37293
[86f34ee18c] - (SEMVER-MINOR) v8: implement v8.stopCoverage() (Joyee Cheung) #33807
[8ddea3f16d] - (SEMVER-MINOR) v8: implement v8.takeCoverage() (Joyee Cheung) #33807
[eec7542781] - (SEMVER-MINOR) worker: add eventLoopUtilization() (Trevor Norris) #35664

SHASUMS

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

64482b90fb13ca4be3a40386c958a41e49f6c915d3807d14d797bf101d363621  node-v12.22.0-aix-ppc64.tar.gz
7f72fd468cd00cf562c8fe2ea8b5e7a3b68027e8454e432db9ffbdd967bf420c  node-v12.22.0-darwin-x64.tar.gz
56eb67ecd3bdbcd48823aa20ac379e71473037569ec77638444069ca836baa44  node-v12.22.0-darwin-x64.tar.xz
7c1424543ae16e1e15d8a4d95fbb99cf4ae7c943c4aa0bf0be3751a883f38738  node-v12.22.0-headers.tar.gz
aad985525806713e4e88e67cf22ee937da3281a15c62647aa39ae8f0a27e1512  node-v12.22.0-headers.tar.xz
844d0ea80f0b71b015800d2089fe13a0dee1dd46b2957c458d06a5231bf6ac0b  node-v12.22.0-linux-arm64.tar.gz
7c784d17e2e4f72afe79df253d893afd8b73396d3a28a7709214673fd8d6fa87  node-v12.22.0-linux-arm64.tar.xz
942d71744f4001b11ac1be5a3093afdcd06509ab530fcf58f8bdaf16f3ee69c5  node-v12.22.0-linux-armv7l.tar.gz
09a9ab7188214b835456ec8f1248c7d820d945f87d2f6f0a74899b877312000d  node-v12.22.0-linux-armv7l.tar.xz
437fa2f1a2caae09120a1bf9a20544368391bfea382f1e485b440f2117febfeb  node-v12.22.0-linux-ppc64le.tar.gz
a509c5e0fc56c0c0368f8e1d0dfa017739695b88f08b85cc2b6ab28aafa92695  node-v12.22.0-linux-ppc64le.tar.xz
060bab6c4acf323cb66f8f2f23474d7158062e18daf249cc0b2d543413d7f1d5  node-v12.22.0-linux-s390x.tar.gz
dea901d4b14ada86bdc1eb9b8ff8dfd2204c912309dc6c3f54fb7beef61ee3cf  node-v12.22.0-linux-s390x.tar.xz
d941cb38b023a1c53a629c49425105f68069937569edd72c6fafab2221fc4533  node-v12.22.0-linux-x64.tar.gz
c5c9dc788ec08785203d7b02333aab393bd648ec4a8bb2efb9d56c67d24eba70  node-v12.22.0-linux-x64.tar.xz
2164706d8051ca3920036db45f901bb28b0b3e92dd3b98814791ec8751c4a633  node-v12.22.0.pkg
f2f8b3134fc343e635e6d3ccc37a6437e83d46125f707ed082ffbe43f4c7ce4b  node-v12.22.0-sunos-x64.tar.gz
37ef6028e13b58e93813cfee54e5668987d6f8bc2aae48c446794a30cc03194c  node-v12.22.0-sunos-x64.tar.xz
a65d108d824e956de0ab7c3e7f6763c70f6f5b85636dc4ee16404e5881b7d723  node-v12.22.0.tar.gz
df5c5f0ebad4889f5dd24e565eaaa9cbe2ca3274f78af469d9a20cc36f60ba23  node-v12.22.0.tar.xz
7261d78d96e80c265b1e3f459dc43fc664bff63e30d5c21b468ee6271876ac2c  node-v12.22.0-win-x64.7z
27dcfb4145bade7f03687d6ec620c55b0b5c966c583d02d29db36fb88bbd82c1  node-v12.22.0-win-x64.zip
5725c31de1ef07e5b09219fec87ae39e885172b2579d035315eb76a9dfcadcab  node-v12.22.0-win-x86.7z
0c880c1c0f5ff0755da21098b9fae7e76289525bdfdb73725fae7dc815ec2a9d  node-v12.22.0-win-x86.zip
51cfc0f8db30fc2bd45b6ac553867d3745aa73621661c099daaacb25d0d938bc  node-v12.22.0-x64.msi
62d3bbe291b146ff2856d4ef349377d7f20fea5ed7ce84be73c53193cab46329  node-v12.22.0-x86.msi
382561345ac811231b8502931496784b93d7f72a4084babedb6a3f8b27d9214d  win-x64/node.exe
28e5c24831deedbf4fb8a9560f2c4f95205479c589f54a9a53ec346f6a5cf8bf  win-x64/node.lib
dd6516bda3b3ffa953e30dfa79641f49290892d5fb7009e3b5f8f454c8753554  win-x64/node_pdb.7z
8efa373a135ef092e5a743064eef6423158190accdbcda4914fbed2a992e4a56  win-x64/node_pdb.zip
ba3752edef984118a77911f2ec78576fe039a8b0bca7dcb94efaff76c2272efb  win-x86/node.exe
8bbcf3b9305b83f54bd80f8ec19d4e237841bde5bfaeb2aec708c36daa6435f6  win-x86/node.lib
f34a56b04934e5382af0d288424e11a6d55e80894254835a8701102e089eafdd  win-x86/node_pdb.7z
80c580430404fb8cace7802e5c592123d1bd6bffa71ce7a6850358a254b05003  win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEyC+jrhy+3Gvka5NgxDzsRcF6uTwFAmBjMiUACgkQxDzsRcF6
uTxj3BAAj6UhDhyUVTAzuaKVxJEfmnXeHdq3NNgWBkCk2H9ru6zJRa8nulzxFrmR
LR9/sDAr01of/Qca7q5ojeh2K5j66DbeG7RxvtwcISr9ASdZ7LmjcJCCie7fKnRz
eZn6qJ+6WXzD3lswI4jSwT8kIuNywAu7cMEkIcJM/OvLumpjx2euYjIdEE5BF80B
IwmkhyHvSiggPcAYBn1uxlDWHBxwdyF1F9u9MEGGmieIIloIMLeaDKRKdklSOBmr
ShwE2cnk+IEqJtQYaVEBLisayh8tkSdyxlbyowICkESICB+oiWMqF9dZotf6SFf6
I+SvfCQn3NH/LYG+gg06uAtna1hHUYU7DJ1QBGZtwff3NuVn0MrwZN3Qazj/ML8N
7ihL4twQM33U/QousCdXxaVVcW/J4+lurg0BKq0cijx/MvJRDF5+FDw/BLu3P7ul
3JA7+Ea0DquCt77oZpOra20TfrnjKmFUZfQjbqaG0hzQoEbJ8AcZlJeintOS2xT9
0Ri0Gp7JrCWpOfKobirjE/lIaV2Ehz9JpoPkwwFQbo62TPle7DIDihKWkshwuZj+
5X2K3rKjG9ff/0nZBkiWh6R7YGeMZCYscW71jTK7cIlKRggFIzUa+Od0x0975fQm
iDJMkx+Pmv2++GI3bcnZRxcCm+NeF6MryaN9xKNBblM6uoSemfQ=
=Wx4y
-----END PGP SIGNATURE-----

2021-03-17

articles

Node v15.12.0(현재 버전)

작성자: Danielle Adams
원문: Node v15.12.0 (Current)
번역: outsideris

주요 변경사항

crypto:
- crypto.sign과 crypto.verify에 선택적인 콜백을 추가했습니다. (Filip Skokan) #37500
- create*Key에서 JWK 객체를 지원합니다. (Filip Skokan) #37254
deps:
- openssl을 quictls/openssl로 변경했습니다. (James M Snell) #37601
- cjs-module-lexer@1.1.0로 업데이트했습니다. (Guy Bedford) #37712
fs:
- fsPromises writeFile의 성능을 높였습니다. (Nitzan Uziely) #37610
- fsPromises readFile의 성능을 높였습니다. (Nitzan Uziely) #37608
lib:
- AbortSignal.abort()를 구현했습니다. (James M Snell) #37693
node-api:
- 8 버전을 정의했습니다. (Gabriel Schulhof) #37652
worker:
- setEnvironmentData/getEnvironmentData를 추가했습니다. (James M Snell) #37486

Commits

[44514600b2] - assert,util: fix commutativity edge case (Ruben Bridgewater) #37711
[8666d777cc] - benchmark: add benchmark for fsPromises.writeFile (Nitzan Uziely) #37610
[e9028eb646] - cluster: restructure to same prototype for cluster child (Yash Ladha) #36610
[8e1257e26d] - cluster: clarify construct Handle (Jackson Tian) #37385
[341ee31e15] - crypto: reconcile duplicated code (James M Snell) #37704
[a2d08d5dfd] - crypto: add internal error codes (Darshan Sen) #37650
[922f2f0eb2] - (SEMVER-MINOR) crypto: add optional callback to crypto.sign and crypto.verify (Filip Skokan) #37500
[55e522ca23] - (SEMVER-MINOR) crypto: support JWK objects in create*Key (Filip Skokan) #37254
[33180fad81] - crypto: add separate error for INVALID_KEY_TYPE (Darshan Sen) #37555
[d81b9af1fc] - crypto: improve randomUUID performance (Dawid Rusnak) #37243
[23d654105f] - crypto,test: improve hmac coverage with webcrypto tests (obi-el) #37571
[dfca2fac24] - (SEMVER-MINOR) deps: update to cjs-module-lexer@1.1.0 (Guy Bedford) #37712
[ce357c0c11] - (SEMVER-MINOR) deps: update archs files for OpenSSL-1.1.1+quic (James M Snell) #37601
[6d77b6174f] - (SEMVER-MINOR) deps: switch openssl to quictls/openssl (James M Snell) #37601
[3e1a46a6a8] - deps: upgrade npm to 7.6.3 (Ruy Adorno) #37721
[b2fd00398c] - deps: V8: cherry-pick 1648e050cade (Colin Ihrig) #37664
[7422453072] - deps: upgrade npm to 7.6.1 (Ruy Adorno) #37606
[89f3aa92b4] - doc: add marsonya as a triager (marsonya) #37667
[3710857de3] - doc: add hints to http.request() options (Luigi Pinca) #37745
[5d793737d7] - (SEMVER-MINOR) doc: update maintaining-openssl guide (James M Snell) #37601
[1022d3d947] - doc: recommend checking abortSignal.aborted first (James M Snell) #37714
[764aa2dcee] - doc: fix link to googletest fixtures (Tobias Nießen) #37698
[0d3cc2dc82] - doc: fix typo in description of close event (Tobias Nießen) #37662
[e55058fed1] - doc: use sentence case in README.md headers (marsonya) #37645
[e7fc7a4c23] - doc: crypto esm examples (James M Snell) #37594
[a3abd52e1e] - doc: add localPort to http.request() options (Luigi Pinca) #37586
[705bdfbe3e] - doc: fix grammar errors in http document (Qingyu Deng) #37265
[e5f7179d1e] - doc: add document for http.OutgoingMessage (Qingyu Deng) #37265
[7c0ce17e65] - doc: fix typo in doc/guides/collaborator-guide.md (marsonya) #37643
[60d8afa9ab] - doc: document that module.evaluate fulfills as undefined (James M Snell) #37663
[6192315cf3] - doc: remove generated from dsaEncoding description (Marko Kaznovac) #37459
[e4c8c50b28] - doc: fix typos in /doc/api/fs.md (Merlin Luntke) #37557
[ebc6f41072] - doc: fix linter issue (Antoine du Hamel) #37657
[d17aab1775] - doc: add esm examples for assert (James M Snell) #37607
[366772bf87] - doc: add return type of readline.createInterface (Darshan Sen) #37600
[f50db89a52] - doc: change lang info string in fs JS snippets (Antoine du Hamel) #37605
[5a9196e0e4] - doc: apply sentence case to headers in pull-requests.md (marsonya) #37602
[05badcf755] - doc: fix small typo in 15.11.0 release (Tierney Cyren) #37590
[e0e7aa1058] - doc: add top-level await syntax in vm.md (Antoine du Hamel) #37077
[732d8ca811] - doc: clarify that columnOffset applies only to the first line (James M Snell) #37563
[267bbe3412] - doc: document that NODE_EXTRA_CA_CERTS is read only once (James M Snell) #37562
[f56a805a0d] - doc: refactor signal info in child_process.md (Darshan Sen) #37528
[236ba04a79] - domain: add name to monkey-patched emit function (Colin Ihrig) #37550
[1c09776106] - domain: show falsy names as anonymous for DEP0097 (Colin Ihrig) #37550
[5a49e3139e] - errors: remove experimental from --enable-source-maps (Benjamin Coe) #37743
[e384291c90] - events: remove return value on addEventListener (James M Snell) #37696
[ba91ef2d08] - fs: improve fsPromises writeFile performance (Nitzan Uziely) #37610
[3572299fc2] - fs: add promisified readFile benchmark (Nitzan Uziely) #37608
[b277776845] - fs: improve fsPromises readFile performance (Nitzan Uziely) #37608
[6688569a50] - http: refactor to avoid unsafe array iteration (Antoine du Hamel) #37654
[c737df64fe] - http2: make res.req a normal property (Colin Ihrig) #37706
[ac2f50b3fd] - (SEMVER-MINOR) lib: implement AbortSignal.abort() (James M Snell) #37693
[12fb2ffc33] - lib: use AbortError consistently (James M Snell) #37715
[e63a25e2ff] - lib: fix typo in lib/internal/http2/core.js (marsonya) #37695
[852f53ed7e] - lib: fix typo in lib/internal/bootstrap/loaders.js (marsonya) #37644
[daa4ac54c5] - lib: remove use of array destructuring (Antoine du Hamel) #36818
[ae0e76c264] - module: refactor NativeModule to avoid unsafe array iteration (Antoine du Hamel) #37656
[a86334fbb9] - (SEMVER-MINOR) node-api: define version 8 (Gabriel Schulhof) #37652
[d28ce328ed] - src: fix variable name of OnCloseReceived callback (Tobias Nießen) #37521
[d59c6de7e8] - src: add error formatting support (Gus Caplan) #37598
[33436e39fe] - src: make BaseObject::is_snapshotable virtual (Anna Henningsen) #37539
[30c62dee1c] - src,test: support dynamically linking OpenSSL 3.0 (Daniel Bevenius) #37669
[4bf1f333c7] - stream,util: fix “the the” typo in comments (Luigi Pinca) #37674
[1b53087541] - (SEMVER-MINOR) test: update dom/abort tests (James M Snell) #37693
[c2cb153646] - (SEMVER-MINOR) test: fixup test to account for quic openssl version (James M Snell) #37601
[ede34aa128] - test: address flaky wpt/test-timers (Rich Trott) #37691
[ed32cd4e67] - test: fixup flaky test-crypto-x509 (Filip Skokan) #37709
[013b3ff2d4] - test: remove unnecessary V8 flag (Antoine du Hamel) #37671
[cc48816826] - test: fix WPT URL tests that fetch JSON data (Michaël Zasso) #37624
[b0ed1e790e] - test: improve error reporting in test-child-process-pipe-dataflow (Rich Trott) #37632
[f7edb07ec2] - test: terminate WPT workers after test completion (Michaël Zasso) #37627
[b7ef829dac] - test: ignore WPT worker errors after tests finished (Michaël Zasso) #37626
[257b1ab225] - test: update Web Platform Tests (Michaël Zasso) #37620
[1f6341852f] - test: remove FLAKY status for test-async-hooks-http-parser-destroy (Rich Trott) #37636
[044fd2fc86] - test: remove FLAKY status for fixed test (Rich Trott) #37633
[d5ff50d2a7] - test: clear flaky designation for test-stream-pipeline-http2 (Rich Trott) #37631
[381fb98061] - test: clear FLAKY designation for test-http2-pipe (Rich Trott) #37631
[0582c51754] - test: fix wasi/test-return-on-exit on 32-bit systems (Colin Ihrig) #37615
[0d04b6c043] - test: fix flaky test-child-process-exec-abortcontroller-promisified (Antoine du Hamel) #37572
[a44daff34d] - test: update all Web Platform Tests (Michaël Zasso) #37467
[c09bd77daf] - test: redownload wpt fixtures with correct encoding (Michaël Zasso) #37467
[57319770bb] - test,crypto: ensure promises resolve in webcrypto tests (Antoine du Hamel) #37653
[2d9b624668] - tls: refactor to avoid unsafe array iteration (Antoine du Hamel) #37655
[72af5d9895] - tools: parse changelogs only in the default branch (Antoine du Hamel) #37768
[bd62771a22] - tools: use bundled npm in update scripts (Ruy Adorno) #37613
[4de3b8483a] - tools: update glob-parent to 5.1.2 (Rich Trott) #37646
[ec71a0f817] - tools: check version number in YAML comments from changelogs (Antoine du Hamel) #37599
[07fc61b900] - tools: add support for mjs and cjs JS snippet linting (Antoine du Hamel) #37311
[440c944420] - tools: fix object name in prefer-assert-methods.js (Tobias Nießen) #37544
[7042ec89f1] - tools: update remark-preset-lint-node to 2.1.1 (Rich Trott) #37604
[82e78f7c12] - tools: fix compiler warning in inspector_protocol (Darshan Sen) #37573
[fd7234c52f] - tools: make update-eslint.sh work with npm@7 (Luigi Pinca) #37566
[057c6a842a] - tools: add ESLint rule no-array-destructuring (Antoine du Hamel) #36818
[25a5f0b3b8] - tools: update eslint-plugin-markdown configuration (Colin Ihrig) #37549
[7a1de1fce9] - tools: update ESLint to 7.21.0 (Luigi Pinca) #37546
[9c0ca4689d] - tools,doc: add support for several flavors of JS code snippets (Antoine du Hamel) #37162
[80af610d95] - util: inspect __proto__ key as written in object literal (Anna Henningsen) #37713
[0d135e8316] - (SEMVER-MINOR) worker: add setEnvironmentData/getEnvironmentData (James M Snell) #37486
[8024ffbba4] - worker: add ports property to MessageEvents (Anna Henningsen) #37538
[f4fd3fb6a7] - worker: allow BroadcastChannel in receiveMessageOnPort (Anna Henningsen) #37535

SHASUMS

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

b05beb9caa359aba0402412937a6f7434459adab016021c6e30f4c67b5ab35d9  node-v15.12.0-aix-ppc64.tar.gz
c04a77a3bf4a9ea7f5c0d34773cb8fcc4af594b202fa69ea41edc372ecd28df0  node-v15.12.0-darwin-x64.tar.gz
adcdfe6e147a67741ac32bd454f0ed69717387486b2275df33758b276d00de83  node-v15.12.0-darwin-x64.tar.xz
9514682405d3f1567838e289eeace2546a05fb88fc7d77f8ee566cadd92025ba  node-v15.12.0-headers.tar.gz
96fe0238aef09626ffed5288871ce7fe556a5aa3aeb529fe70ce8c8c9e722c60  node-v15.12.0-headers.tar.xz
cf1e276e381bbe58998feb584f907980ad2c6cd8c88dd4662a089b177b7ab0b2  node-v15.12.0-linux-arm64.tar.gz
be93231a6616356e2a33d5007de19ffd573d5a05a67662c1583edbb7b3ecb234  node-v15.12.0-linux-arm64.tar.xz
e90567de53a7a5a7ff4ff1088516ed5bbfa1db2ba7a7f9b7010cfbb3784ba408  node-v15.12.0-linux-armv7l.tar.gz
2bcebc5bc59acbd239e42967e2342e9385b407546d5570c09d5dde90a9b3bf77  node-v15.12.0-linux-armv7l.tar.xz
5f635bf5b6249562e220d40527a0d9dcb45f551660a4ee3948f639948c39ba90  node-v15.12.0-linux-ppc64le.tar.gz
a3d719ad30b90305a732414a3467c0833f8b58b1b8170c88e35c0c8e72958606  node-v15.12.0-linux-ppc64le.tar.xz
b8d0f1e206ff1efa512aa33b556359cde46724e8d9f8d6e6d1da27d109388bff  node-v15.12.0-linux-s390x.tar.gz
b04f13b4e34450d2794feac4bbc67028a595893f95fab63829763487b136e81c  node-v15.12.0-linux-s390x.tar.xz
0fa13e94e07e05b64819f44de92a81f4a95c8d952278e85eba3c7dd11fe63aea  node-v15.12.0-linux-x64.tar.gz
3892b4058cf12823c6cf39e4a3e9ce6da3f908cbfd211ddfc0a9df73eecd8bdc  node-v15.12.0-linux-x64.tar.xz
b8df5c09ed9bd191cf244d1d0d910e1f90bdfb17d4a163b690cff9794b061e37  node-v15.12.0.pkg
cfb13ad6443e9e08d2c37468e57d2d79b91c5372e9d9d3f03756a0e31d984497  node-v15.12.0.tar.gz
5ebbbe5024787a45134c4fbd77f50ae494c9cd49c87ce2c9f327af77d8af1a31  node-v15.12.0.tar.xz
e103b811f4be35cf3388a398ff487fd6a53e07c9acbfea52533a97e3668affd3  node-v15.12.0-win-x64.7z
630943523e7289545af6fba3a4ab615d3bef466b00e504be044c55bc8fa100e5  node-v15.12.0-win-x64.zip
b0a41cf8eb23f88ad187c6658ae470462c4b04e1385d20e95c1a5b800c6239ae  node-v15.12.0-win-x86.7z
8ba62e8ffa1e04c724e88522b07a395398bcd3215d908ec2d6b4bb8e313088ca  node-v15.12.0-win-x86.zip
238cc9aa94527ab2fbcef4a9bcf81bb01667fb4864dfe490aead1ae474d5584c  node-v15.12.0-x64.msi
7729c52a1dfd162217c698ca53c487abb300c011bdfd2b806b3cefa7ea10a82c  node-v15.12.0-x86.msi
a6e114a50a51dcdce880dac9ab48293132541cb682d21a5200001c354f93df6c  win-x64/node.exe
efec0902e39ae60a3c5e54db9e9fff3ebcec88744851f6df911da9ad9eb39a2d  win-x64/node.lib
68009b608bd60afbada5c08f447ecf37e60bd7c8f9299cb083dde8b41871fc61  win-x64/node_pdb.7z
a45dfbcfa66672328593d4a6840efb99124a0560bde7fc936d163617388f08fe  win-x64/node_pdb.zip
5bfd61ce67f5e4ef040ad2ed478644f28dd94d8be03be5ad8fa8f87930c09cc4  win-x86/node.exe
68abf8d368843410f4ca9ea0b3f8d31dbf9477c527a33a9039bbd9208236a732  win-x86/node.lib
6c445a037a3db38fedc6b2defae40b1a3f26876d11a75b70ffd04d57882fde3a  win-x86/node_pdb.7z
c11857ae1384e337034f54e188b05a3403cd69206870fd65bdba92b329c5ad4e  win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEdPEmArbxxOkT+qN606iWE2Q7YgEFAmBSgPAACgkQ06iWE2Q7
YgHAxQ//X02ypoNObdBJR7Blg+tmi8Sz/sdDJ+8Etb1WwB0rzMqFr94vkZotx46l
GUSTZiVwKyi+rjAjJ+uJHJ0ywnLOj8hFLP6eL+yzn35nnoX0sBeg+2nML9N72eSM
BCWPSNOi5CsZdUFntBDJ5ZkMTZBaleIyqbgnBORTnUEqfzjmZGb2aErFXxYa6Gym
1vQyd+Ie+ZpKwWn+HhjjG+mqxnHmXHdS8DS1gBCZx507QiW8t5D0rbnR92jjstpo
ZNDcMvYXSzHxm6YvV5y8Aafkvb978gxkMww398eRQxxMFw6jKG7yARwjtB2qKoF+
8MDM7wg1RF5iP7rxFcWlA2rAk+/g3h2O9GGLkmpHc9YWrsrZXP2ejqWEgZaSLF2i
1HY/zz1IyE+rdWMvYY6Yc/8IUyLQX8yihnuUSlF70ziI4Ndpyqm6A2ZfrNfnO2e2
+zYt9eCymsn5avQ8PSoVPSdqRbqEU0l8ugIa4b3UQOLo1RfdkTKPg/NuH0p0OET6
a2mjnDWbQ1ycf7dDQ6o/6lCquIlRGgdrPYM5ptFN+DmdF2qjU1B+IsQa2m0uc7ab
iutwdgMKGRA2ynOdDkpHdCruWWcFczG29gf9AeSitLMxvNGU50y+AoeMy/FcUv1M
QSTd17389IYKzlYe7506olRf8iR03hQaP6S2pC5N6ZWNMLpX2vo=
=KqiK
-----END PGP SIGNATURE-----

2021-03-03

articles

Node v15.11.0(현재 버전)

작성자: Michaël Zasso
원문: Node v15.11.0 (Current)
번역: outsideris

주요 변경사항

[a3e3156b52] - (SEMVER-MINOR) crypto: FIPS 관련 옵션을 항상 사용할 수 있게 되었습니다. (Vít Ondruch) #36341
[9ba5c0f9ba] - (SEMVER-MINOR) errors: --enable-source-maps는 이제 안정적입니다. (Benjamin Coe) #37362

Commits

[d039e6fa80] - assert: refactor to avoid unsafe array iteration (Antoine du Hamel) #37344
[d2e5529e08] - bootstrap: include v8 module into the builtin snapshot (Joyee Cheung) #36943
[59861bac0e] - bootstrap: include fs module into the builtin snapshot (Joyee Cheung) #36943
[458a4108b7] - buffer: make Blob’s constructor more spec-compliant (Michaël Zasso) #37361
[0d564ce214] - buffer: make Blob’s slice method more spec-compliant (Michaël Zasso) #37361
[ddae112133] - child_process: fix spawn and fork abort behavior (Nitzan Uziely) #37325
[b1e188de8d] - crypto: refactor hasAnyNotIn to avoid unsafe array iteration (Antoine du Hamel) #37433
[291d9e9936] - crypto: check ed/x webcrypto key import algorithm names (Filip Skokan) #37305
[a3e3156b52] - (SEMVER-MINOR) crypto: make FIPS related options always awailable (Vít Ondruch) #36341
[b634469c38] - crypto: refactor to avoid unsafe array iteration (Antoine du Hamel) #37364
[01773ab614] - crypto: use BoringSSL compatible errors (Shelley Vohr) #37297
[f3d67000a0] - deps: upgrade npm to 7.6.0 (Ruy Adorno) #37559
[e1045f1004] - deps: upgrade npm to 7.5.6 (Ruy Adorno) #37496
[80d3c118f4] - deps: V8: cherry-pick 373f4ae739ee (Richard Lau) #37505
[1408de7e24] - deps: cherry-pick 8957d4677aa794c230577f234071af0 from V8 upstream (Antoine du Hamel) #37471
[725d48ae77] - doc: remove experimental from --enable-source-maps (Colin Ihrig) #37540
[5d939b7a49] - doc: fix typo in doc/api/packages.md (marsonya) #37536
[cbfc6b1692] - doc: document how to register external bindings for snapshot (Joyee Cheung) #37463
[dd7a04dc9f] - doc: fix typo “director” instead of “directory” (humanwebpl) #37523
[ba81e7cb5e] - doc: revise LTS text in collaborator guide (Rich Trott) #37527
[7529a97a5c] - doc: revise CI text in collaborator guide (Rich Trott) #37526
[1285b907ce] - doc: revise objections section of collaborator guide (Rich Trott) #37525
[bc86208a0a] - doc: revise premature disclosure text in collaborator guide (Rich Trott) #37524
[46af56752e] - doc: change links to use HEAD in top level docs (Michael Dawson) #37494
[3b737e63ce] - doc: apply sentence case to headers in doc/guides (marsonya) #37506
[fb5e5bed21] - doc: fix typo in webcrypto.md (marsonya) #37507
[3b7cb75554] - doc: document the NO_COLOR and FORCE_COLOR env vars (James M Snell) #37477
[0fac27d546] - doc: add url.resolve replacement example (Antoine du Hamel) #37501
[2228f44b25] - doc: apply sentence case to guides headers (marsonya) #37497
[617819e4fb] - doc: update CI requirements for landing pull requests (Antoine du Hamel) #37308
[4a40759b33] - doc: recommend queueMicrotask over process.nextTick (James M Snell) #37484
[834f63793a] - doc: apply sentence case to headers in doc/guides (marsonya) #37478
[7ac0820da0] - doc: fix typo in doc/api/http2/md (marsonya) #37479
[4ad7a78448] - doc: alphabetize vm Module class properties (Rich Trott) #37451
[a193d7ca87] - doc: alphabetize crypto Cipher class entries (Rich Trott) #37450
[54b6f1bcf9] - doc: use HEAD for links in api docs (Michael Dawson) #37437
[549d24b8ad] - doc: fix alignment of parameters (Michael Dawson) #37422
[f3559a922b] - doc: fix typo in doc/api/esm.md (marsonya) #37400
[c3d236d405] - doc: fix “referred to” in fs docs (Tobias Nießen) #37388
[9ac8c74539] - doc: document x509 error codes (Dan Čermák) #37096
[9a454afcd6] - doc: fix typo in esm.md (Jay Tailor) #37417
[b3bf3d9824] - doc: use HEAD in links where possible (Michael Dawson) #37421
[6675342cd9] - doc: clarify that async_hook callbacks cannot be async (James M Snell) #37384
[4b54c10500] - doc: use **Default:** more consistently (Colin Ihrig) #37387
[f20ce47dbb] - doc,child_process: pid can be undefined when ENOENT (dr-js) #37014
[6205e29cb9] - doc,lib: prepare for stricter multi-line array linting (Rich Trott) #37088
[9ba5c0f9ba] - (SEMVER-MINOR) errors: remove experimental from --enable-source-maps (Benjamin Coe) #37362
[c0cdb83433] - fs: fix writeFile signal does not close file (Nitzan Uziely) #37402
[e8b1e2c0a3] - fs: fix pre-aborted writeFile AbortSignal file leak (Nitzan Uziely) #37393
[6b42e65983] - fs: fixup negative length in fs.truncate (James M Snell) #37483
[d141fce634] - fs: use createDeferredPromise() in promises.watch() (Colin Ihrig) #37386
[bb81accb16] - lib: use <array>.push and <array>.unshift instead of <array>.concat (Antoine du Hamel) #37239
[dc3c299862] - lib: remove outdated todo comment (Antoine du Hamel) #37396
[856d20b772] - lib: add URI handling functions to primordials (Antoine du Hamel) #37394
[a1ed78cb3b] - module: improve support of data: URLs (Antoine du Hamel) #37392
[27816eac61] - node-api: force env shutdown deferring behavior (Gabriel Schulhof) #37303
[f1381f7a7a] - src: fix alloc-dealloc-mismatch in node_snapshotable.h (Darshan Sen) #37443
[5ea2ed611f] - src: fix ETW_WRITE_EMPTY_EVENT macro (Michaël Zasso) #37334
[96bcd52d3e] - src: disable unfixable MSVC warnings (Michaël Zasso) #37334
[c75f5f372d] - src: avoid implicit type conversions (take 2) (Michaël Zasso) #37334
[e400f8c9c8] - src: support serialization of binding data (Joyee Cheung) #36943
[daad7bbd34] - src: adjust THP sysfs config token retrieval and file closure (James Addison) #37187
[4cc76457d9] - stream: move duplicated code to an internal module (Rich Trott) #37508
[3d3df0c005] - stream: add AbortSignal support to finished (Nitzan Uziely) #37354
[429dffd32e] - stream: add AbortSignal to promisified pipeline (Nitzan Uziely) #37359
[9696cf7142] - test: remove FLAKY status for test-http2-multistream-destroy-on-read-tls (Rich Trott) #37533
[453113938d] - test: make status file names consistent (Rich Trott) #37532
[00b3446a8e] - test: account for pending deprecations in esm test (Rich Trott) #37542
[f2aa305348] - test: fix incorrect timers-promisified case (ttzztztz) #37425
[ce7fbbf94c] - test: fix typo in test_node_crypto.cc (Ikko Ashimine) #37469
[ba319f0c60] - test: remove FLAKY for test-http2-compat-client-upload-reject (Rich Trott) #37462
[dfa0440341] - test: validate no debug info for http2 (Michael Dawson) #37447
[b38404ee17] - test: remove FLAKY designation for test-http2-client-upload-reject (Rich Trott) #37461
[b569105183] - test: clarify usage of tmpdir.refresh() (Darshan Sen) #37383
[4f41900687] - test: update upload.zip to be uncorrupted (Greg Ziskind) #37294
[d5c311ed15] - test: fix flaky test-worker-prof (Rich Trott) #37372
[df538ebc8e] - test: fix flaky test-webcrypto-encrypt-decrypt-aes (Darshan Sen) #37380
[19d6eb929c] - test: fix flaky test-fs-promises-file-handle-read (Rich Trott) #37371
[c554aa149c] - test,child_process: add check for subProcess.pid (dr-js) #37014
[5c27fd73b0] - tools: run doctool tests on GitHub Actions CI (Antoine du Hamel) #37398
[49013fcee1] - tools: make comma-dangle ESLint rule more stringent … (Rich Trott) #37088
[31f4600b7a] - worker: fix interaction of terminate() with messaging port (Anna Henningsen) #37319
[d93137b2a9] - workers: fix spawning from preload scripts (James M Snell) #37481

SHASUMS

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

dbe6ab79a7fcff06e72d5a062c5850132d06ecc79bbda5049d33a0702483f906  node-v15.11.0-aix-ppc64.tar.gz
def5bea3d66e1ca4239d2c6cb22be9b841cd937f037f7b13976960c895ebf803  node-v15.11.0-darwin-x64.tar.gz
521b1fe91fc039a6be2aa4299ba9838a323fca2eeb9360a9fb060467c3609454  node-v15.11.0-darwin-x64.tar.xz
9d37f33ce9c19adc08336a707f2ef352694bfff19001b2c835b2bcc794f3dad0  node-v15.11.0-headers.tar.gz
dbde89dce1aecdaaa278df6df5d71aa84c3981e516d0881171a594c1a53924d3  node-v15.11.0-headers.tar.xz
bac8f957c35df2985ab10098d7ee494de28872ce8382df412ef745895f30f0d8  node-v15.11.0-linux-arm64.tar.gz
6f88a96fe56cc3fb8a5983adf77c6f3bcabd957c61f9bb909806791a88cce059  node-v15.11.0-linux-arm64.tar.xz
5afd0dd1bcbbca579ebbd15e0269c0f3a2070f25a4a91772a8544f04f10418fd  node-v15.11.0-linux-armv7l.tar.gz
d5358ab1128819fd4e422489d86b797e29580ebfde70cd57d50b138c3170746a  node-v15.11.0-linux-armv7l.tar.xz
0431af5015fc11b62b99a1e043ffadda1a765ac16e3b4267a3405635cd63c0a8  node-v15.11.0-linux-ppc64le.tar.gz
3770d55974da2fa2752ad0544f37ed40771b11097b3d1884000bfa858a26c755  node-v15.11.0-linux-ppc64le.tar.xz
b7fde7316347ccb718125cdb9cce305ab3b72d6df2eca6eba04f1087d198db51  node-v15.11.0-linux-s390x.tar.gz
aeeb11ca9631c63ebd95341fb601c484080fc622cbc84ed3079939b2cda27c98  node-v15.11.0-linux-s390x.tar.xz
74df02fbe07f280ffbd20db01cd876db2bfc3463c3620849d5b4c2b4a21216e8  node-v15.11.0-linux-x64.tar.gz
389de1384e20ca0e878de359c3b4afb1e0e8f1ca5a3cc5059177cf04d5ed43a5  node-v15.11.0-linux-x64.tar.xz
c5831187bcd8d336c71a5cb4765bd3725ba14d01844eb56f33b3566e6964fae6  node-v15.11.0.pkg
367aea2415df651bf23242e1b627071173f044ffd9f216d9ff69d3322a889bad  node-v15.11.0.tar.gz
1a7091a210423970619b4af95dba6f4c6e2b576b9700460e5220afff24a8d2d1  node-v15.11.0.tar.xz
3c3dd5b380826fa9285aae2be1a55b56df1334da1b88175cb9964d4a6d9da1bd  node-v15.11.0-win-x64.7z
57904b14bb30bc8931a09f4d5d131f5c755093b0608cdd7d30d1f03cc41e61b2  node-v15.11.0-win-x64.zip
ff8684b8b3d86e43c14ab171e747c474729e0de539280ef2355a93a39cd1f2f9  node-v15.11.0-win-x86.7z
e4bf3e877211ecec1bc6d26849b4317e5ce0c8b7787331b519e78847a988ae3b  node-v15.11.0-win-x86.zip
5a792858e21a58050801d30885ca5c96dc908468ceb37783c219175ea67d923b  node-v15.11.0-x64.msi
57e93fe0a0bc4b56b4a3b913c956f96db2afefc79553a4dc06488f44985c3ce2  node-v15.11.0-x86.msi
1bfa1c2660078a4620d320ebde339d183ecd725e38febecd873cbdfda4edcd6a  win-x64/node.exe
0692711edaf626282aaeff0a28cce749488d03a5d1db6490c7bb19866ec4aedd  win-x64/node.lib
4c9e4b326e142cbc8ea55d07f10b90e37e982a7bd44f4d4ad40b0d887fbdaded  win-x64/node_pdb.7z
b1095c438bccc4495338c109b05be23bb8ebce771faebf21e41660b54b5d312d  win-x64/node_pdb.zip
2cddc4bc386cadb033c7b717180255150a5c6688d75d47a3705f0407119ab8d3  win-x86/node.exe
f884d9353d2b848084edd4b5be8bf4a2b84a2ce2c45f22dc569ebbf59314f5d5  win-x86/node.lib
05c5b5c4ddacf0f50baf884695a6293dc63fa74b3ff1f19d474ab549f5536ecd  win-x86/node_pdb.7z
d98fef2119452dc2307e3e353ab4284e49bb686ecd9c624a05919681aa6c71e5  win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEj8yhP+8dDC6RAI4Jdw96mlrhVgAFAmA/KB4ACgkQdw96mlrh
VgBoCA//ecXWCT6/7AuEN3nsG3l0r57ZOzDdGWfE6ACzZmsJBolcWcDDnJkgMhrV
2f583weOBBf0wNjPPLeplwLs5roeXi1jx2XrFfc4olleIKqM62QRACcL3hNnYjoT
jh6S892sPtIDADTj7VHF/cjNcJ4ygihNV6KZihPFM1xHrJQ2/dta/CiwZxEhEoAF
RCmNksMiZb7/09GTeQb6pk/uUkh1bw/FvhGtylLjPcXwECq0hCfDXNfhEbNaMtnD
JLIMdtQtwlI0xDP5B9vnPT/ErUYeFQcbX6Dhuh33tmLTcOm3TK1HlRU28h8CmPvu
8fEBAEWPh2nvuIWPXpwMrTxsvvdqeozfgTsgpGENKYizYHE/EiFyjQ5JKM9xPDKT
Pujcc6w9qIxFuuIZEU+sxEBduH8H9SqNu7Cpe9ozaKV0ISeCXl3Ad3xZ8/jvceVy
hfn7XZ6HNDD39h3RHhGfGovcqLbil91XG7/sJtWd6TF9FZd5IrNfjlkBNsH2A/Gt
5XUjA2Xzrn1aY/A4N3ZYmWPIaTOf3W3IT6B5brjKEyCSLIxNZrhMUFm6GTYx8J+M
YtcHyBmveb5tC7q8RWbwS1l0+/EV2NqvgRwYZMPTSNnqQIM2A4VbkXgyvkJjh9xF
mijQgrwnO0OucCRNCV7HGrJIgikHEDLdAkLR6MOQgQvzAI6GtU0=
=Vh03
-----END PGP SIGNATURE-----

2021-02-23

articles

Node v10.24.0(LTS)

작성자: Richard Lau
원문: Node v10.24.0 (LTS)
번역: outsideris

주요 변경사항

다음 취약점이 수정되었습니다.

CVE-2021-22883: HTTP2 'unknownProtocol’이 리소스 소진으로 인해 서비스 거부를 일으킵니다
- 'unknownProtocol’로 너무 많은 연결 시도가 이뤄질 때 영향받는 Node.js 버전은 서비스 거부 공격에
  취약합니다. 이를 통해 파일 디스크립터가 유출될 수 있습니다. 시스템에 파일 디스크립터 제한이 설정되어
  있다면 서버는 새로운 연결을 받을 수 없고 프로세스가 아무것도(예: 파일) 열지 못하도록 막을 것입니다.
  파일 디스크립터 제한을 설정하지 않았다면 과도한 메모리를 사용하게 되고 시스템에서
  메모리 부족이 발생할 것입니다.
CVE-2021-22884: --inspect의 DNS 리바인딩
- 화이트리스트가 "localhost6"을 포함하고 있을 때 영향받는 Node.js 버전은 DNS 리바인딩 공격에
  취약합니다. "localhost6"가 /etc/hosts에 없으면 DNS를 통해(네트워크를 통해) 처리되는 평범한
  도메인일 뿐입니다. 공격자가 피해자의 DNS 서버를 제어하거나 응답을 속일 수 있으면 “localhost6”
  도메인을 사용해서 DNS 리바인딩 보호장치를 건너뛸 수 있습니다. 공격자가 “localhost6” 도메인을
  사용할 수 있으면 CVE-2018-7160에 나온 공격을 계속 사용할 수 있습니다.
CVE-2021-23840: OpenSSL - CipherUpdate의 정수 오버플로
- 이는 Node.js에서 이용될 수 있는 OpenSSL의 취약점입니다.
  자세한 내용은 https://www.openssl.org/news/secadv/20210216.txt에서 볼 수 있습니다.

Commits

[0afcb4f6bb] - deps: update archs files for OpenSSL-1.1.1j (Daniel Bevenius) #37415
[447be941cd] - deps: upgrade openssl sources to 1.1.1j (Daniel Bevenius) #37415
[3f2e9dc40c] - (SEMVER-MINOR) http2: add unknownProtocol timeout (Daniel Bevenius) nodejs-private/node-private#246
[d1cf6a9b0f] - src: drop localhost6 as allowed host for inspector (Matteo Collina) nodejs-private/node-private#244

SHASUMS

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

59bdb393035c605627bf4ba64ad8edcc74f067043790c7edc545333cca8630c4  node-v10.24.0-aix-ppc64.tar.gz
265ccad26fdfdcd86d6571b0bf5f1815b55f6a4a9b367816ad0369790501f55e  node-v10.24.0-darwin-x64.tar.gz
ba749262eb5599360cdfe5edf7516a98269defcb6d2de56a9bbfd95a76366a7d  node-v10.24.0-darwin-x64.tar.xz
165ca4182bcfa952d2405e53f480525dfe62c3fd453a893bc34df6cbb8fc6740  node-v10.24.0-headers.tar.gz
c7afbb814018f2bed87e85b2aa71c864c961a3754b0733bcfd077fbb068cfd76  node-v10.24.0-headers.tar.xz
65e6255c6f95b6dcf87f13c21994bc80205b4bd7c7d9a3fe1f8f2a18daec576d  node-v10.24.0-linux-arm64.tar.gz
41bbf035512a72d073e93440458ad6e48586853fc0a5b6396ded80a2d45cb49c  node-v10.24.0-linux-arm64.tar.xz
5a5dcc02bfd0ddcbeb2ef68f116bb72e416149f15f12767864bde77edd7f39d1  node-v10.24.0-linux-armv6l.tar.gz
076d387b1e9345c675745a453f642b6819b07b21cf21d6824f33c8d508f71559  node-v10.24.0-linux-armv6l.tar.xz
02feb052d0e1eb77c9beea5cfe3b67b90d5209ab509797f4f6c892c75cc30fda  node-v10.24.0-linux-armv7l.tar.gz
0b01cb43903bc2d06f0ea3bb6753da4c91fd9533f1bd74e8bd2ee55b470a9084  node-v10.24.0-linux-armv7l.tar.xz
227338ffe74d2c2a87bd1bd77f4c74d21d8027e8eff78eb8e7f686a470b83fbe  node-v10.24.0-linux-ppc64le.tar.gz
1d5b9c5a6ffb7027bbf9cf608d919c280039cea1f1f0308324aca871d874fca7  node-v10.24.0-linux-ppc64le.tar.xz
5a4478e6602c6c6fb28bc01b5356215e714ef0d3917fb1ede487c9b93e88741e  node-v10.24.0-linux-s390x.tar.gz
322d9faf2d724de4596cc021e5eb37553ceafc07fccd2f39afede8c56dde7432  node-v10.24.0-linux-s390x.tar.xz
d8d7ecb0667a9b86b7ce1994731f9c9d313b46f04de59f724259a6fda685617a  node-v10.24.0-linux-x64.tar.gz
a937fb43225289ada54c6c3272a2ad18e1e33b8c7d6211c289d421b5051fdbd0  node-v10.24.0-linux-x64.tar.xz
347004459f040a83bf7f1cb663dd9ba846df8def8967a9572801484768b8a754  node-v10.24.0.pkg
c5233cea13d3ce560cda1cdda873c2054bd3b5621da466fb4965668ef4259b93  node-v10.24.0-sunos-x64.tar.gz
2b43e85f73a0dbc1ec0e64394c2607cbfe53045aaa11f3d9a65ceb4cc6ee8394  node-v10.24.0-sunos-x64.tar.xz
c8d0a56279be77a9033b5f89603c6c491060a661c607fbf82bbe931ca662996e  node-v10.24.0.tar.gz
158273af66f891b2fca90aec7336c42f7574f467affad02c14e80ca163cb3acc  node-v10.24.0.tar.xz
bf839f4d96e1cb105c271a1ccb7a728ff8ce7dfd34a260afaf02e349b00831d2  node-v10.24.0-win-x64.7z
abf0aa48f642aa9ef6cc0021d2fe0275a60feece603664a76c31a812adc710bb  node-v10.24.0-win-x64.zip
7e0e4c6b43935ce194456bbf066bb72fad49427fa08bfd4e7fc9818b4f312d3c  node-v10.24.0-win-x86.7z
6e32b8c513ba209ae7ac2058c106d0b83b4c14c3472d3f1ad956fd3462691799  node-v10.24.0-win-x86.zip
a2c5dd02e43715127248d8533d260a9d4359b9f2d6ba6958df65631b8bf627cf  node-v10.24.0-x64.msi
afcfa989c331e92ed02aeb88b0865ac2264b7bc297685ea46de48d5a945d46c0  node-v10.24.0-x86.msi
58c529834cbc65363d07e1ee59bb577cc76f527a2b0db80d0784e9b6e3c7e6da  win-x64/node.exe
7688ed23318d253aa98ee198f94983e4b563fab188e6fd9dd32955e77111096a  win-x64/node.lib
2ae5424c759a3eb7aabfbb5d21ce8227f43d27150fbf6e1dd89173eeae9a4f8c  win-x64/node_pdb.7z
7a68fa70295977484f1b1dcffa7d590c5b5f84b28d0ea51ffea734850307933a  win-x64/node_pdb.zip
121c6d54aa31bb43a042e7cdedf0bdc916c39895f0f46c34cac76c3990895381  win-x86/node.exe
de1f3445597cbbee2e5eac435651f5dcab049a2d8bd3636877ab5803a87e269e  win-x86/node.lib
2e218cafa528cd3a35dd58ba621b3f182498db7f235c072f14d1426043cf2eb8  win-x86/node_pdb.7z
2e4d6d1c72a90bdff03412d525b764a445edc108cd0503c4baf7da708b081a6e  win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEyC+jrhy+3Gvka5NgxDzsRcF6uTwFAmA0+7cACgkQxDzsRcF6
uTwCexAAhTRwBOfMu0XzBPBa+NdpJSDjbYtyI2BNcR8NWMnL18H2pQCbPL2zrm1T
a9kUiNgEuRElMjrxGTyUrx9sNkLPgJDnVeKTXGmwvYk6l3NwbKXW69qn2P/GUAdt
Y9/EnZUWY8s5gyPg4+OtQ5BwgGKrqW/Xsf3rUGFvqvoWqVeUTrQsZVCRrZWdm9oZ
pZyZaLWFCYH08PIq2Q3eYjpfu2Uv7HqWFVIM2NtFI6snZmVmnjUIsr8P1leJQVmM
CZ1Pb9O7+m4jgPGOqWXoJl7bjNrk5jn6o7kZK4AaavR8oMVkRNDikI3VlKBXytMg
lJYapT0a9ELYCVqXhCCar/zNhZDLwJd6b/rYIbP9SKqE9Zcxv2iABR1S3GZwjfEC
dPqTO2blff0CBEU/PsCZxdnSDXPHn3JCwtsuXl4tkyXsH4jd7ob0ur03P7mKfwOR
eZH4wIMPj/KVRKbcT/ts22WzaI21BI06/3MRj4i54fMsloZYCP1+99iovKSqnXrG
iOfse5AjBVWCVsfiJcQfDfDSnL2jl1OF8ii1ZR+gEE2ZczLeCDKszwpBM+66oIqT
cyz3elK64mKc95q9e/eZo9WNwokUsVY6uhqAN08Z1rBnF4ffYGN0YLzOy3/tgHv0
oUt/5184eDsTucMAdC8TbjF1XjFTx2aIc2y1e4ZzJF9GtUQ2FEE=
=V+LP
-----END PGP SIGNATURE-----

2021-02-23

articles

Node v12.21.0(LTS)

작성자: Richard Lau
원문: Node v12.21.0 (LTS)
번역: outsideris

주요 변경사항

다음 취약점이 수정되었습니다.

CVE-2021-22883: HTTP2 'unknownProtocol’이 리소스 소진으로 인해 서비스 거부를 일으킵니다
- 'unknownProtocol’로 너무 많은 연결 시도가 이뤄질 때 영향받는 Node.js 버전은 서비스 거부 공격에
  취약합니다. 이를 통해 파일 디스크립터가 유출될 수 있습니다. 시스템에 파일 디스크립터 제한이 설정되어
  있다면 서버는 새로운 연결을 받을 수 없고 프로세스가 아무것도(예: 파일) 열지 못하도록 막을 것입니다.
  파일 디스크립터 제한을 설정하지 않았다면 과도한 메모리를 사용하게 되고 시스템에서
  메모리 부족이 발생할 것입니다.
CVE-2021-22884: --inspect의 DNS 리바인딩
- 화이트리스트가 "localhost6"을 포함하고 있을 때 영향받는 Node.js 버전은 DNS 리바인딩 공격에
  취약합니다. "localhost6"가 /etc/hosts에 없으면 DNS를 통해(네트워크를 통해) 처리되는 평범한
  도메인일 뿐입니다. 공격자가 피해자의 DNS 서버를 제어하거나 응답을 속일 수 있으면 “localhost6”
  도메인을 사용해서 DNS 리바인딩 보호장치를 건너뛸 수 있습니다. 공격자가 “localhost6” 도메인을
  사용할 수 있으면 CVE-2018-7160에 나온 공격을 계속 사용할 수 있습니다.
CVE-2021-23840: OpenSSL - CipherUpdate의 정수 오버플로
- 이는 Node.js에서 이용될 수 있는 OpenSSL의 취약점입니다.
  자세한 내용은 https://www.openssl.org/news/secadv/20210216.txt에서 볼 수 있습니다.

Commits

[e69177a088] - deps: update archs files for OpenSSL-1.1.1j (Daniel Bevenius) #37413
[0633ae77e6] - deps: upgrade openssl sources to 1.1.1j (Daniel Bevenius) #37413
[922ada7713] - (SEMVER-MINOR) http2: add unknownProtocol timeout (Daniel Bevenius) nodejs-private/node-private#246
[1564752d55] - src: drop localhost6 as allowed host for inspector (Matteo Collina) nodejs-private/node-private#244

SHASUMS

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

10a487471ebd720f0d643c9e8e919db580baf852b812788f00db736d2e634d77  node-v12.21.0-aix-ppc64.tar.gz
4d0b5d07d41a16909fdeb41c3158c27bcdccf16231cccf76d5eb6835e2076e90  node-v12.21.0-darwin-x64.tar.gz
4184cc5412cdf256996aa7f559859abc355b48f03144349cf8531b6bf0526f49  node-v12.21.0-darwin-x64.tar.xz
f708e19706d1c486b80ee2420cb8ef5d25c0958bf05f7c880519f97b8bf6d46d  node-v12.21.0-headers.tar.gz
5a59cb03e24e7a23f3e9ba236627604f14c9296c461034fc6126beeacb1befa9  node-v12.21.0-headers.tar.xz
5748bfc5bbf7d9c1c8e79bd4f71d8f049c7fc7bc5b52e04685633319843c4f93  node-v12.21.0-linux-arm64.tar.gz
66fcb5a975fbc2dec449fab5eedd947b92cc2a4ad02085be5c3277896abab252  node-v12.21.0-linux-arm64.tar.xz
6edc31a210e47eb72b0a2a150f7fe604539c1b2a45e8c81d378ac9315053a54f  node-v12.21.0-linux-armv7l.tar.gz
00c0a0ac0841e3ca3eefd561b54ec5e32978255489d64f4077410660d3bee1a6  node-v12.21.0-linux-armv7l.tar.xz
6fea17dc8bc059692dce1a149b2eb49c837f8b8569ba1c5b9a51a955b9df22f3  node-v12.21.0-linux-ppc64le.tar.gz
19cb55de1337b1beb7a8a7241f624b70ddc39687f9f1aabc0a524f2cdee8bce7  node-v12.21.0-linux-ppc64le.tar.xz
e521bc915c0568995f3083bf069ef41a930585a35f4cac50e17208be125c865d  node-v12.21.0-linux-s390x.tar.gz
038872f0ac5d061c1f299383a7faf9abc1c2c82314e08b2c548a0e5baf99c29f  node-v12.21.0-linux-s390x.tar.xz
ab121de3c472d76ec425480b0594e43109ee607bd57c3d5314bdb65fa816bf1c  node-v12.21.0-linux-x64.tar.gz
eb89c02153cfa25e40170e5e9b0ab43ad55d456af8b72ad2a8c2a42b7a647432  node-v12.21.0-linux-x64.tar.xz
30d8bee18a5f874104997a0383abe9c8bc983971c1cb0d7be7b49ef957e3b196  node-v12.21.0.pkg
d44d09355caea12f280f2854c2f6e933446b49b65e926bcb5e50bd0ab2b17d73  node-v12.21.0-sunos-x64.tar.gz
08b76d199feb0f2c76742c192ee6040f61d6f551ca6bbc1618bd2e387699e27a  node-v12.21.0-sunos-x64.tar.xz
36e862555bebc04b13f7afebf4472c4dd7ebf4c891f9d6746ec545a4f099d05e  node-v12.21.0.tar.gz
052f37ace6f569b513b5a1154b2a45d3c4d8b07d7d7c807b79f1566db61e979d  node-v12.21.0.tar.xz
3d635d2cc254a3d203182d2051b57ad3e2000afecc3cb8da0128ae1bf610b040  node-v12.21.0-win-x64.7z
d8ae037fb8be60e74fb96124e341fdf1251eae0d5d88d7d86f056d4b0c9440f3  node-v12.21.0-win-x64.zip
892429ab069d325622040dc81f35c8903c9271dd2abcf21a50cc0eb260356426  node-v12.21.0-win-x86.7z
1e966131d9d65107d8ca1dbdaa997533a6f7375af4b9dbc2d38d786d37b271b5  node-v12.21.0-win-x86.zip
aa644a95369423095d274e3f7a4ee4826021c7b54c1b267de0c855578d9599db  node-v12.21.0-x64.msi
221d142409fd750c2eb7fc829e597b3a28f16622e64dd05f27bf62e17503cbb3  node-v12.21.0-x86.msi
dfc0a5056def827b5e16a9dcf0c8bad65e09fa327de03839116fc32f802d427d  win-x64/node.exe
2662b79e36ee678661554d290a3b8277c4c92cc74dffcda37a9f8f8e83287c73  win-x64/node.lib
6132bece56ab20f45388b83c16e8fadc2c1fa84ab2c7bcbccd2e729c08e99e9d  win-x64/node_pdb.7z
bd49185210e0a32410f42c3cc0c5dca12c9423a7a8e8db653557b0e2157cee2d  win-x64/node_pdb.zip
68f086de221ee2e0bd40968400181cb9bd4b0ca38f6370a5665b5fac0fd85f20  win-x86/node.exe
794dd4c597af2483d162426a37c99746d319aaa358219ace7bb179140f16d5f2  win-x86/node.lib
4f42fb8127392963c5144c24d5655cbd01cfb17b0a6337e4e8d9289498c28e8b  win-x86/node_pdb.7z
ba116759b56690967d41fc27101a4e5659a2f8fd853e9010a3b1407575423325  win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEyC+jrhy+3Gvka5NgxDzsRcF6uTwFAmA0+9oACgkQxDzsRcF6
uTzz0w//WLPLC2aIyxwP2Gp733ZcdmKOD7Fjip1woPEWA9FQe49+uJMBdFrVuyM3
cdXehkqtCL/hVehSbQzMyWAnQraz5k631hXx1yjPIXHVd/kM/8Mo9m5eVUSXNn8o
yRAmWINI0RffbxlKcnslcyRE92Lq8QCJs4+/LB6VmHEv7jF/T34Gy493pMiwNBBU
kNQvslUJUcxrY546/45urOSsLraWDY6xOsNIBOQONUNX5GSLS7PZdKyUsjb8v46o
W0r0tnPrn5aT8HIVluSjxZi2MUChQYI63ytNfym7+NRa1sV8slaSiEH9h5UzOAIr
tAwY/Jm11Zx8M2VNNlkSMlA2U9LEcPjpZBsT5yofrHfMk+Om19J5JPlNMlOaOtSZ
O35VnT9xwvF3F9XQh9n2URm/d9WPCcnSg9Vum5AqjnCFuzfLpXBFaHqe67GkudGr
pQ39r40pnLLZ04vYiNDnfCyF7Jpkq39HCEMdLUVYtq5uztXfGE7vsK/VkNemr3Rs
nKGDAWQ4orV6BEivlPG41J+ed8k/FT2h/SIvGimVL6F2X5KXaQ11YMBujKQCXhc2
1xCsREXu/gNj1Khfg3bGhiLU39VQglaP3dudJ/JohbhAbK3r/hoI8dS/DZXMbsT+
r8Ku1F4q3TVyqkYpCskN88igVFhj4gZ4A/oOcZItEOka8+aAWmY=
=GYm4
-----END PGP SIGNATURE-----

2021-02-23

articles

Node v14.16.0(LTS)

작성자: Bethany Nicolle Griggs
원문: Node v14.16.0 (LTS)
번역: outsideris

주요 변경사항

다음 취약점이 수정되었습니다.

CVE-2021-22883: HTTP2 'unknownProtocol’이 리소스 소진으로 인해 서비스 거부를 일으킵니다
- 'unknownProtocol’로 너무 많은 연결 시도가 이뤄질 때 영향받는 Node.js 버전은 서비스 거부 공격에
  취약합니다. 이를 통해 파일 디스크립터가 유출될 수 있습니다. 시스템에 파일 디스크립터 제한이 설정되어
  있다면 서버는 새로운 연결을 받을 수 없고 프로세스가 아무것도(예: 파일) 열지 못하도록 막을 것입니다.
  파일 디스크립터 제한을 설정하지 않았다면 과도한 메모리를 사용하게 되고 시스템에서
  메모리 부족이 발생할 것입니다.
CVE-2021-22884: --inspect의 DNS 리바인딩
- 화이트리스트가 "localhost6"을 포함하고 있을 때 영향받는 Node.js 버전은 DNS 리바인딩 공격에
  취약합니다. "localhost6"가 /etc/hosts에 없으면 DNS를 통해(네트워크를 통해) 처리되는 평범한
  도메인일 뿐입니다. 공격자가 피해자의 DNS 서버를 제어하거나 응답을 속일 수 있으면 “localhost6”
  도메인을 사용해서 DNS 리바인딩 보호장치를 건너뛸 수 있습니다. 공격자가 “localhost6” 도메인을
  사용할 수 있으면 CVE-2018-7160에 나온 공격을 계속 사용할 수 있습니다.
CVE-2021-23840: OpenSSL - CipherUpdate의 정수 오버플로
- 이는 Node.js에서 이용될 수 있는 OpenSSL의 취약점입니다.
  자세한 내용은 https://www.openssl.org/news/secadv/20210216.txt에서 볼 수 있습니다.

Commits

[313d26800c] - deps: update archs files for OpenSSL-1.1.1j (Daniel Bevenius) #37412
[6098012b48] - deps: upgrade openssl sources to 1.1.1j (Daniel Bevenius) #37412
[afea10b097] - (SEMVER-MINOR) http2: add unknownProtocol timeout (Daniel Bevenius) nodejs-private/node-private#246
[1ca3f5abcb] - src: drop localhost6 as allowed host for inspector (Matteo Collina) nodejs-private/node-private#244

SHASUMS

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

086c8b4aa726c3b197765c9f66e05b25f8e811853d0686dfbf380299b4bf5869  node-v14.16.0-aix-ppc64.tar.gz
14ec767e376d1e2e668f997065926c5c0086ec46516d1d45918af8ae05bd4583  node-v14.16.0-darwin-x64.tar.gz
e20317c315198b3a6eaefbcf60b76082558d63be264736d56ecc7f5b0dabe60b  node-v14.16.0-darwin-x64.tar.xz
4b44b92903a61c29af20550f9d25bfc3029657df6b5f0a12072a70360f7eedee  node-v14.16.0-headers.tar.gz
e0704d9f5accdb876dd45be1b2ade2176219893b8a5df863130f3d9a11e69702  node-v14.16.0-headers.tar.xz
2b78771550f8a3e6e990d8e60e9ade82c7a9e2738b6222e92198bcd5ea857ea6  node-v14.16.0-linux-arm64.tar.gz
440489a08bfd020e814c9e65017f58d692299ac3f150c8e78d01abb1104c878a  node-v14.16.0-linux-arm64.tar.xz
a64860a02e4b692d262d453952cae99a3c9842d3fc90336b54ca03e990c780b8  node-v14.16.0-linux-armv7l.tar.gz
5d28ac28088c9a8c679285ed09df979125982941eec2c7cb465eee9a3b0be3c0  node-v14.16.0-linux-armv7l.tar.xz
2339b4b1a8db39348cb1877b0cfdee3b2ef2b730f461ef7263610cbaaea5232a  node-v14.16.0-linux-ppc64le.tar.gz
47a3768924a1f09ab8f9f50d0c73503e7bf9bb5a2bee58acf91e1e02d412ec78  node-v14.16.0-linux-ppc64le.tar.xz
485d6f38270de0763d9132b78fc88cefc8312a71f53587c874a2c09e58396057  node-v14.16.0-linux-s390x.tar.gz
335348e46f45284b6356416ef58f85602d2dee99094588b65900f6c8839df77e  node-v14.16.0-linux-s390x.tar.xz
7212031d7468718d7c8f5e1766380daaabe09d54611675338e7a88a97c3e31b6  node-v14.16.0-linux-x64.tar.gz
2e079cf638766fedd720d30ec8ffef5d6ceada4e8b441fc2a093cb9a865f4087  node-v14.16.0-linux-x64.tar.xz
8f8f6f7b6db7c518be52878a3a58d48bcd575446a9c6ce75a60cdb6cfe1a3dd0  node-v14.16.0.pkg
f6b904b06951de4c52089dd4456155d853e835b0dc4640f75458c6eb49f9e8ce  node-v14.16.0.tar.gz
4e7648a617f79b459d583f7dbdd31fbbac5b846d41598f3b54331a5b6115dfa6  node-v14.16.0.tar.xz
67f352be37b1b0c00ff7531e6b2a93b0021e5f06743f16394b9dbd6fc47a7fe9  node-v14.16.0-win-x64.7z
716045c2f16ea10ca97bd04cf2e5ef865f9c4d6d677a9bc25e2ea522b594af4f  node-v14.16.0-win-x64.zip
0f862027290301918db84dd705024a9b623a08f2ad86dfb3829c32c9c050e25c  node-v14.16.0-win-x86.7z
9699067581e0d333b13158d4ebb27b6357444564548aaa220d821cdc6d840bd2  node-v14.16.0-win-x86.zip
d9243c9d02f5e4801b8b3ab848f45ce0da2882b5fff448191548ca49af434066  node-v14.16.0-x64.msi
61d549ed39fc264df9978f824042f3f4cac90a866e933c5088384d5dedf283fe  node-v14.16.0-x86.msi
5c10d99cc7229fd8092585f7a5e15771d62dc84b9edeb0c2140a2d187b305506  win-x64/node.exe
3f67805bbcfea13e9acc892f4590cacc5eb2514ac817d003f5327c07a2385a0d  win-x64/node.lib
fe3cab4ca83172f495b83710731224e01cd936c2d823a53480bed1113fa704f8  win-x64/node_pdb.7z
099ed74db3ceb4e47816bd1a9d792a4ab465ba60ec945b65e95e24b7049f76e0  win-x64/node_pdb.zip
c7b723504b5ee487785a12989026db061f5ee1fb120826fcc1afcbec5fc5d1d5  win-x86/node.exe
dfe06cfa2c95a49a92bfebc8f68ec1216b951c9363cfc8b36fbc80fc1588fb15  win-x86/node.lib
235bc5ec83e9dfd328dbca9c71f2f036f9bb13d2378c3869ced7a1edc5ff63a1  win-x86/node_pdb.7z
58a50e0a495189c054c96e76d2f9a6c8f45d6880852db3404eaca99a133c91a4  win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEETtd49TnjY0x3nIfG1wYoSKGrAFwFAmA0/HgACgkQ1wYoSKGr
AFxqNQgArjEJi6JfqFHsMDkKp75ZHZY7X+1VjbwaPZd7r1dY4gbe/ZqHdXEzVHEB
Y1Pbqrkng8zOzHDWqxGhjuOYCwjcKynLAKcfKqCpZ/reqQzf2lmdB2zM8clqG++r
rWT9auJz4JtxC5cSQ48rEjju2aQpwSARlrZepr99k8QoRWL8lZhp8t/ccYwWMunN
oE8v/4wR1WX23GnQmAze9I7ABYmxClFmDSUG85ml4VAI7+G0bLiH72gCe6sJR2Ms
e5gS5XqbRvth4oUH4f/IRRoS0BOl5oXY74Qg2d23qMG6WKBu6Gu/phcFWpSuiMnV
BHFfl4y/8zRNLHPD00KwOp4qucMLvA==
=XRSJ
-----END PGP SIGNATURE-----

2021-02-23

articles

Node v15.10.0(현재 버전)

작성자: Bethany Nicolle Griggs
원문: Node v15.10.0 (Current)
번역: outsideris

주요 변경사항

다음 취약점이 수정되었습니다.

CVE-2021-22883: HTTP2 'unknownProtocol’이 리소스 소진으로 인해 서비스 거부를 일으킵니다
- 'unknownProtocol’로 너무 많은 연결 시도가 이뤄질 때 영향받는 Node.js 버전은 서비스 거부 공격에
  취약합니다. 이를 통해 파일 디스크립터가 유출될 수 있습니다. 시스템에 파일 디스크립터 제한이 설정되어
  있다면 서버는 새로운 연결을 받을 수 없고 프로세스가 아무것도(예: 파일) 열지 못하도록 막을 것입니다.
  파일 디스크립터 제한을 설정하지 않았다면 과도한 메모리를 사용하게 되고 시스템에서
  메모리 부족이 발생할 것입니다.
CVE-2021-22884: --inspect의 DNS 리바인딩
- 화이트리스트가 "localhost6"을 포함하고 있을 때 영향받는 Node.js 버전은 DNS 리바인딩 공격에
  취약합니다. "localhost6"가 /etc/hosts에 없으면 DNS를 통해(네트워크를 통해) 처리되는 평범한
  도메인일 뿐입니다. 공격자가 피해자의 DNS 서버를 제어하거나 응답을 속일 수 있으면 “localhost6”
  도메인을 사용해서 DNS 리바인딩 보호장치를 건너뛸 수 있습니다. 공격자가 “localhost6” 도메인을
  사용할 수 있으면 CVE-2018-7160에 나온 공격을 계속 사용할 수 있습니다.
CVE-2021-23840: OpenSSL - CipherUpdate의 정수 오버플로
- 이는 Node.js에서 이용될 수 있는 OpenSSL의 취약점입니다.
  자세한 내용은 https://www.openssl.org/news/secadv/20210216.txt에서 볼 수 있습니다.

Commits

[2a3ce5974b] - deps: update archs files for OpenSSL-1.1.1j (Daniel Bevenius) #37412
[afbce66874] - deps: upgrade openssl sources to 1.1.1j (Daniel Bevenius) #37412
[4184806dee] - (SEMVER-MINOR) http2: add unknownProtocol timeout (Daniel Bevenius) nodejs-private/node-private#246
[43ae9c46c3] - src: drop localhost6 as allowed host for inspector (Matteo Collina) nodejs-private/node-private#244

SHASUMS

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

351ef617dea3ec93819ebb92435b82febaa1de393bdb442dcc129ac76a03014c  node-v15.10.0-aix-ppc64.tar.gz
45ccf8dc5ac539a4f965313593510970a992e5f5dcf8cfacaebec0f99fd546be  node-v15.10.0-darwin-x64.tar.gz
60678b3995712ed96928c9bcce86d6847035d7853417b9862e8b2f7bd888aa7e  node-v15.10.0-darwin-x64.tar.xz
5ee67c683f7d5d060829aece2ec04609de9d500f5b6f56f584c0f1707650c9da  node-v15.10.0-headers.tar.gz
b8cb4c1f8cdfb19c3ecffa01a1a23754ae2075a19dfac3c33ababe9f3e5c9ad0  node-v15.10.0-headers.tar.xz
a9f8c807ec31ed24fe6e0b2d002ce2d1b9f20b7e23a0efe10679331a44b30dba  node-v15.10.0-linux-arm64.tar.gz
d3af39fb8d7bfc22c711aed4120a3fc4419cd70b3d2016b18c6a709fa0f0e845  node-v15.10.0-linux-arm64.tar.xz
ca27a48dd9233b00c49b37a07751395657d4e454ebfa5066a6371e5f6c9969cf  node-v15.10.0-linux-armv7l.tar.gz
200ca8de7f7d575dcf9221a40fe8754be40759b97f254d55b1f4679f368d5eee  node-v15.10.0-linux-armv7l.tar.xz
49977dac42124295bedff31b8409f2990b586aa673f439ed5e9636ac1485a08d  node-v15.10.0-linux-ppc64le.tar.gz
7a54dc554686d7fe7c45db57068a03c69dfd64afd7994873b77c1c7bc978db8a  node-v15.10.0-linux-ppc64le.tar.xz
078a8c2207f92040e0decdcfde0cd368973208876f01ff7d03de6bd0d5f09090  node-v15.10.0-linux-s390x.tar.gz
c2c8375d491e9f7c39e297587bcf99fe6be70ae38aaa9c1757405a5818fe5c73  node-v15.10.0-linux-s390x.tar.xz
31554d9b2de47948a364a007031c635d3943c303e50703b5f4c41a5eead07737  node-v15.10.0-linux-x64.tar.gz
a56793179965235e7c4f911f2cec08dd3f31dc1e09d68eddbb397107042a43fc  node-v15.10.0-linux-x64.tar.xz
aa188140cdc1f96a719bcc88904a37fdcd0745ed8344de9866a4e6869cc45466  node-v15.10.0.pkg
643f9bbd6ae4c424224c946cad52d11b9379aaab927673b2e3c6c4df9a1a7b0e  node-v15.10.0.tar.gz
7748d8f15eabb5543f26fec8ca08e755044512fab1f6bd98d5ba403f276deec4  node-v15.10.0.tar.xz
1e346ced805d316f9d288a2165e9273ed3e75d18bf02b55cda890af25e90919b  node-v15.10.0-win-x64.7z
2bf72da4e5ddc485599f2eca54ab7c59001d70baec7ff2bb050d9f4ed1b066a6  node-v15.10.0-win-x64.zip
3509ce1b7d26116e955c39eae2f60e2132b0b7db423283cac19ef643d682efc6  node-v15.10.0-win-x86.7z
aba943732f371eda2341a62de84c459b376b755917ea92ae587afcc4bfbbaf5d  node-v15.10.0-win-x86.zip
999ca54fb0b329dca36eb01975d6f4a2b3120707d078c594019e88cdda8f0a85  node-v15.10.0-x64.msi
ed40690ceee7339554f0d592453f864235e1e241a85f0e53d7e39a2c73554ab3  node-v15.10.0-x86.msi
a0db7bf0565841e88b85979efb9a640a702dd8ded3b5915342635b190b1413ca  win-x64/node.exe
0692711edaf626282aaeff0a28cce749488d03a5d1db6490c7bb19866ec4aedd  win-x64/node.lib
456373f6ed6145be5b01ce588590ec927c7c05f025704082a4986dc2eb4b25a6  win-x64/node_pdb.7z
b6de50aebb75696fca501a5bbf1914c7a01ebd929d2dc49707621410b8017276  win-x64/node_pdb.zip
5c0095f58e0d4e0bdb0598b5db5a5c4c31ba1cf090994fbd415ab4dc273506f6  win-x86/node.exe
6cec3adfe0cbf4f894d89fafe857fbda9dba14b61586d6abf145b3dd7775dad3  win-x86/node.lib
1ff43f5c0c77951cdfe21bb49973e800c8fdee6ea7565d6054bd2775a024ec47  win-x86/node_pdb.7z
59bb4f60277962be395513fa597126a44ce7264674a94ada6d32c0d2b6477f22  win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEETtd49TnjY0x3nIfG1wYoSKGrAFwFAmA0/JQACgkQ1wYoSKGr
AFzJvggAn5bMlAIhNEZUTZHEX9KiBMiSozCY+E+sZHFCuUwW5wCP2C1eZ6ImNcTi
QAjQEtHk2Pa2weHY2+TI0PZ+BNvXCYcgdTI5jsuhNEoIAvcNRKjdJzEWSwbMZfPv
LHbaGl4SyvNlAweDDsE7lskI1DpyS3p6h/X2+NmUZjcqceMVUPD2/udymIZHwW3P
/8hgntl3N19Qu18VXm1cUDR5VlCuDFrcC1Y/1Lt9Ju++08VV6zWxKz+asrUleQ3S
sPPHOmLVlJlh8tRCY0gGaGzbwhTT0/6fODPlBZzvGQUxUJaSXsQDnY8fcU6D84CX
btojDN2Lobjy1SINcPNh8/Pav0h8AQ==
=22VP
-----END PGP SIGNATURE-----

2021-02-23

articles

2021년 2월 보안 릴리스

작성자: Daniel Bevenius
원문: February 2021 Security Releases
번역: outsideris

(2021년 2월 23일 업데이트) 보안 릴리스를 사용할 수 있습니다.

다음 이슈에 대해 v10.x, v12.x, v14.x, v15.x 버전의 Node.js 릴리스 라인의 업데이트를 이용할 수 있습니다.

HTTP2 'unknownProtocol’이 리소스 소진으로 인해 서비스 거부를 일으킵니다 (심각) (CVE-2021-22883)

'unknownProtocol’로 너무 많은 연결 시도가 이뤄질 때 영향받는 Node.js 버전은 서비스 거부 공격에
취약합니다. 이를 통해 파일 디스크립터가 유출될 수 있습니다. 시스템에 파일 디스크립터 제한이 설정되어
있다면 서버는 새로운 연결을 받을 수 없고 프로세스가 아무것도(예: 파일) 열지 못하도록 막을 것입니다.
파일 디스크립터 제한을 설정하지 않았다면 과도한 메모리 사용을 유발해 시스템
메모리 부족의 원인이 될 수 있습니다.

영향받는 버전:

15.x, 14.x, 12.x, 10.x 릴리스 라인의 모든 버전

이 취약점을 보고해 준 OMICRON 일렉트로닉스에게 감사드립니다.

–inspect의 DNS 리바인딩 (CVE-2021-22884)

화이트리스트가 "localhost6"을 포함하고 있을 때 영향받는 Node.js 버전은 DNS 리바인딩 공격에
취약합니다. "localhost6"가 /etc/hosts에 없으면 DNS를 통해(네트워크를 통해) 처리되는 평범한
도메인일 뿐입니다. 공격자가 피해자의 DNS 서버를 제어하거나 응답을 속일 수 있으면 “localhost6”
도메인을 사용해서 DNS 리바인딩 보호장치를 건너뛸 수 있습니다. 공격자가 “localhost6” 도메인을
사용할 수 있으면 CVE-2018-7160에 나온 공격을 계속 사용할 수 있습니다.

영향받는 버전:

15.x, 14.x, 12.x, 10.x 릴리스 라인의 모든 버전

이 취약점을 보고해 준 Vít Šesták에게 감사드립니다.

OpenSSL - CipherUpdate의 정수 오버플로 (CVE-2021-23840)

이는 Node.js에서 이용될 수 있는 OpenSSL의 취약점입니다.
자세한 내용은 https://www.openssl.org/news/secadv/20210216.txt에서 볼 수 있습니다.

영향받는 버전:

15.x, 14.x, 12.x, 10.x 릴리스 라인의 모든 버전