Node.js 6.9.5 Release Brief
Node.js 6.9.5 is exclusively a security release, with an update to OpenSSL 1.0.2k. While the OpenSSL team have said this is at most a moderate update, the Node.js Crypto team (Ben Noordhuis, Shigeki Ohtsu and Fedor Indutny) have determined that the impact of the OpenSSL vulnerability is low. You can learn more about the details of how they came to this conclusion on the Node.js blog.
As with all releases within major version lines, minor and patch upgrades should be drop-in replacements for previous versions.
Overview
This release contains only 7 commits, all of which are part of the upgrade to OpenSSL @ 1.0.2k.
- [
87ac44974a] - deps: update openssl asm and asm_obsolete files (Shigeki Ohtsu) #11021 - [
a4b43a7ef9] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) nodejs/io.js#1836 - [
f5b77fdf8d] - deps: fix asm build error of openssl in x86_win32 (Shigeki Ohtsu) iojs/io.js#1389 - [
58fae148fa] - deps: fix openssl assembly error on ia32 win32 (Fedor Indutny) iojs/io.js#1389 - [
d623e8c5b9] - deps: copy all openssl header files to include dir (Shigeki Ohtsu) #11021 - [
3f2bef60b8] - deps: upgrade openssl sources to 1.0.2k (Shigeki Ohtsu) #11021 - [
c4678d2f9a] - openssl: fix keypress requirement in apps on win32 (Shigeki Ohtsu) iojs/io.js#1389
Git Diffstats
(Showing the delta between v6.9.4 and v6.9.5, ignoring deps/npm.)
Without deps, tools, docs, benchmarks, or tests:
src/node_version.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Deps only:
0.2% deps/openssl/asm/x64-elf-gas/bn/
0.2% deps/openssl/asm/x64-macosx-gas/bn/
0.2% deps/openssl/asm/x64-win32-masm/bn/
0.0% deps/openssl/asm_obsolete/x64-elf-gas/bn/
0.0% deps/openssl/asm_obsolete/x64-macosx-gas/bn/
0.0% deps/openssl/asm_obsolete/x64-win32-masm/bn/
9.2% deps/openssl/openssl/apps/
0.8% deps/openssl/openssl/crypto/aes/asm/
0.6% deps/openssl/openssl/crypto/asn1/
0.8% deps/openssl/openssl/crypto/bn/asm/
0.7% deps/openssl/openssl/crypto/bn/
0.1% deps/openssl/openssl/crypto/cms/
0.0% deps/openssl/openssl/crypto/dh/
0.0% deps/openssl/openssl/crypto/dsa/
1.8% deps/openssl/openssl/crypto/ec/
0.1% deps/openssl/openssl/crypto/ecdh/
0.0% deps/openssl/openssl/crypto/err/
5.4% deps/openssl/openssl/crypto/evp/
0.2% deps/openssl/openssl/crypto/modes/
0.7% deps/openssl/openssl/crypto/perlasm/
0.7% deps/openssl/openssl/crypto/rsa/
9.9% deps/openssl/openssl/crypto/ui/
0.7% deps/openssl/openssl/crypto/
0.0% deps/openssl/openssl/demos/easy_tls/
0.7% deps/openssl/openssl/doc/apps/
1.5% deps/openssl/openssl/doc/crypto/
7.0% deps/openssl/openssl/doc/ssl/
0.1% deps/openssl/openssl/engines/ccgost/
0.9% deps/openssl/openssl/include/openssl/
27.8% deps/openssl/openssl/ssl/
1.2% deps/openssl/openssl/util/
27.1% deps/openssl/openssl/
114 files changed, 875 insertions(+), 681 deletions(-)
Docs only:
CHANGELOG.md | 3 ++-
doc/changelogs/CHANGELOG_V6.md | 27 ++++++++++++++++++++++++++-
2 files changed, 28 insertions(+), 2 deletions(-)
Most active commit
Of the 7 commits, d623e8c was the most active:
(Excluding docs, npm, eslint, and tests.)
commit d623e8c5b9094f7cfcd9619a1a292b32873d0d8b
Author: Shigeki Ohtsu <ohtsu@ohtsu.org>
Date: Fri Jan 27 00:48:11 2017 +0900
deps: copy all openssl header files to include dir
All symlink files in `deps/openssl/openssl/include/openssl/`
are removed and replaced with real header files to avoid
issues on Windows. Two files of opensslconf.h in crypto and
include dir are replaced to refer config/opensslconf.h.
PR-URL: https://github.com/nodejs/node/pull/11021
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
99.5% deps/openssl/openssl/include/openssl/
76 files changed, 38406 insertions(+), 265 deletions(-)
This is low-severity security release for a Node.js LTS release line. Do note that while we assess the security issues as being low-impact to Node.js, we still suggest you upgrade so as to avoid anything unforeseen.