Node.js v0.10.37 维护版本发布。该版本修复了 CVE-2015-0278 安全漏洞。该漏洞由于 libuv < 0.10.36 导致。详情请看 the CERT secure coding guide.
改进内容:
uv: update to 0.10.36 (CVE-2015-0278)
domains: fix stack clearing after error handled (Jonas Dohse)
buffer: reword Buffer.concat error message (Chris Dickinson)
console: allow Object.prototype fields as labels (Julien Gilli)
V8: log version in profiler log file (Ben Noordhuis)
http: fix performance regression for GET requests (Florin-Cristian Gavrila)
Source Code: http://nodejs.org/dist/v0.10.37/node-v0.10.37.tar.gz
Macintosh Installer (Universal): http://nodejs.org/dist/v0.10.37/node-v0.10.37.pkg
Windows Installer: http://nodejs.org/dist/v0.10.37/node-v0.10.37-x86.msi
Windows x64 Installer: http://nodejs.org/dist/v0.10.37/x64/node-v0.10.37-x64.msi
Windows x64 Files: http://nodejs.org/dist/v0.10.37/x64/
Linux 32-bit Binary: http://nodejs.org/dist/v0.10.37/node-v0.10.37-linux-x86.tar.gz
Linux 64-bit Binary: http://nodejs.org/dist/v0.10.37/node-v0.10.37-linux-x64.tar.gz
Solaris 32-bit Binary: http://nodejs.org/dist/v0.10.37/node-v0.10.37-sunos-x86.tar.gz
Solaris 64-bit Binary: http://nodejs.org/dist/v0.10.37/node-v0.10.37-sunos-x64.tar.gz
Other release files: http://nodejs.org/dist/v0.10.37/
Website: http://nodejs.org/docs/v0.10.37/
Documentation: http://nodejs.org/docs/v0.10.37/api/
软件详情:https://www.securecoding.cert.org/confluence/display/c/POS36-C.+Observe+correct+revocation+order+while+relinquishing+privileges
来自:开源中国社区
