Menu

JavaScript News

Angular Material 1.0 Now Available!

December 15th, 2015

The thirty two (32) Core UI components that make up the Angular Material 1.0 library are officially released and ready for you to put them to work in your AngularJS applications. Thanks to the many contributors, from both Google and the open-source community, who worked through the release candidate shakedown cruise over the past weeks….

December Security Release Summary

December 4th, 2015

Last week we announced the planned release of patch updates to the v0.12.x, v4.x and v5.x lines to fix two vulnerabilities. That was further amended by the announcement of OpenSSL updates with fixes for vulnerabilities labelled medium severity. The OpenSSL update impacts all active release lines, including v0.10.x. Today we have released Node.js v0.10.41 (Maintenance),…

December Security Release Schedule Update

December 1st, 2015

The OpenSSL project announced today that they will be releasing security updates for versions 1.0.2, 1.0.1, 1.0.0 and 0.9.8 on the 3rd of December UTC. The updates will fix a number of security defects, the highest of which is classified as “moderate” severity according to their severity scale: MODERATE Severity. This includes issues like crashes…

CVE-2015-8027 Denial of Service Vulnerability / CVE-2015-6764 V8 Out-of-bounds Access Vulnerability

November 26th, 2015

This announcement is for: CVE-2015-8027: a high-impact denial of service vulnerability CVE-2015-6764: a low-impact V8 out-of-bounds access vulnerability CVE-2015-8027 Denial of Service Vulnerability Description and CVSS Score A bug exists in Node.js, all versions of v0.12.x through to v5.x inclusive, whereby an external attacker can cause a denial of service. The severity of this issue…

V8 Memory Corruption and Stack Overflow (fixed in Node v0.8.28 and v0.10.30)

July 31st, 2014

A memory corruption vulnerability, which results in a denial-of-service, was identified in the versions of V8 that ship with Node.js 0.8 and 0.10. In certain circumstances, a particularly deep recursive workload that may trigger a GC and receive an interrupt may overflow the stack and result in a segmentation fault. For instance, if your work…

OpenSSL and Breaking UTF-8 Change (fixed in Node v0.8.27 and v0.10.29)

June 16th, 2014

Today we are releasing new versions of Node: node-v0.8.27 node-v0.10.29 First and foremost these releases address the current OpenSSL vulnerability CVE-2014-0224, for both 0.8 and 0.10 we’ve upgraded the version of the bundled OpenSSL to their fixed versions v1.0.0m and v1.0.1h respectively. Additionally these releases address the fact that V8 UTF-8 encoding would allow unmatched…

DoS Vulnerability (fixed in Node v0.8.26 and v0.10.21)

October 22nd, 2013

Node.js is vulnerable to a denial of service attack when a client sends many pipelined HTTP requests on a single connection, and the client does not read the responses from the connection. We recommend that anyone using Node.js v0.8 or v0.10 to run HTTP servers in production please update as soon as possible. v0.10.21 http://blog.nodejs.org/2013/10/18/node-v0-10-21-stable/…

HTTP Server Security Vulnerability: Please upgrade to 0.6.17

May 7th, 2012

tl;dr A carefully crafted attack request can cause the contents of the HTTP parser’s buffer to be appended to the attacking request’s header, making it appear to come from the attacker. Since it is generally safe to echo back contents of a request, this can allow an attacker to get an otherwise correctly designed server…

Page 7 of 7« First...34567