Path to this page:
Subject: CVS commit: pkgsrc/lang/nodejs
From: Adam Ciarcinski
Date: 2019-03-01 09:47:07
Message id: 20190301084708.0FD81FB16@cvs.NetBSD.org
Log Message:
nodejs: updated to 10.15.2
Version 10.15.2 'Dubnium' (LTS):
This is a security release. All Node.js users should consult the security \
release summary at:
https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/
for details on patched vulnerabilities.
A fix for the following CVE is included in this release:
Node.js: Slowloris HTTP Denial of Service with keep-alive (CVE-2019-5737)
Notable Changes
http: Further prevention of "Slowloris" attacks on HTTP and HTTPS \
connections by consistently applying the receive timeout set by \
server.headersTimeout to connections in keep-alive mode.
Files: