JavaScript News

Angular 2 templates: Will it parse?

February 3rd, 2016

As part of the beta release, we eliminated the requirement for kebab-case in Angular templates and replaced them with case-sensitive names for attributes. This makes it easier for you to write Angular 2 templates that are consistent with naming conventions used in directives. For example, where you would previously write:   <my-widget (some-event)=”someAction()” [some-property]=”expression” #some-var>…

OpenSSL upgrade low-severity Node.js security fixes

January 27th, 2016

(Updates to this post, including a schedule change are included below) Summary The Node.js project will be releasing new versions across all of its active release lines early next week (possibly sooner, pending full impact assessment) to incorporate upstream patches from OpenSSL and some additional low-severity fixes relating to HTTP handling. Please read on for…

Angular 2: an MIT Open Source Licensed Framework

January 11th, 2016

Guest-blogger Max Sills is an attorney in Google’s Open Source Office, and our expert on all things legal related to Angular.  Enjoy!  – Naomi As of beta.2 this week, we’re moving Angular 2, its related libraries, and any code snippets and examples to the MIT license. Open source licenses are meant to protect developers by…

Angular 2 Beta

December 15th, 2015

We’re ecstatic to announce that we’ve reached Angular 2 Beta.  You can read about many of the improvements over Angular 1 in a recent post.  Get started learning Angular 2 now at What does ‘beta’ mean? Beta means we’re now confident that most developers can be successful building large applications using Angular 2. Through…

Angular Material 1.0 Now Available!

December 15th, 2015

The thirty two (32) Core UI components that make up the Angular Material 1.0 library are officially released and ready for you to put them to work in your AngularJS applications. Thanks to the many contributors, from both Google and the open-source community, who worked through the release candidate shakedown cruise over the past weeks….

December Security Release Summary

December 4th, 2015

Last week we announced the planned release of patch updates to the v0.12.x, v4.x and v5.x lines to fix two vulnerabilities. That was further amended by the announcement of OpenSSL updates with fixes for vulnerabilities labelled medium severity. The OpenSSL update impacts all active release lines, including v0.10.x. Today we have released Node.js v0.10.41 (Maintenance),…

December Security Release Schedule Update

December 1st, 2015

The OpenSSL project announced today that they will be releasing security updates for versions 1.0.2, 1.0.1, 1.0.0 and 0.9.8 on the 3rd of December UTC. The updates will fix a number of security defects, the highest of which is classified as “moderate” severity according to their severity scale: MODERATE Severity. This includes issues like crashes…

CVE-2015-8027 Denial of Service Vulnerability / CVE-2015-6764 V8 Out-of-bounds Access Vulnerability

November 26th, 2015

This announcement is for: CVE-2015-8027: a high-impact denial of service vulnerability CVE-2015-6764: a low-impact V8 out-of-bounds access vulnerability CVE-2015-8027 Denial of Service Vulnerability Description and CVSS Score A bug exists in Node.js, all versions of v0.12.x through to v5.x inclusive, whereby an external attacker can cause a denial of service. The severity of this issue…

V8 Memory Corruption and Stack Overflow (fixed in Node v0.8.28 and v0.10.30)

July 31st, 2014

A memory corruption vulnerability, which results in a denial-of-service, was identified in the versions of V8 that ship with Node.js 0.8 and 0.10. In certain circumstances, a particularly deep recursive workload that may trigger a GC and receive an interrupt may overflow the stack and result in a segmentation fault. For instance, if your work…

OpenSSL and Breaking UTF-8 Change (fixed in Node v0.8.27 and v0.10.29)

June 16th, 2014

Today we are releasing new versions of Node: node-v0.8.27 node-v0.10.29 First and foremost these releases address the current OpenSSL vulnerability CVE-2014-0224, for both 0.8 and 0.10 we’ve upgraded the version of the bundled OpenSSL to their fixed versions v1.0.0m and v1.0.1h respectively. Additionally these releases address the fact that V8 UTF-8 encoding would allow unmatched…