The NodeSource Blog

Node.js 6.10.2 Release Brief

This is a special, expedited release for the Node 6 LTS line containing important fixes for a couple recent regressions, including a crypto-related memory leak.

The regressions include:
* A memory leak in the crypto module, introduced in 6.10.1 * A regression in the windows repl, introduced in 6.10.0 * A V8 segfault when using spread syntax.

An upgrade to zlib 1.2.11 has also been included, as it fixes a number of low severity CVEs that were present in zlib 1.2.8.

As with all releases within major version lines, minor and patch upgrades should be drop-in replacements for previous versions.

Overview

Of a total of 7 commits:

The remaining significant commits are as follows:

  • [64fc5a4541] - Revert "Revert "repl: disable Ctrl+C support..." (Myles Borins) #12123
  • [5f644d2f6f] - crypto: fix memory leak if certificate is revoked (Tom Atkinson) #12089

Notable Changes

  • crypto: Fixed a memory leak for revoked certificates. (Tom Atkinson) #12089
  • repl: Reverted a commit that broke REPL display on Windows. (Myles Borins) #12123
  • V8: Backported a V8 fix for segfaulting spread syntax. (MichaĆ«l Zasso) #12037

Git Diffstats

(Showing the delta between v6.10.1 and v6.10.2, ignoring deps/npm.)

Without deps, tools, docs, benchmarks, or tests:

 lib/repl.js        | 11 +++++++++--
 src/node_crypto.cc |  8 ++++++--
 src/node_version.h |  2 +-
 3 files changed, 16 insertions(+), 5 deletions(-)

Deps only:

   0.0% deps/v8/include/
   0.0% deps/v8/src/ast/
   0.9% deps/v8/src/parsing/
   0.0% deps/v8/src/runtime/
   0.2% deps/v8/test/mjsunit/harmony/regress/
   0.1% deps/v8/test/mjsunit/regress/
  16.7% deps/zlib/as400/
   0.1% deps/zlib/contrib/ada/
   0.7% deps/zlib/contrib/blast/
   0.0% deps/zlib/contrib/delphi/
   0.0% deps/zlib/contrib/dotzlib/DotZLib/
   0.0% deps/zlib/contrib/dotzlib/
   0.0% deps/zlib/contrib/infback9/
   1.4% deps/zlib/contrib/minizip/
   0.0% deps/zlib/contrib/pascal/
   0.0% deps/zlib/contrib/puff/
   0.2% deps/zlib/contrib/vstudio/vc10/
   0.2% deps/zlib/contrib/vstudio/vc11/
   2.8% deps/zlib/contrib/vstudio/vc12/
   2.8% deps/zlib/contrib/vstudio/vc14/
   0.2% deps/zlib/contrib/vstudio/vc9/
   0.3% deps/zlib/contrib/vstudio/
   0.0% deps/zlib/contrib/
   0.1% deps/zlib/examples/
   0.0% deps/zlib/msdos/
   0.0% deps/zlib/old/os2/
   0.0% deps/zlib/old/
  17.7% deps/zlib/os400/
   0.2% deps/zlib/qnx/
   0.6% deps/zlib/test/
   0.3% deps/zlib/win32/
  52.9% deps/zlib/
 91 files changed, 3721 insertions(+), 2183 deletions(-)

Docs only:

 CHANGELOG.md                   |  3 ++-
 doc/changelogs/CHANGELOG_V6.md | 35 +++++++++++++++++++++++++++++++++++
 2 files changed, 37 insertions(+), 1 deletion(-)

Most active commit

Of the 7 commits, abe9132 was the most active:
(Excluding docs, npm, eslint, and tests.)

commit abe913201180f106e054e1803eaa8a857ec3c423
Author: Sam Roberts <vieuxtech@gmail.com>
Date:   Fri Jan 20 11:01:40 2017 -0800

    deps: upgrade zlib to 1.2.11

    PR-URL: https://github.com/nodejs/node/pull/10980
    Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
    Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>

  17.0% deps/zlib/as400/
   7.0% deps/zlib/contrib/vstudio/
  18.0% deps/zlib/os400/
  57.8% deps/zlib/
 83 files changed, 3646 insertions(+), 2164 deletions(-)

While not a routine or security release, if you're currently using Node.js 6.10.1 this release is important, as it resolves regressions in 6.10.1. If currently using 6.10.1, this is an important update. If using something prior to 6.10.1, this release has an otherwise normal update priority for the Node.js LTS release lines.