The Nodesource Blog

#shoptalk Subscribe

Node.js v4.1.2 Release Summary and Stats

Almost two weeks since v4.1.1, we now have Node.js v4.1.2!

NOTICE: This update contains a critical DoS security fix. The issue has a CVSS v3 base score of 5.9 (Medium), and we recommend that you update as soon as possible.
For more info, please see our NOTICE: Node.js Denial of Service Vulnerability Fix blog post.

This update also contains the usual array of minor fixes and improvements.

Code Change Stats

Of a total of 40 commits:

  • 9 were documentation-only commits.
  • 4 only modify tests.
  • 4 of the commits consist of 2 dependency updates + patches:
    • libuv @ 1.7.5
    • v8 @ 4.5.103.35 (+ 2 upstreamed patches: 925b29f & 5fbb248)

The remaining significant commits are as follows:

  • [39b8730e8b] - async_wrap: ensure all objects have internal field (Trevor Norris) #3139
  • [99e66074d7] - async_wrap: update providers and add test (Trevor Norris) #3139
  • [7a58157d4e] - benchmark: update comment in common.js (Minwoo Jung) #2399
  • [9e9bfa4dc0] - build: iojs -> nodejs of release-urlbase (P.S.V.R) #3015
  • [8335ec7191] - build: fix some typos inside the configure script (P.S.V.R) #3016
  • [d6ac547d5d] - build,win: fix node.exe resource version (João Reis) #3053
  • [798dad24f4] - child_process: null channel handle on close (Fedor Indutny) #3041
  • [e5615854ea] - contextify: use CHECK instead of if (Oguz Bastemur) #3125
  • [f055a66a38] - crypto: enable FIPS only when configured with it (Fedor Indutny) #3153
  • [4c8d96bc30] - crypto: add more keylen sanity checks in pbkdf2 (Johann) #3029
  • [039f73fa83] - deps: remove and gitignore .bin directory (Ben Noordhuis) #3004
  • [6ee5d0f69f] - dns: add missing exports.BADNAME (Roman Reiss) #3051
  • [f638402e2f] - http: add comment about outputSize in res/server (Fedor Indutny) #3128
  • [99943e189d] - http: fix out-of-order 'finish' bug in pipelining (Fedor Indutny) #3128
  • [fb7a491d1c] - http_server: pause socket properly (Fedor Indutny) #3128
  • [a0b35bfcf3] - i18n: add caller to removal list for bidi in ICU55 (Michael Dawson) #3115
  • [ac2bce0b0c] - path: improve posixSplitPath performance (Evan Lucas) #3034
  • [37cdeafa2f] - smalloc: remove module (Brendan Ashworth) #3099
  • [5ec5d0aa8b] - src: internalize binding function property names (Ben Noordhuis) #3060
  • [c8175fc2af] - src: internalize per-isolate string properties (Ben Noordhuis) #3060
  • [9a593abc47] - src: include signal.h in util.h (Cheng Zhao) #3058
  • [fde0c6f321] - src: fix function and variable names in comments (Sakthipriyan Vairamani) #3039
  • [1cc7b41ba4] - stream_wrap: support empty TryWrites (Fedor Indutny) #3128
  • [d8ab4e185d] - util: optimize promise introspection (Ben Noordhuis) #3130

Notable Changes (extended)

  • http:
    • Fix out-of-order 'finish' event bug in pipelining that can abort execution, fixes DoS vulnerability CVE-2015-7384 (Fedor Indutny) #3128.
    • Account for pending response data instead of just the data on the current request to decide whether pause the socket or not (Fedor Indutny) #3128.
  • libuv: Upgraded from v1.7.4 to v1.7.5, see release notes for details (Saúl Ibarra Corretgé) #3010.
    • A better rwlock implementation for all Windows versions.
    • Improved AIX support.
  • v8:
    • Upgraded from v4.5.103.33 to v4.5.103.35 (Ali Ijaz Sheikh) #3117.
    • Comes with a minor security patch which prevents ](https://github.com/nodejs/node/commit/a0b35bfcf3 from working with access-checked objects.
    • Backported f782159 from v8's upstream to help speed up Promise introspection (Ben Noordhuis) #3130.
    • Backported c281c15 from v8's upstream to add JSTypedArray length in post-mortem metadata (Julien Gilli) #3031.
    • This allows post-mortem debugging tools to correctly inspect Buffers.

Git Diffstats

(Showing the delta between v4.1.1 and v4.1.2, ignoring deps/npm.)

Without deps, docs, or tests:

 .gitignore                    |  3 +++
 LICENSE                       | 51 ++++++++++++++++++-------------------------
 benchmark/common.js           |  2 +-
 configure                     |  6 ++---
 lib/_http_outgoing.js         | 29 +++++++++++++++++++-----
 lib/_http_server.js           | 21 ++++++++++++++++--
 lib/dns.js                    | 13 ++++++-----
 lib/internal/child_process.js |  1 +
 lib/path.js                   |  4 +++-
 lib/smalloc.js                |  7 ------
 lib/util.js                   | 18 ++++++++++++---
 node.gyp                      |  3 +++
 src/async-wrap-inl.h          |  9 ++++----
 src/async-wrap.h              |  6 ++---
 src/cares_wrap.cc             | 13 +++++++++++
 src/env-inl.h                 | 44 +++++++++++++++++++++++++++++++++----
 src/env.h                     |  4 +++-
 src/node.cc                   |  2 +-
 src/node.js                   |  7 +++---
 src/node_contextify.cc        |  5 +++--
 src/node_crypto.cc            | 19 +++++++++-------
 src/node_version.h            | 13 +++++++++--
 src/pipe_wrap.cc              |  2 +-
 src/res/node.rc               |  4 ++--
 src/stream_base.cc            |  2 +-
 src/stream_wrap.cc            |  2 +-
 src/tcp_wrap.cc               |  2 +-
 src/udp_wrap.cc               |  2 +-
 src/util.h                    |  1 +
 tools/icu/icu-generic.gyp     |  1 +
 30 files changed, 202 insertions(+), 94 deletions(-)

Deps only:

 deps/uv/AUTHORS                            |   1 +
 deps/uv/ChangeLog                          |  21 +++
 deps/uv/Makefile.am                        |   1 +
 deps/uv/appveyor.yml                       |   2 +-
 deps/uv/configure.ac                       |   2 +-
 deps/uv/include/uv-version.h               |   2 +-
 deps/uv/include/uv-win.h                   |  26 ++-
 deps/uv/src/unix/atomic-ops.h              |  12 ++
 deps/uv/src/unix/darwin.c                  |   6 +-
 deps/uv/src/unix/thread.c                  |  30 ++--
 deps/uv/src/win/thread.c                   | 280 ++++++++---------------------
 deps/uv/src/win/winapi.c                   |  28 ---
 deps/uv/src/win/winapi.h                   |  28 ---
 deps/uv/test/test-list.h                   |   2 +
 deps/uv/test/test-mutexes.c                |  59 ++++++
 deps/v8/include/v8-version.h               |   2 +-
 deps/v8/src/messages.h                     |   1 +
 deps/v8/src/mirror-debugger.js             |  11 +-
 deps/v8/src/object-observe.js              |   4 +
 deps/v8/src/runtime/runtime-object.cc      |   8 +
 deps/v8/src/runtime/runtime.h              |   3 +-
 deps/v8/src/scanner-character-streams.cc   |  38 +++-
 deps/v8/src/scanner-character-streams.h    |   4 +
 deps/v8/test/cctest/test-object-observe.cc |  36 ++++
 deps/v8/tools/gen-postmortem-metadata.py   |   1 +
 25 files changed, 299 insertions(+), 309 deletions(-)

Docs only:

 CHANGELOG.md                   |  67 ++++++++++++++++++++++++
 COLLABORATOR_GUIDE.md          |   2 +-
 doc/api/assert.markdown        |  32 ++++++++++--
 doc/api/child_process.markdown |  13 +++--
 doc/api/cluster.markdown       |   2 +-
 doc/api/crypto.markdown        |   9 +---
 doc/api/errors.markdown        |   2 +-
 doc/api/fs.markdown            |  13 ++---
 doc/releases.md                |  12 ++---
 doc/tsc-meetings/2015-09-16.md | 116 +++++++++++++++++++++++++++++++++++++++++
 10 files changed, 233 insertions(+), 35 deletions(-)

Tests only:

 test/common.js                                     |   2 +-
 test/disabled/test-sendfd.js                       |   2 +-
 test/fixtures/net-fd-passing-receiver.js           |   2 +-
 test/parallel/test-arm-math-exp-regress-1376.js    |   1 +
 test/parallel/test-async-wrap-check-providers.js   | 100 +++++++++++++++++++++
 test/parallel/test-bad-unicode.js                  |   1 +
 test/parallel/test-beforeexit-event-exit.js        |   1 +
 test/parallel/test-child-process-fork-exec-argv.js |   1 +
 .../test-child-process-fork-regr-gh-2847.js        |  40 +++++++++
 .../test-cluster-disconnect-before-exit.js         |   1 +
 .../test-cluster-disconnect-unshared-tcp.js        |   1 +
 .../test-cluster-disconnect-with-no-workers.js     |   1 +
 test/parallel/test-cluster-worker-events.js        |   1 +
 test/parallel/test-cluster-worker-forced-exit.js   |   1 +
 test/parallel/test-cluster-worker-isconnected.js   |   1 +
 test/parallel/test-cluster-worker-isdead.js        |   1 +
 test/parallel/test-crypto-pbkdf2.js                |  28 ++++++
 test/parallel/test-domain-enter-exit.js            |   1 +
 test/parallel/test-domain-nested.js                |   1 +
 test/parallel/test-domain-safe-exit.js             |   1 +
 test/parallel/test-event-emitter-errors.js         |   1 +
 test/parallel/test-file-read-noexist.js            |   4 +-
 test/parallel/test-freelist.js                     |   1 +
 test/parallel/test-fs-realpath.js                  |   1 -
 test/parallel/test-http-after-connect.js           |   8 +-
 test/parallel/test-http-client-read-in-error.js    |   1 +
 test/parallel/test-http-connect.js                 |   4 +-
 test/parallel/test-http-expect-continue.js         |  10 +--
 test/parallel/test-http-legacy.js                  |   8 +-
 test/parallel/test-http-pause.js                   |  12 +--
 test/parallel/test-http-pipe-fs.js                 |   4 +-
 test/parallel/test-http-pipeline-regr-2639.js      |  34 +++++++
 test/parallel/test-http-set-timeout.js             |   2 +-
 test/parallel/test-http.js                         |   8 +-
 test/parallel/test-https-drain.js                  |   8 +-
 test/parallel/test-module-loading-error.js         |   2 +-
 test/parallel/test-net-listen-close-server.js      |   2 +-
 test/parallel/test-net-listen-error.js             |   2 +-
 test/parallel/test-next-tick-doesnt-hang.js        |   1 +
 test/parallel/test-path-parse-format.js            |   1 +
 test/parallel/test-process-argv-0.js               |   1 +
 test/parallel/test-process-binding.js              |   1 +
 test/parallel/test-process-exec-argv.js            |   1 +
 test/parallel/test-process-exit-recursive.js       |   1 +
 test/parallel/test-readline-interface.js           |   1 +
 test/parallel/test-readline-keys.js                |   1 +
 test/parallel/test-readline-set-raw-mode.js        |   1 +
 test/parallel/test-readline-undefined-columns.js   |   1 +
 test/parallel/test-regress-GH-4256.js              |   1 +
 test/parallel/test-regress-GH-5927.js              |   1 +
 test/parallel/test-regress-GH-io-1068.js           |   1 +
 test/parallel/test-regress-GH-io-1811.js           |   1 +
 test/parallel/test-regress-GH-node-9326.js         |   1 +
 test/parallel/test-repl-tab.js                     |   1 +
 test/parallel/test-require-json.js                 |   1 +
 test/parallel/test-require-process.js              |   1 +
 test/parallel/test-stdin-pause-resume-sync.js      |   1 +
 test/parallel/test-stdin-pause-resume.js           |   1 +
 test/parallel/test-stdin-resume-pause.js           |   1 +
 test/parallel/test-string-decoder-end.js           |   1 +
 test/parallel/test-sync-io-option.js               |   1 +
 test/parallel/test-timer-close.js                  |   1 +
 test/parallel/test-timers-non-integer-delay.js     |   1 +
 test/parallel/test-timers-this.js                  |   1 +
 test/parallel/test-timers-unref-leak.js            |   1 +
 .../test-timers-unrefd-interval-still-fires.js     |   1 +
 test/parallel/test-tls-client-reject.js            |   4 +-
 test/parallel/test-tls-pause.js                    |   6 +-
 .../parallel/test-tls-peer-certificate-encoding.js |   2 +-
 .../test-tls-peer-certificate-multi-keys.js        |   2 +-
 test/parallel/test-tls-peer-certificate.js         |   2 +-
 test/parallel/test-util-log.js                     |   1 +
 test/pummel/test-net-many-clients.js               |   6 +-
 test/pummel/test-net-pause.js                      |   4 +-
 test/pummel/test-net-pingpong-delay.js             |   4 +-
 test/sequential/test-cluster-listening-port.js     |   1 +
 test/sequential/test-module-loading.js             |  20 ++---
 test/sequential/test-pump-file2tcp-noexist.js      |   4 +-
 test/sequential/test-stdout-to-file.js             |   2 +-
 test/sequential/test-vm-timeout-rethrow.js         |   1 +
 80 files changed, 318 insertions(+), 69 deletions(-)

Most active commit

Of the 40 commits, 4c59407 was the most active (not counting npm updates).

commit 4c5940776c1ae64268429cfb111bac8374296a02
Author: Saúl Ibarra Corretgé <saghul@gmail.com>
Date:   Tue Sep 22 22:00:38 2015 +0200

    deps: upgrade libuv to 1.7.5

    PR-URL: https://github.com/nodejs/node/pull/3010
    Reviewed-By: Rod Vagg <rod@vagg.org>
    Reviewed-By: Trevor Norris <trev.norris@gmail.com>
    Reviewed-By: Colin Ihrig <cjihrig@gmail.com>

 deps/uv/AUTHORS               |   1 +
 deps/uv/ChangeLog             |  21 ++++
 deps/uv/Makefile.am           |   1 +
 deps/uv/appveyor.yml          |   2 +-
 deps/uv/configure.ac          |   2 +-
 deps/uv/include/uv-version.h  |   2 +-
 deps/uv/include/uv-win.h      |  26 ++--
 deps/uv/src/unix/atomic-ops.h |  12 ++
 deps/uv/src/unix/darwin.c     |   6 +-
 deps/uv/src/unix/thread.c     |  30 +++--
 deps/uv/src/win/thread.c      | 280 ++++++++++++------------------------------
 deps/uv/src/win/winapi.c      |  28 -----
 deps/uv/src/win/winapi.h      |  28 -----
 deps/uv/test/test-list.h      |   2 +
 deps/uv/test/test-mutexes.c   |  59 +++++++++
 15 files changed, 209 insertions(+), 291 deletions(-)

These quick patch releases will become routine though v4’s stable lifecycle, and this will also continue into future stable release lines. There is a lot more effort being put into core than in the recent past and frequent releases mean that the work being done gets into your hands quicker.

Do note that this release fixes a critical security problem (DoS CVE-2015-7384) and it is recommended you upgrade as soon as possible.