JavaScript News

jQuery’s Content Delivery Network: You Got Served!

January 14th, 2014

In 2013, MaxCDN joined the jQuery Foundation and stepped up to provide Content Delivery Network (CDN) services for the jQuery CDN at Files can now be requested through both HTTP and HTTPS (SSL) protocols, either to download to your own servers or to use directly on production web sites. MaxCDN’s infrastructure can reliably deliver…

DoS Vulnerability (fixed in Node v0.8.26 and v0.10.21)

October 22nd, 2013

Node.js is vulnerable to a denial of service attack when a client sends many pipelined HTTP requests on a single connection, and the client does not read the responses from the connection. We recommend that anyone using Node.js v0.8 or v0.10 to run HTTP servers in production please update as soon as possible. v0.10.21…

HTTP Server Security Vulnerability: Please upgrade to 0.6.17

May 7th, 2012

tl;dr A carefully crafted attack request can cause the contents of the HTTP parser’s buffer to be appended to the attacking request’s header, making it appear to come from the attacker. Since it is generally safe to echo back contents of a request, this can allow an attacker to get an otherwise correctly designed server…