JavaScript News

Angular 2: an MIT Open Source Licensed Framework

January 11th, 2016

Guest-blogger Max Sills is an attorney in Google’s Open Source Office, and our expert on all things legal related to Angular.  Enjoy!  – Naomi As of beta.2 this week, we’re moving Angular 2, its related libraries, and any code snippets and examples to the MIT license. Open source licenses are meant to protect developers by…

Angular 2 Beta

December 15th, 2015

We’re ecstatic to announce that we’ve reached Angular 2 Beta.  You can read about many of the improvements over Angular 1 in a recent post.  Get started learning Angular 2 now at What does ‘beta’ mean? Beta means we’re now confident that most developers can be successful building large applications using Angular 2. Through…

Angular Material 1.0 Now Available!

December 15th, 2015

The thirty two (32) Core UI components that make up the Angular Material 1.0 library are officially released and ready for you to put them to work in your AngularJS applications. Thanks to the many contributors, from both Google and the open-source community, who worked through the release candidate shakedown cruise over the past weeks….

December Security Release Summary

December 4th, 2015

Last week we announced the planned release of patch updates to the v0.12.x, v4.x and v5.x lines to fix two vulnerabilities. That was further amended by the announcement of OpenSSL updates with fixes for vulnerabilities labelled medium severity. The OpenSSL update impacts all active release lines, including v0.10.x. Today we have released Node.js v0.10.41 (Maintenance),…

December Security Release Schedule Update

December 1st, 2015

The OpenSSL project announced today that they will be releasing security updates for versions 1.0.2, 1.0.1, 1.0.0 and 0.9.8 on the 3rd of December UTC. The updates will fix a number of security defects, the highest of which is classified as “moderate” severity according to their severity scale: MODERATE Severity. This includes issues like crashes…

CVE-2015-8027 Denial of Service Vulnerability / CVE-2015-6764 V8 Out-of-bounds Access Vulnerability

November 26th, 2015

This announcement is for: CVE-2015-8027: a high-impact denial of service vulnerability CVE-2015-6764: a low-impact V8 out-of-bounds access vulnerability CVE-2015-8027 Denial of Service Vulnerability Description and CVSS Score A bug exists in Node.js, all versions of v0.12.x through to v5.x inclusive, whereby an external attacker can cause a denial of service. The severity of this issue…

V8 Memory Corruption and Stack Overflow (fixed in Node v0.8.28 and v0.10.30)

July 31st, 2014

A memory corruption vulnerability, which results in a denial-of-service, was identified in the versions of V8 that ship with Node.js 0.8 and 0.10. In certain circumstances, a particularly deep recursive workload that may trigger a GC and receive an interrupt may overflow the stack and result in a segmentation fault. For instance, if your work…

OpenSSL and Breaking UTF-8 Change (fixed in Node v0.8.27 and v0.10.29)

June 16th, 2014

Today we are releasing new versions of Node: node-v0.8.27 node-v0.10.29 First and foremost these releases address the current OpenSSL vulnerability CVE-2014-0224, for both 0.8 and 0.10 we’ve upgraded the version of the bundled OpenSSL to their fixed versions v1.0.0m and v1.0.1h respectively. Additionally these releases address the fact that V8 UTF-8 encoding would allow unmatched…

jQuery’s Content Delivery Network: You Got Served!

January 14th, 2014

In 2013, MaxCDN joined the jQuery Foundation and stepped up to provide Content Delivery Network (CDN) services for the jQuery CDN at Files can now be requested through both HTTP and HTTPS (SSL) protocols, either to download to your own servers or to use directly on production web sites. MaxCDN’s infrastructure can reliably deliver…

DoS Vulnerability (fixed in Node v0.8.26 and v0.10.21)

October 22nd, 2013

Node.js is vulnerable to a denial of service attack when a client sends many pipelined HTTP requests on a single connection, and the client does not read the responses from the connection. We recommend that anyone using Node.js v0.8 or v0.10 to run HTTP servers in production please update as soon as possible. v0.10.21…