The NodeSource Blog

Node.js 4.8.1 Release Brief

This routine monthly patch release for the Node 4 LTS line comes with some performance improvements for a couple APIs, newly enabled large heap statistics, and a good amount of bug fixes.

As with all releases within major version lines, minor and patch upgrades should be drop-in replacements for previous versions.

Overview

Of a total of 147 commits:

  • 41 were documentation-only commits.
  • 55 only modify tests and 4 only affect internal tooling.
  • 1 patch was backported from upstream V8:

The remaining significant commits are as follows:

  • [77f23ec5af] - assert: unlock the assert API (Rich Trott) #11304
  • [090037a41a] - assert: remove unneeded condition (Rich Trott) #11314
  • [75af859af7] - assert: apply minor refactoring (Rich Trott) #11511
  • [994f562858] - assert: update comments (Kai Cataldo) #10579
  • [14e57c1102] - benchmark: add more thorough timers benchmarks (Jeremiah Senkpiel) #10925
  • [850f85d96e] - benchmark: add benchmark for object properties (MichaĂ«l Zasso) #10949
  • [626875f2e4] - benchmark: don't lint autogenerated modules (Brian White) #10756
  • [9da6ebd73f] - benchmark: add dgram bind(+/- params) benchmark (Vse Mozhet Byt) #11313
  • [a597c11ba4] - benchmark: improve readability of net benchmarks (Brian White) #10446
  • [22c25dee92] - buffer: improve toJSON() performance (Brian White) #10895
  • [af3c21197d] - build: move source files from headers section (Daniel Bevenius) #10850
  • [4bb61553f0] - build: disable C4267 conversion compiler warning (Ben Noordhuis) #11205
  • [6a45ac0ea9] - build: fix newlines in addon build output (Brian White) #11466
  • [bfc553d55d] - build: fail on CI if leftover processes (Rich Trott) #11269
  • [094bfe66aa] - build: fix node_g target (Daniel Bevenius) #10153
  • [87db4f7225] - build: Don't regenerate node symlink (sxa555) #9827
  • [e0dc0ceb37] - build: don't squash signal handlers with--shared (Stewart X Addison) #10539
  • [4676eec382] - child_process: remove empty if condition (cjihrig) #11427
  • [2b867d2ae5] - child_process: refactor internal/child_process.js (Arseniy Maximov) #11366
  • [c9a92ff494] - crypto: return the retval of HMAC_Update (Travis Meisenheimer) #10891
  • [9c53e402d7] - crypto: freelist_max_len is gone in OpenSSL 1.1.0 (Adam Langley) #10859
  • [c6f6b029a1] - crypto: add cert check issued by StartCom/WoSign (Shigeki Ohtsu) #9469
  • [c56719f47a] - crypto: Remove expired certs from CNNIC whitelist (Shigeki Ohtsu) #9469
  • [b48f6ffc63] - crypto: use CHECK_NE instead of ABORT or abort (Sam Roberts) #10413
  • [35a660ee70] - crypto: fix handling of root_cert_store. (Adam Langley) #9409
  • [f9e121ead8] - dgram: fix possibly deoptimizing use of arguments (Vse Mozhet Byt)
  • [48b5097ea8] - http: make request.abort() destroy the socket (Luigi Pinca) #10818
  • [15231aa6e5] - http: reject control characters in http.request() (Ben Noordhuis) #8923
  • [fc2cd63998] - lib,src: support values > 4GB in heap statistics (Ben Noordhuis) #10186
  • [533d2bf0a9] - meta: add explicit deprecation and semver-major policy (James M Snell) #7964
  • [923309adef] - meta: remove Chris Dickinson from CTC (Chris Dickinson) #11267
  • [342c3e2bb4] - meta: adding Italo A. Casas PGP Fingerprint (Italo A. Casas) #11202
  • [434b00be8a] - meta: decharter the http working group (James M Snell) #10604
  • [a7df345921] - net: prefer === to == (Arseniy Maximov) #11513
  • [396688f075] - readline: refactor construct Interface (Jackson Tian) #4740
  • [a40f8429e6] - readline: update 6 comparions to strict (Umair Ishaq) #11078
  • [90d8e118fb] - src: add a missing space in node_os.cc (Alexey Orlenko) #10931
  • [279cb09cc3] - src: enable writev for pipe handles on Unix (Alexey Orlenko) #10677
  • [a557d6ce1d] - src: unconsume stream fix in internal http impl (Roee Kasher) #11015
  • [c4e1af712e] - src: remove unused typedef (Ben Noordhuis) #11322
  • [da2adb7133] - src: update http-parser link (Daniel Bevenius) #11477
  • [2f48001574] - src: use ABORT() macro instead of abort() (Evan Lucas) #9613
  • [a9eb093ce3] - src: fix memory leak introduced in 34febfbf4 (Ben Noordhuis) #9604
  • [53dd1a8539] - tls: do not crash on STARTTLS when OCSP requested (Fedor Indutny) #10706
  • [ef63af6006] - tty: avoid oob warning in TTYWrap::GetWindowSize() (Dmitry Tsvettsikh) #11454
  • [2c84601062] - util: don't init Debug if it's not needed yet (Bryan English) #8452

Notable Changes

  • buffer: The performance of .toJSON() is now up to 2859% faster on average. (Brian White) #10895
  • IPC: Batched writes have been enabled for process IPC on platforms that support Unix Domain Sockets. (Alexey Orlenko) #10677
    • Performance gains may be up to 40% for some workloads.
  • http: Control characters are now always rejected when using http.request(). (Ben Noordhuis) #8923
  • node: Heap statistics now support values larger than 4GB. (Ben Noordhuis) #10186

Git Diffstats

(Showing the delta between v4.8.0 and v4.8.1, ignoring deps/npm.)

Without deps, tools, docs, benchmarks, or tests:

 .eslintignore                 |    1 +
 .eslintrc                     |  116 -
 .eslintrc.yaml                |  116 +
 Makefile                      |   33 +-
 common.gypi                   |    4 +
 configure                     |   20 +-
 lib/.eslintrc                 |    4 -
 lib/.eslintrc.yaml            |    4 +
 lib/_http_client.js           |    8 +-
 lib/_http_server.js           |    4 +-
 lib/_tls_common.js            |    4 +-
 lib/_tls_wrap.js              |    7 +
 lib/assert.js                 |   85 +-
 lib/buffer.js                 |   12 +-
 lib/child_process.js          |    4 +-
 lib/dgram.js                  |    6 +-
 lib/internal/child_process.js |   46 +-
 lib/net.js                    |    5 +-
 lib/readline.js               |   27 +-
 lib/tty.js                    |    4 +-
 lib/util.js                   |    2 +-
 lib/v8.js                     |    4 +-
 node.gyp                      |    4 +-
 src/CNNICHashWhitelist.inc    | 5216 +++++----------------------------------
 src/StartComAndWoSignData.inc |   89 +
 src/env-inl.h                 |    8 +-
 src/env.h                     |   12 +-
 src/node.cc                   |    4 +-
 src/node_crypto.cc            |  185 +-
 src/node_crypto.h             |   27 +-
 src/node_http_parser.cc       |    2 +-
 src/node_os.cc                |    2 +-
 src/node_v8.cc                |   12 +-
 src/node_version.h            |    2 +-
 src/pipe_wrap.cc              |    4 +
 35 files changed, 1117 insertions(+), 4966 deletions(-)

Tools only:

 tools/test.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Deps only:

 deps/v8/include/v8-version.h                      |   2 +-
 deps/v8/src/runtime/runtime-debug.cc              |   3 +-
 deps/v8/test/mjsunit/regress/regress-5071.js      |  27 +++++
 .../pylib/gyp/generator/compile_commands_json.py  | 115 ++++++++++++++++++++
 4 files changed, 145 insertions(+), 2 deletions(-)

Docs only:

 AUTHORS                      |   2 +-
 CHANGELOG.md                 | 165 ++++++++++++++++++++++++++++++
 COLLABORATOR_GUIDE.md        | 224 ++++++++++++++++++++++++++++++++++++++---
 CONTRIBUTING.md              |  41 ++++----
 README.md                    |  71 +++++++------
 WORKING_GROUPS.md            |  16 ---
 doc/STYLE_GUIDE.md           |  63 ++++++++++++
 doc/api/addons.md            |   2 +-
 doc/api/assert.md            |  51 ++++++++--
 doc/api/buffer.md            |   4 +
 doc/api/child_process.md     |   6 +-
 doc/api/dgram.md             |  62 ++++++------
 doc/api/dns.md               |  26 ++++-
 doc/api/documentation.md     |   2 +-
 doc/api/domain.md            |  20 ++--
 doc/api/errors.md            |  62 ++++++++++--
 doc/api/fs.md                |   3 +-
 doc/api/http.md              |  22 ++--
 doc/api/net.md               |   9 +-
 doc/api/process.md           |   2 +-
 doc/api/punycode.md          |   2 +-
 doc/api/string_decoder.md    |   2 +-
 doc/api/util.md              |   2 +-
 doc/api/vm.md                |   2 +-
 doc/api/zlib.md              |  14 +--
 doc/api_assets/dnt_helper.js |  49 +++++++++
 doc/guides/maintaining-V8.md |   4 +-
 doc/guides/writing-tests.md  |  79 ++++++++++++++-
 doc/onboarding-extras.md     |   5 +-
 doc/onboarding.md            |   1 +
 doc/template.html            |   1 +
 31 files changed, 838 insertions(+), 176 deletions(-)

Tests & Benchmarks only:

   0.4% benchmark/buffers/
   1.3% benchmark/dgram/
   2.1% benchmark/misc/
   0.5% benchmark/net/
   3.5% benchmark/timers/
   2.0% test/doctool/
   3.5% test/fixtures/keys/fake-startcom-root-issued-certs/
  23.5% test/fixtures/keys/
   0.3% test/fixtures/
   0.1% test/gc/
   0.3% test/internet/
   1.9% test/known_issues/
  52.4% test/parallel/
   0.5% test/pseudo-tty/
   5.2% test/pummel/
   0.7% test/sequential/
   0.8% test/
 100 files changed, 1772 insertions(+), 405 deletions(-)

Most active commit

Of the 147 commits, c6f6b02 was the most active:
(Excluding docs, npm, eslint, and tests.)

commit c6f6b029a1140d8183acee2bad33031b045db23a
Author: Shigeki Ohtsu <ohtsu@ohtsu.org>
Date:   Fri Nov 4 18:19:20 2016 +0900

    crypto: add cert check issued by StartCom/WoSign

    When tls client connects to the server with certification issued by
    either StartCom or WoSign listed in StartComAndWoSignData.inc, check
    notBefore of the server certificate and CERT_REVOKED error returns if
    it is after 00:00:00 on October 21, 2016.

    See for details in
    https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/,
    https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html
    and
    https://support.apple.com/en-us/HT204132

    Fixes: https://github.com/nodejs/node/issues/9434
    PR-URL: https://github.com/nodejs/node/pull/9469
    Reviewed-By: James M Snell <jasnell@gmail.com>
    Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
    Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

 src/StartComAndWoSignData.inc                     | 89 ++++++++++++++++++++
 src/node_crypto.cc                                | 44 +++++++++-
 test/fixtures/keys/Makefile                       | 68 +++++++++++++++
 test/fixtures/keys/agent8-cert.pem                | 20 +++++
 test/fixtures/keys/agent8-csr.pem                 | 17 ++++
 test/fixtures/keys/agent8-key.pem                 | 27 ++++++
 test/fixtures/keys/agent8.cnf                     | 17 ++++
 test/fixtures/keys/agent9-cert.pem                | 20 +++++
 test/fixtures/keys/agent9-csr.pem                 | 17 ++++
 test/fixtures/keys/agent9-key.pem                 | 27 ++++++
 test/fixtures/keys/agent9.cnf                     | 17 ++++
 test/fixtures/keys/fake-startcom-root-cert.pem    | 22 +++++
 test/fixtures/keys/fake-startcom-root-csr.pem     | 18 ++++
 .../fixtures/keys/fake-startcom-root-database.txt |  2 +
 .../keys/fake-startcom-root-database.txt.attr     |  1 +
 .../keys/fake-startcom-root-database.txt.attr.old |  1 +
 .../keys/fake-startcom-root-database.txt.old      |  1 +
 .../keys/fake-startcom-root-issued-certs/01.pem   | 20 +++++
 .../keys/fake-startcom-root-issued-certs/02.pem   | 20 +++++
 test/fixtures/keys/fake-startcom-root-key.pem     | 27 ++++++
 test/fixtures/keys/fake-startcom-root-serial      |  1 +
 test/fixtures/keys/fake-startcom-root-serial.old  |  1 +
 test/fixtures/keys/fake-startcom-root.cnf         | 46 +++++++++++
 .../test-tls-startcom-wosign-whitelist.js         | 91 +++++++++++++++++++++
 24 files changed, 611 insertions(+), 3 deletions(-)

This is a regular and routine release for a Node.js LTS release line. We will be sure to let you know when a release contains a critical update and a recommendation to upgrade. Of course, we'd love you to upgrade, but this release is not critical unless you are experiencing one of the issues identified and fixed above.

The NodeSource platform offers a high-definition view of the performance, security and behavior of Node.js applications and functions.

Start for Free