The NodeSource Blog

Node.js 4.8.1 Release Brief

This routine monthly patch release for the Node 4 LTS line comes with some performance improvements for a couple APIs, newly enabled large heap statistics, and a good amount of bug fixes.

As with all releases within major version lines, minor and patch upgrades should be drop-in replacements for previous versions.

Overview

Of a total of 147 commits:

  • 41 were documentation-only commits.
  • 55 only modify tests and 4 only affect internal tooling.
  • 1 patch was backported from upstream V8:

The remaining significant commits are as follows:

  • [77f23ec5af] - assert: unlock the assert API (Rich Trott) #11304
  • [090037a41a] - assert: remove unneeded condition (Rich Trott) #11314
  • [75af859af7] - assert: apply minor refactoring (Rich Trott) #11511
  • [994f562858] - assert: update comments (Kai Cataldo) #10579
  • [14e57c1102] - benchmark: add more thorough timers benchmarks (Jeremiah Senkpiel) #10925
  • [850f85d96e] - benchmark: add benchmark for object properties (Michaël Zasso) #10949
  • [626875f2e4] - benchmark: don't lint autogenerated modules (Brian White) #10756
  • [9da6ebd73f] - benchmark: add dgram bind(+/- params) benchmark (Vse Mozhet Byt) #11313
  • [a597c11ba4] - benchmark: improve readability of net benchmarks (Brian White) #10446
  • [22c25dee92] - buffer: improve toJSON() performance (Brian White) #10895
  • [af3c21197d] - build: move source files from headers section (Daniel Bevenius) #10850
  • [4bb61553f0] - build: disable C4267 conversion compiler warning (Ben Noordhuis) #11205
  • [6a45ac0ea9] - build: fix newlines in addon build output (Brian White) #11466
  • [bfc553d55d] - build: fail on CI if leftover processes (Rich Trott) #11269
  • [094bfe66aa] - build: fix node_g target (Daniel Bevenius) #10153
  • [87db4f7225] - build: Don't regenerate node symlink (sxa555) #9827
  • [e0dc0ceb37] - build: don't squash signal handlers with--shared (Stewart X Addison) #10539
  • [4676eec382] - child_process: remove empty if condition (cjihrig) #11427
  • [2b867d2ae5] - child_process: refactor internal/child_process.js (Arseniy Maximov) #11366
  • [c9a92ff494] - crypto: return the retval of HMAC_Update (Travis Meisenheimer) #10891
  • [9c53e402d7] - crypto: freelist_max_len is gone in OpenSSL 1.1.0 (Adam Langley) #10859
  • [c6f6b029a1] - crypto: add cert check issued by StartCom/WoSign (Shigeki Ohtsu) #9469
  • [c56719f47a] - crypto: Remove expired certs from CNNIC whitelist (Shigeki Ohtsu) #9469
  • [b48f6ffc63] - crypto: use CHECK_NE instead of ABORT or abort (Sam Roberts) #10413
  • [35a660ee70] - crypto: fix handling of root_cert_store. (Adam Langley) #9409
  • [f9e121ead8] - dgram: fix possibly deoptimizing use of arguments (Vse Mozhet Byt)
  • [48b5097ea8] - http: make request.abort() destroy the socket (Luigi Pinca) #10818
  • [15231aa6e5] - http: reject control characters in http.request() (Ben Noordhuis) #8923
  • [fc2cd63998] - lib,src: support values > 4GB in heap statistics (Ben Noordhuis) #10186
  • [533d2bf0a9] - meta: add explicit deprecation and semver-major policy (James M Snell) #7964
  • [923309adef] - meta: remove Chris Dickinson from CTC (Chris Dickinson) #11267
  • [342c3e2bb4] - meta: adding Italo A. Casas PGP Fingerprint (Italo A. Casas) #11202
  • [434b00be8a] - meta: decharter the http working group (James M Snell) #10604
  • [a7df345921] - net: prefer === to == (Arseniy Maximov) #11513
  • [396688f075] - readline: refactor construct Interface (Jackson Tian) #4740
  • [a40f8429e6] - readline: update 6 comparions to strict (Umair Ishaq) #11078
  • [90d8e118fb] - src: add a missing space in node_os.cc (Alexey Orlenko) #10931
  • [279cb09cc3] - src: enable writev for pipe handles on Unix (Alexey Orlenko) #10677
  • [a557d6ce1d] - src: unconsume stream fix in internal http impl (Roee Kasher) #11015
  • [c4e1af712e] - src: remove unused typedef (Ben Noordhuis) #11322
  • [da2adb7133] - src: update http-parser link (Daniel Bevenius) #11477
  • [2f48001574] - src: use ABORT() macro instead of abort() (Evan Lucas) #9613
  • [a9eb093ce3] - src: fix memory leak introduced in 34febfbf4 (Ben Noordhuis) #9604
  • [53dd1a8539] - tls: do not crash on STARTTLS when OCSP requested (Fedor Indutny) #10706
  • [ef63af6006] - tty: avoid oob warning in TTYWrap::GetWindowSize() (Dmitry Tsvettsikh) #11454
  • [2c84601062] - util: don't init Debug if it's not needed yet (Bryan English) #8452

Notable Changes

  • buffer: The performance of .toJSON() is now up to 2859% faster on average. (Brian White) #10895
  • IPC: Batched writes have been enabled for process IPC on platforms that support Unix Domain Sockets. (Alexey Orlenko) #10677
    • Performance gains may be up to 40% for some workloads.
  • http: Control characters are now always rejected when using http.request(). (Ben Noordhuis) #8923
  • node: Heap statistics now support values larger than 4GB. (Ben Noordhuis) #10186

Git Diffstats

(Showing the delta between v4.8.0 and v4.8.1, ignoring deps/npm.)

Without deps, tools, docs, benchmarks, or tests:

 .eslintignore                 |    1 +
 .eslintrc                     |  116 -
 .eslintrc.yaml                |  116 +
 Makefile                      |   33 +-
 common.gypi                   |    4 +
 configure                     |   20 +-
 lib/.eslintrc                 |    4 -
 lib/.eslintrc.yaml            |    4 +
 lib/_http_client.js           |    8 +-
 lib/_http_server.js           |    4 +-
 lib/_tls_common.js            |    4 +-
 lib/_tls_wrap.js              |    7 +
 lib/assert.js                 |   85 +-
 lib/buffer.js                 |   12 +-
 lib/child_process.js          |    4 +-
 lib/dgram.js                  |    6 +-
 lib/internal/child_process.js |   46 +-
 lib/net.js                    |    5 +-
 lib/readline.js               |   27 +-
 lib/tty.js                    |    4 +-
 lib/util.js                   |    2 +-
 lib/v8.js                     |    4 +-
 node.gyp                      |    4 +-
 src/CNNICHashWhitelist.inc    | 5216 +++++----------------------------------
 src/StartComAndWoSignData.inc |   89 +
 src/env-inl.h                 |    8 +-
 src/env.h                     |   12 +-
 src/node.cc                   |    4 +-
 src/node_crypto.cc            |  185 +-
 src/node_crypto.h             |   27 +-
 src/node_http_parser.cc       |    2 +-
 src/node_os.cc                |    2 +-
 src/node_v8.cc                |   12 +-
 src/node_version.h            |    2 +-
 src/pipe_wrap.cc              |    4 +
 35 files changed, 1117 insertions(+), 4966 deletions(-)

Tools only:

 tools/test.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Deps only:

 deps/v8/include/v8-version.h                      |   2 +-
 deps/v8/src/runtime/runtime-debug.cc              |   3 +-
 deps/v8/test/mjsunit/regress/regress-5071.js      |  27 +++++
 .../pylib/gyp/generator/compile_commands_json.py  | 115 ++++++++++++++++++++
 4 files changed, 145 insertions(+), 2 deletions(-)

Docs only:

 AUTHORS                      |   2 +-
 CHANGELOG.md                 | 165 ++++++++++++++++++++++++++++++
 COLLABORATOR_GUIDE.md        | 224 ++++++++++++++++++++++++++++++++++++++---
 CONTRIBUTING.md              |  41 ++++----
 README.md                    |  71 +++++++------
 WORKING_GROUPS.md            |  16 ---
 doc/STYLE_GUIDE.md           |  63 ++++++++++++
 doc/api/addons.md            |   2 +-
 doc/api/assert.md            |  51 ++++++++--
 doc/api/buffer.md            |   4 +
 doc/api/child_process.md     |   6 +-
 doc/api/dgram.md             |  62 ++++++------
 doc/api/dns.md               |  26 ++++-
 doc/api/documentation.md     |   2 +-
 doc/api/domain.md            |  20 ++--
 doc/api/errors.md            |  62 ++++++++++--
 doc/api/fs.md                |   3 +-
 doc/api/http.md              |  22 ++--
 doc/api/net.md               |   9 +-
 doc/api/process.md           |   2 +-
 doc/api/punycode.md          |   2 +-
 doc/api/string_decoder.md    |   2 +-
 doc/api/util.md              |   2 +-
 doc/api/vm.md                |   2 +-
 doc/api/zlib.md              |  14 +--
 doc/api_assets/dnt_helper.js |  49 +++++++++
 doc/guides/maintaining-V8.md |   4 +-
 doc/guides/writing-tests.md  |  79 ++++++++++++++-
 doc/onboarding-extras.md     |   5 +-
 doc/onboarding.md            |   1 +
 doc/template.html            |   1 +
 31 files changed, 838 insertions(+), 176 deletions(-)

Tests & Benchmarks only:

   0.4% benchmark/buffers/
   1.3% benchmark/dgram/
   2.1% benchmark/misc/
   0.5% benchmark/net/
   3.5% benchmark/timers/
   2.0% test/doctool/
   3.5% test/fixtures/keys/fake-startcom-root-issued-certs/
  23.5% test/fixtures/keys/
   0.3% test/fixtures/
   0.1% test/gc/
   0.3% test/internet/
   1.9% test/known_issues/
  52.4% test/parallel/
   0.5% test/pseudo-tty/
   5.2% test/pummel/
   0.7% test/sequential/
   0.8% test/
 100 files changed, 1772 insertions(+), 405 deletions(-)

Most active commit

Of the 147 commits, c6f6b02 was the most active:
(Excluding docs, npm, eslint, and tests.)

commit c6f6b029a1140d8183acee2bad33031b045db23a
Author: Shigeki Ohtsu <ohtsu@ohtsu.org>
Date:   Fri Nov 4 18:19:20 2016 +0900

    crypto: add cert check issued by StartCom/WoSign

    When tls client connects to the server with certification issued by
    either StartCom or WoSign listed in StartComAndWoSignData.inc, check
    notBefore of the server certificate and CERT_REVOKED error returns if
    it is after 00:00:00 on October 21, 2016.

    See for details in
    https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/,
    https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html
    and
    https://support.apple.com/en-us/HT204132

    Fixes: https://github.com/nodejs/node/issues/9434
    PR-URL: https://github.com/nodejs/node/pull/9469
    Reviewed-By: James M Snell <jasnell@gmail.com>
    Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
    Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

 src/StartComAndWoSignData.inc                     | 89 ++++++++++++++++++++
 src/node_crypto.cc                                | 44 +++++++++-
 test/fixtures/keys/Makefile                       | 68 +++++++++++++++
 test/fixtures/keys/agent8-cert.pem                | 20 +++++
 test/fixtures/keys/agent8-csr.pem                 | 17 ++++
 test/fixtures/keys/agent8-key.pem                 | 27 ++++++
 test/fixtures/keys/agent8.cnf                     | 17 ++++
 test/fixtures/keys/agent9-cert.pem                | 20 +++++
 test/fixtures/keys/agent9-csr.pem                 | 17 ++++
 test/fixtures/keys/agent9-key.pem                 | 27 ++++++
 test/fixtures/keys/agent9.cnf                     | 17 ++++
 test/fixtures/keys/fake-startcom-root-cert.pem    | 22 +++++
 test/fixtures/keys/fake-startcom-root-csr.pem     | 18 ++++
 .../fixtures/keys/fake-startcom-root-database.txt |  2 +
 .../keys/fake-startcom-root-database.txt.attr     |  1 +
 .../keys/fake-startcom-root-database.txt.attr.old |  1 +
 .../keys/fake-startcom-root-database.txt.old      |  1 +
 .../keys/fake-startcom-root-issued-certs/01.pem   | 20 +++++
 .../keys/fake-startcom-root-issued-certs/02.pem   | 20 +++++
 test/fixtures/keys/fake-startcom-root-key.pem     | 27 ++++++
 test/fixtures/keys/fake-startcom-root-serial      |  1 +
 test/fixtures/keys/fake-startcom-root-serial.old  |  1 +
 test/fixtures/keys/fake-startcom-root.cnf         | 46 +++++++++++
 .../test-tls-startcom-wosign-whitelist.js         | 91 +++++++++++++++++++++
 24 files changed, 611 insertions(+), 3 deletions(-)

This is a regular and routine release for a Node.js LTS release line. We will be sure to let you know when a release contains a critical update and a recommendation to upgrade. Of course, we'd love you to upgrade, but this release is not critical unless you are experiencing one of the issues identified and fixed above.