mirror of
https://github.com/nodejs/node.git
synced 2024-11-21 10:59:27 +00:00
e65ae42785
This is a security release.
Vulnerabilities fixed:
* **CVE-2019-15606**:
HTTP header values do not have trailing OWS trimmed.
* **CVE-2019-15605**:
HTTP request smuggling using malformed Transfer-Encoding header.
* **CVE-2019-15604**:
Remotely trigger an assertion on a TLS server with a malformed
certificate string.
Also, HTTP parsing is more strict to be more secure. Since this may
cause problems in interoperability with some non-conformant HTTP
implementations, it is possible to disable the strict checks with the
`--insecure-http-parser` command line flag, or the `insecureHTTPParser`
http option. Using the insecure HTTP parser should be avoided.
PR-URL: https://github.com/nodejs-private/node-private/pull/197
|
||
|---|---|---|
| .. | ||
| CHANGELOG_ARCHIVE.md | ||
| CHANGELOG_IOJS.md | ||
| CHANGELOG_V4.md | ||
| CHANGELOG_V5.md | ||
| CHANGELOG_V6.md | ||
| CHANGELOG_V7.md | ||
| CHANGELOG_V8.md | ||
| CHANGELOG_V9.md | ||
| CHANGELOG_V10.md | ||
| CHANGELOG_V11.md | ||
| CHANGELOG_V12.md | ||
| CHANGELOG_V13.md | ||
| CHANGELOG_V010.md | ||
| CHANGELOG_V012.md | ||