Skip to content

Commit f1cefdc

Browse files
rvaggrvagg
committed
2019-02-28, Version 11.10.1 (Current)
This is a security release. All Node.js users should consult the security release summary at: https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/ for details on patched vulnerabilities. A fix for the following CVE is included in this release: * Node.js: Slowloris HTTP Denial of Service with keep-alive (CVE-2019-5737) Notable Changes: * http: Further prevention of "Slowloris" attacks on HTTP and HTTPS connections by consistently applying the receive timeout set by `server.headersTimeout` to connections in keep-alive mode. Reported by Marco Pracucci (https://voxnest.com). (CVE-2019-5737 / Matteo Collina) PR-URL: nodejs-private/node-private#163
1 parent 667b31b commit f1cefdc

2 files changed

Lines changed: 24 additions & 1 deletion

File tree

CHANGELOG.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,8 @@ release.
2828
</tr>
2929
<tr>
3030
<td valign="top">
31-
<b><a href="doc/changelogs/CHANGELOG_V11.md#11.10.0">11.10.0</a></b><br/>
31+
<b><a href="doc/changelogs/CHANGELOG_V11.md#11.10.1">11.10.1</a></b><br/>
32+
<a href="doc/changelogs/CHANGELOG_V11.md#11.10.0">11.10.0</a><br/>
3233
<a href="doc/changelogs/CHANGELOG_V11.md#11.9.0">11.9.0</a><br/>
3334
<a href="doc/changelogs/CHANGELOG_V11.md#11.8.0">11.8.0</a><br/>
3435
<a href="doc/changelogs/CHANGELOG_V11.md#11.7.0">11.7.0</a><br/>

doc/changelogs/CHANGELOG_V11.md

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@
99
</tr>
1010
<tr>
1111
<td>
12+
<a href="#11.10.1">11.10.1</a><br/>
1213
<a href="#11.10.0">11.10.0</a><br/>
1314
<a href="#11.9.0">11.9.0</a><br/>
1415
<a href="#11.8.0">11.8.0</a><br/>
@@ -37,6 +38,27 @@
3738
* [io.js](CHANGELOG_IOJS.md)
3839
* [Archive](CHANGELOG_ARCHIVE.md)
3940

41+
<a id="11.10.1"></a>
42+
## 2019-02-28, Version 11.10.1 (Current), @rvagg
43+
44+
This is a security release. All Node.js users should consult the security release summary at:
45+
46+
https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/
47+
48+
for details on patched vulnerabilities.
49+
50+
A fix for the following CVE is included in this release:
51+
52+
* Node.js: Slowloris HTTP Denial of Service with keep-alive (CVE-2019-5737)
53+
54+
### Notable Changes
55+
56+
* **http**: Further prevention of "Slowloris" attacks on HTTP and HTTPS connections by consistently applying the receive timeout set by `server.headersTimeout` to connections in keep-alive mode. Reported by Marco Pracucci ([Voxnest](https://voxnest.com)). (CVE-2019-5737 / Matteo Collina)
57+
58+
### Commits
59+
60+
* [[`05534a24ca`](https://github.com/nodejs/node/commit/05534a24ca)] - **http**: prevent slowloris with keepalive connections (Matteo Collina) [nodejs-private/node-private#158](https://github.com/nodejs-private/node-private/pull/158)
61+
4062
<a id="11.10.0"></a>
4163
## 2019-02-14, Version 11.10.0 (Current), @targos
4264

0 commit comments

Comments
 (0)